Files
Aislo/B01_Dashboard/B01_Dashboard_Router.py

442 lines
16 KiB
Python

"""B01_Dashboard 역할별 대시보드 API."""
from typing import Any
from fastapi import APIRouter, Depends, HTTPException, Query
from common_util.common_util_auth import require_system_admin, verify_session
from .B01_Dashboard_Repository import (
add_company_member,
assign_user_company,
change_user_role,
count_company_admins,
create_company,
create_project_automation,
create_system_company,
delete_project_automation,
get_dashboard_me,
get_project,
get_project_automation,
get_system_resources,
get_user_admin_target,
get_user_company,
join_company,
list_all_companies,
list_all_projects,
list_all_users,
list_audit_logs,
list_company_members,
list_company_projects,
list_join_requests,
list_project_automations,
list_user_projects,
mark_project_automation_executed,
process_join_request,
remove_company_member,
search_companies,
soft_delete_project,
update_admin_user,
update_project,
update_project_automation,
update_user_profile,
)
from .B01_Dashboard_Schema import (
AddMemberRequest,
AdminUpdateUserRequest,
AssignCompanyRequest,
AutomationRequest,
ChangeUserRoleRequest,
CreateCompanyRequest,
JoinCompanyRequest,
ProcessJoinRequest,
UpdateProjectRequest,
UpdateUserRequest,
)
router = APIRouter(prefix="/api/dashboard", tags=["B01_Dashboard"])
async def require_company_admin(
session: dict[str, Any] = Depends(verify_session),
) -> dict[str, Any]:
if session["role"] not in ("ADMIN", "SYSTEM_ADMIN") and not session["is_master"]:
raise HTTPException(status_code=403, detail="회사 관리자 권한이 필요합니다.")
return session
def _require_company_id(session: dict[str, Any]) -> int:
company_id = session.get("company_id")
if company_id is None:
raise HTTPException(status_code=403, detail="회사 연결이 필요합니다.")
return int(company_id)
def _same_company(session: dict[str, Any], company_id: int | None) -> bool:
return company_id is not None and int(session.get("company_id") or 0) == int(company_id)
def _can_edit_project(session: dict[str, Any], project: dict[str, Any]) -> bool:
if session["role"] == "SYSTEM_ADMIN":
return True
if session["role"] == "ADMIN":
return _same_company(session, project.get("company_id"))
return False
def _can_manage_automation(session: dict[str, Any], project: dict[str, Any]) -> bool:
if session["role"] == "SYSTEM_ADMIN":
return True
return session["role"] == "ADMIN" and _same_company(session, project.get("company_id"))
def _can_edit_user(session: dict[str, Any], target: dict[str, Any]) -> bool:
if session["role"] == "SYSTEM_ADMIN":
return True
if session["role"] == "ADMIN":
return _same_company(session, target.get("company_id"))
return int(session["user_id"]) == int(target["id"])
@router.get("/me")
async def dashboard_me(session: dict[str, Any] = Depends(verify_session)):
user = await get_dashboard_me(int(session["user_id"]))
if not user:
raise HTTPException(status_code=404, detail="사용자 정보를 찾을 수 없습니다.")
return {"status": "success", "user": user}
@router.patch("/me")
async def patch_dashboard_me(
payload: UpdateUserRequest,
session: dict[str, Any] = Depends(verify_session),
):
user = await update_user_profile(int(session["user_id"]), payload.model_dump())
return {"status": "success", "user": user}
@router.get("/user/projects")
async def user_projects(session: dict[str, Any] = Depends(verify_session)):
return {"status": "success", "projects": await list_user_projects(int(session["user_id"]))}
@router.get("/user/company")
async def user_company(session: dict[str, Any] = Depends(verify_session)):
return {"status": "success", "company": await get_user_company(session.get("company_id"))}
@router.get("/user/companies")
async def user_company_search(
q: str = Query(min_length=1, max_length=100),
session: dict[str, Any] = Depends(verify_session),
):
_ = session
return {"status": "success", "companies": await search_companies(q.strip())}
@router.post("/user/company/create")
async def user_company_create(
payload: CreateCompanyRequest,
session: dict[str, Any] = Depends(verify_session),
):
result = await create_company(int(session["user_id"]), payload.model_dump())
return {"status": "success", **result}
@router.post("/user/company/join")
async def user_company_join(
payload: JoinCompanyRequest,
session: dict[str, Any] = Depends(verify_session),
):
result = await join_company(int(session["user_id"]), payload.company_id)
return {"status": "success", **result}
@router.get("/admin/members")
async def admin_members(session: dict[str, Any] = Depends(require_company_admin)):
return {
"status": "success",
"members": await list_company_members(_require_company_id(session)),
}
@router.post("/admin/members")
async def admin_add_member(
payload: AddMemberRequest,
session: dict[str, Any] = Depends(require_company_admin),
):
member = await add_company_member(_require_company_id(session), payload.email)
if not member:
raise HTTPException(status_code=409, detail="사용자를 찾을 수 없거나 이미 팀원입니다.")
return {"status": "success", "member": member}
@router.delete("/admin/members/{user_id}")
async def admin_remove_member(
user_id: int, session: dict[str, Any] = Depends(require_company_admin)
):
if not await remove_company_member(_require_company_id(session), user_id):
raise HTTPException(status_code=404, detail="제거할 팀원을 찾을 수 없습니다.")
return {"status": "success"}
@router.get("/admin/join-requests")
async def admin_join_requests(session: dict[str, Any] = Depends(require_company_admin)):
return {"status": "success", "requests": await list_join_requests(_require_company_id(session))}
@router.patch("/admin/join-requests/{request_id}")
async def admin_process_join_request(
request_id: int,
payload: ProcessJoinRequest,
session: dict[str, Any] = Depends(require_company_admin),
):
company_id = None if session["role"] == "SYSTEM_ADMIN" else _require_company_id(session)
changed = await process_join_request(
request_id,
int(session["user_id"]),
payload.action == "APPROVE",
company_id,
)
if not changed:
raise HTTPException(status_code=404, detail="처리할 가입 신청을 찾을 수 없습니다.")
return {"status": "success"}
@router.get("/admin/projects")
async def admin_projects(session: dict[str, Any] = Depends(require_company_admin)):
return {
"status": "success",
"projects": await list_company_projects(_require_company_id(session)),
}
@router.put("/projects/{project_id}")
async def dashboard_update_project(
project_id: str,
payload: UpdateProjectRequest,
session: dict[str, Any] = Depends(verify_session),
):
project = await get_project(project_id)
if not project:
raise HTTPException(status_code=404, detail="프로젝트를 찾을 수 없습니다.")
if not _can_edit_project(session, project):
raise HTTPException(status_code=403, detail="프로젝트 수정 권한이 없습니다.")
if not await update_project(project_id, payload.model_dump(), int(session["user_id"])):
raise HTTPException(status_code=404, detail="프로젝트를 찾을 수 없습니다.")
return {"status": "success"}
@router.delete("/projects/{project_id}")
async def dashboard_delete_project(
project_id: str,
session: dict[str, Any] = Depends(verify_session),
):
project = await get_project(project_id)
if not project:
raise HTTPException(status_code=404, detail="프로젝트를 찾을 수 없습니다.")
can_del = False
if session["role"] == "SYSTEM_ADMIN":
can_del = True
# 나중에 ADMIN도 소유 프로젝트 삭제 허용할 수 있으므로 주석 처리
# elif session["role"] == "ADMIN":
# if int(project.get("user_id") or 0) == int(session["user_id"]):
# can_del = True
if not can_del:
raise HTTPException(status_code=403, detail="프로젝트 삭제 권한이 없습니다.")
if not await soft_delete_project(project_id, int(session["user_id"])):
raise HTTPException(status_code=404, detail="프로젝트를 찾을 수 없습니다.")
return {"status": "success"}
@router.get("/admin/companies")
async def system_companies(session: dict[str, Any] = Depends(require_system_admin)):
_ = session
return {"status": "success", "companies": await list_all_companies()}
@router.post("/admin/companies")
async def system_create_company(
payload: CreateCompanyRequest,
session: dict[str, Any] = Depends(require_system_admin),
):
result = await create_company(int(session["user_id"]), payload.model_dump())
return {"status": "success", **result}
@router.get("/admin/users")
async def system_users(session: dict[str, Any] = Depends(require_system_admin)):
_ = session
return {"status": "success", "users": await list_all_users()}
@router.patch("/admin/users/{user_id}/role")
async def system_change_role(
user_id: int,
payload: ChangeUserRoleRequest,
session: dict[str, Any] = Depends(require_system_admin),
):
target = await get_user_admin_target(user_id)
if not target:
raise HTTPException(status_code=404, detail="사용자를 찾을 수 없습니다.")
if payload.role == "SYSTEM_ADMIN" or target["role"] == "SYSTEM_ADMIN":
raise HTTPException(
status_code=403, detail="시스템 관리자 역할은 API에서 변경할 수 없습니다."
)
if not await change_user_role(user_id, payload.role):
raise HTTPException(status_code=404, detail="사용자를 찾을 수 없습니다.")
return {"status": "success"}
@router.put("/admin/users/{user_id}")
async def admin_update_user(
user_id: int,
payload: AdminUpdateUserRequest,
session: dict[str, Any] = Depends(verify_session),
):
target = await get_user_admin_target(user_id)
if not target:
raise HTTPException(status_code=404, detail="사용자를 찾을 수 없습니다.")
if not _can_edit_user(session, target):
raise HTTPException(status_code=403, detail="사용자 수정 권한이 없습니다.")
data = payload.model_dump()
if session["role"] == "USER":
data["status"] = None
if not await update_admin_user(user_id, data):
raise HTTPException(status_code=404, detail="사용자를 찾을 수 없습니다.")
return {"status": "success"}
@router.patch("/admin/users/{user_id}/company")
async def system_assign_company(
user_id: int,
payload: AssignCompanyRequest,
session: dict[str, Any] = Depends(require_system_admin),
):
_ = session
if not await assign_user_company(user_id, payload.company_id):
raise HTTPException(status_code=404, detail="사용자를 찾을 수 없습니다.")
return {"status": "success"}
@router.get("/admin/join-requests-all")
async def system_join_requests(session: dict[str, Any] = Depends(require_system_admin)):
_ = session
return {"status": "success", "requests": await list_join_requests()}
@router.patch("/admin/join-requests/{request_id}/approve")
async def system_approve_join_request(
request_id: int,
session: dict[str, Any] = Depends(require_system_admin),
):
if not await process_join_request(request_id, int(session["user_id"]), True):
raise HTTPException(status_code=404, detail="처리할 가입 신청을 찾을 수 없습니다.")
return {"status": "success"}
@router.get("/admin/audit-logs")
async def system_audit_logs(
page: int = Query(1, ge=1),
limit: int = Query(50, ge=1, le=100),
session: dict[str, Any] = Depends(require_system_admin),
):
_ = session
return {"status": "success", **await list_audit_logs(limit, (page - 1) * limit)}
@router.get("/admin/resources")
async def system_resources(
days: int = Query(30, ge=1, le=90),
session: dict[str, Any] = Depends(require_system_admin),
):
_ = session
return {"status": "success", **await get_system_resources(days)}
@router.get("/admin/projects-all")
async def system_projects(session: dict[str, Any] = Depends(require_system_admin)):
_ = session
return {"status": "success", "projects": await list_all_projects()}
@router.get("/projects/{project_id}/automations")
async def dashboard_project_automations(
project_id: str,
session: dict[str, Any] = Depends(verify_session),
):
project = await get_project(project_id)
if not project:
raise HTTPException(status_code=404, detail="프로젝트를 찾을 수 없습니다.")
if not _can_edit_project(session, project):
raise HTTPException(status_code=403, detail="자동화 로직 조회 권한이 없습니다.")
return {"status": "success", "automations": await list_project_automations(project_id)}
@router.post("/projects/{project_id}/automations")
async def dashboard_create_automation(
project_id: str,
payload: AutomationRequest,
session: dict[str, Any] = Depends(verify_session),
):
project = await get_project(project_id)
if not project:
raise HTTPException(status_code=404, detail="프로젝트를 찾을 수 없습니다.")
if not _can_manage_automation(session, project):
raise HTTPException(status_code=403, detail="자동화 로직 생성 권한이 없습니다.")
automation = await create_project_automation(
project_id, int(session["user_id"]), payload.model_dump()
)
return {"status": "success", "automation": automation}
@router.put("/automations/{automation_id}")
async def dashboard_update_automation(
automation_id: int,
payload: AutomationRequest,
session: dict[str, Any] = Depends(verify_session),
):
automation = await get_project_automation(automation_id)
if not automation:
raise HTTPException(status_code=404, detail="자동화 로직을 찾을 수 없습니다.")
if not _can_manage_automation(session, automation):
raise HTTPException(status_code=403, detail="자동화 로직 수정 권한이 없습니다.")
if not await update_project_automation(
automation_id, int(session["user_id"]), payload.model_dump()
):
raise HTTPException(status_code=404, detail="자동화 로직을 찾을 수 없습니다.")
return {"status": "success"}
@router.delete("/automations/{automation_id}")
async def dashboard_delete_automation(
automation_id: int,
session: dict[str, Any] = Depends(verify_session),
):
automation = await get_project_automation(automation_id)
if not automation:
raise HTTPException(status_code=404, detail="자동화 로직을 찾을 수 없습니다.")
if not _can_manage_automation(session, automation):
raise HTTPException(status_code=403, detail="자동화 로직 삭제 권한이 없습니다.")
if not await delete_project_automation(automation_id, int(session["user_id"])):
raise HTTPException(status_code=404, detail="자동화 로직을 찾을 수 없습니다.")
return {"status": "success"}
@router.post("/automations/{automation_id}/execute")
async def dashboard_execute_automation(
automation_id: int,
session: dict[str, Any] = Depends(verify_session),
):
automation = await get_project_automation(automation_id)
if not automation:
raise HTTPException(status_code=404, detail="자동화 로직을 찾을 수 없습니다.")
if not _can_manage_automation(session, automation):
raise HTTPException(status_code=403, detail="자동화 로직 실행 권한이 없습니다.")
if not await mark_project_automation_executed(automation_id, int(session["user_id"])):
raise HTTPException(status_code=404, detail="자동화 로직을 찾을 수 없습니다.")
return {"status": "success"}