Эхлэл Бүгдийг харах Тусламж
Нэвтрэх
git
/
radionica3d
1
0
Салаа 0
Файлууд Асуудлууд 0 Хуулах хүсэлтүүд 0 Мэдлэгийн сан
Мод: 392688c19d
Салаанууд Тагууд
radionica3d
/
backend
/
routers
/
portfolio.py

portfolio.py 2.7 KB
Түүх Анхны өгөгдөл

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657 
  1. from fastapi import APIRouter, Depends, HTTPException, Form, UploadFile, File
    2. 

  2. import db
    3. 

  3. import schemas
    4. 

  4. import auth_utils
    5. 

  5. import config
    6. 

  6. import os
    7. 

  7. import uuid
    8. 

  8. import shutil
    9. 

  9. 

  10. router = APIRouter(tags=["portfolio"])
    11. 

  11. 

  12. @router.get("/portfolio")
    13. 

  13. async def get_public_portfolio():
    14. 

  14.     query = """
    15. 

  15.     SELECT p.id, p.file_path, o.material_name, o.id as order_id
    16. 

  16.     FROM order_photos p
    17. 

  17.     JOIN orders o ON p.order_id = o.id
    18. 

  18.     WHERE p.is_public = TRUE AND o.allow_portfolio = TRUE
    19. 

  19.     ORDER BY p.created_at DESC
    20. 

  20.     """
    21. 

  21.     return db.execute_query(query)
    22. 

  22. 

  23. @router.post("/admin/orders/{order_id}/photos")
    24. 

  24. async def admin_upload_order_photo(
    25. 

  25.     order_id: int, 
    26. 

  26.     is_public: bool = Form(False),
    27. 

  27.     file: UploadFile = File(...), 
    28. 

  28.     token: str = Depends(auth_utils.oauth2_scheme)
    29. 

  29. ):
    30. 

  30.     payload = auth_utils.decode_token(token)
    31. 

  31.     if not payload or payload.get("role") != 'admin':
    32. 

  32.         raise HTTPException(status_code=403, detail="Admin role required")
    33. 

  33.     order = db.execute_query("SELECT allow_portfolio FROM orders WHERE id = %s", (order_id,))
    34. 

  34.     if not order: raise HTTPException(status_code=404, detail="Order not found")
    35. 

  35.     if is_public and not order[0]['allow_portfolio']:
    36. 

  36.          raise HTTPException(status_code=400, detail="Cannot make public: User did not consent to portfolio usage")
    37. 

  37.     if not file.filename: raise HTTPException(status_code=400, detail="Invalid file")
    38. 

  38.     unique_filename = f"{uuid.uuid4()}{os.path.splitext(file.filename)[1]}"
    39. 

  39.     file_path = os.path.join(config.UPLOAD_DIR, unique_filename).replace("\\", "/")
    40. 

  40.     with open(file_path, "wb") as buffer:
    41. 

  41.         shutil.copyfileobj(file.file, buffer)
    42. 

  42.     query = "INSERT INTO order_photos (order_id, file_path, is_public) VALUES (%s, %s, %s)"
    43. 

  43.     photo_id = db.execute_commit(query, (order_id, file_path, is_public))
    44. 

  44.     return {"id": photo_id, "file_path": file_path, "is_public": is_public}
    45. 

  45. 

  46. @router.patch("/admin/photos/{photo_id}")
    47. 

  47. async def admin_update_photo_status(photo_id: int, data: schemas.PhotoUpdate, token: str = Depends(auth_utils.oauth2_scheme)):
    48. 

  48.     payload = auth_utils.decode_token(token)
    49. 

  49.     if not payload or payload.get("role") != 'admin':
    50. 

  50.         raise HTTPException(status_code=403, detail="Admin role required")
    51. 

  51.     query = "SELECT p.*, o.allow_portfolio FROM order_photos p JOIN orders o ON p.order_id = o.id WHERE p.id = %s"
    52. 

  52.     photo_data = db.execute_query(query, (photo_id,))
    53. 

  53.     if not photo_data: raise HTTPException(status_code=404, detail="Photo not found")
    54. 

  54.     if data.is_public and not photo_data[0]['allow_portfolio']:
    55. 

  55.         raise HTTPException(status_code=400, detail="Cannot make public: User did not consent to portfolio usage")
    56. 

  56.     db.execute_commit("UPDATE order_photos SET is_public = %s WHERE id = %s", (data.is_public, photo_id))
    57. 

  57.     return {"id": photo_id, "is_public": data.is_public}
    58.