"""API endpoints for receipts.""" from typing import List, Optional, Annotated from pathlib import Path from fastapi import APIRouter, Depends, HTTPException, UploadFile, File, Query, Header from fastapi.responses import FileResponse from sqlalchemy.ext.asyncio import AsyncSession from backend.modules.data_entry.db.database import get_session from backend.modules.data_entry.db.crud.receipt import ReceiptCRUD from backend.modules.data_entry.db.crud.attachment import AttachmentCRUD from backend.modules.data_entry.db.crud.accounting_entry import AccountingEntryCRUD from backend.modules.data_entry.services.receipt_service import ReceiptService from backend.modules.data_entry.services.nomenclature_service import NomenclatureService from backend.modules.data_entry.schemas.receipt import ( ReceiptCreate, ReceiptUpdate, ReceiptResponse, ReceiptListResponse, ReceiptFilter, AttachmentResponse, AccountingEntryResponse, WorkflowAction, RejectRequest, EntriesUpdateRequest, PartnerOption, AccountOption, CashRegisterOption, ExpenseTypeOption, ) from backend.modules.data_entry.db.models.receipt import ReceiptStatus, ReceiptDirection # Auth integration from shared.auth.dependencies import get_current_user from shared.auth.models import CurrentUser router = APIRouter() # ============ Helper for selected company from header ============ async def get_selected_company( current_user: CurrentUser = Depends(get_current_user), x_selected_company: Annotated[Optional[str], Header()] = None ) -> int: """ Get selected company from X-Selected-Company header. Validates that the user has access to the specified company. Falls back to user's first company if no header is provided. Raises: HTTPException 403: If user doesn't have access to specified company HTTPException 400: If user has no companies assigned """ if x_selected_company: try: company_id = int(x_selected_company) except ValueError: raise HTTPException( status_code=400, detail=f"Invalid company ID format: {x_selected_company}" ) # Validate user has access to this company # Auth stores companies as strings if str(company_id) in current_user.companies: return company_id raise HTTPException( status_code=403, detail=f"Nu aveți acces la firma {company_id}" ) # No header - use first company from user's list if current_user.companies: try: return int(current_user.companies[0]) except (ValueError, IndexError): pass raise HTTPException( status_code=400, detail="Nu aveți nicio firmă asignată" ) # Dependency for injection SelectedCompany = Annotated[int, Depends(get_selected_company)] # Legacy function for backwards compatibility (deprecated) def get_current_user_company(current_user: CurrentUser) -> int: """ DEPRECATED: Use get_selected_company() dependency instead. This function returns the first company, ignoring X-Selected-Company header. """ if current_user.companies: try: return int(current_user.companies[0]) except (ValueError, IndexError): return 1 return 1 # ============ Receipt CRUD Endpoints ============ @router.post("/", response_model=ReceiptResponse) async def create_receipt( data: ReceiptCreate, session: AsyncSession = Depends(get_session), current_user: CurrentUser = Depends(get_current_user), ): """Create a new receipt in DRAFT status.""" receipt = await ReceiptService.create_receipt(session, data, current_user.username) return ReceiptResponse.model_validate(receipt) @router.get("/", response_model=ReceiptListResponse) async def list_receipts( status: Optional[ReceiptStatus] = None, direction: Optional[ReceiptDirection] = None, company_id: Optional[int] = None, created_by: Optional[str] = None, date_from: Optional[str] = None, date_to: Optional[str] = None, search: Optional[str] = None, page: int = Query(default=1, ge=1), page_size: int = Query(default=20, ge=1, le=100), session: AsyncSession = Depends(get_session), selected_company: SelectedCompany = None, ): """Get paginated list of receipts with filters.""" from datetime import date as date_type filters = ReceiptFilter( status=status, direction=direction, company_id=company_id or selected_company, created_by=created_by, date_from=date_type.fromisoformat(date_from) if date_from else None, date_to=date_type.fromisoformat(date_to) if date_to else None, search=search, page=page, page_size=page_size, ) return await ReceiptService.get_receipts(session, filters) @router.get("/pending", response_model=List[ReceiptResponse]) async def list_pending_receipts( company_id: Optional[int] = None, session: AsyncSession = Depends(get_session), selected_company: SelectedCompany = None, ): """Get all receipts pending review (for accountant view).""" receipts = await ReceiptCRUD.get_pending_review( session, company_id or selected_company ) return [ReceiptResponse.model_validate(r) for r in receipts] @router.get("/stats") async def get_receipt_stats( company_id: Optional[int] = None, my_receipts: bool = False, session: AsyncSession = Depends(get_session), selected_company: SelectedCompany = None, current_user: CurrentUser = Depends(get_current_user), ): """Get receipt statistics.""" return await ReceiptCRUD.get_stats( session, company_id or selected_company, created_by=current_user.username if my_receipts else None, ) @router.get("/{receipt_id}", response_model=ReceiptResponse) async def get_receipt( receipt_id: int, session: AsyncSession = Depends(get_session), ): """Get receipt details with attachments and accounting entries.""" receipt = await ReceiptService.get_receipt(session, receipt_id) if not receipt: raise HTTPException(status_code=404, detail="Receipt not found") return ReceiptResponse.model_validate(receipt) @router.put("/{receipt_id}", response_model=ReceiptResponse) async def update_receipt( receipt_id: int, data: ReceiptUpdate, session: AsyncSession = Depends(get_session), current_user: CurrentUser = Depends(get_current_user), ): """Update receipt (only DRAFT status, only by creator).""" success, message, receipt = await ReceiptService.update_receipt( session, receipt_id, data, current_user.username ) if not success: raise HTTPException(status_code=400, detail=message) return ReceiptResponse.model_validate(receipt) @router.delete("/{receipt_id}") async def delete_receipt( receipt_id: int, session: AsyncSession = Depends(get_session), current_user: CurrentUser = Depends(get_current_user), ): """Delete receipt (only DRAFT status, only by creator).""" success, message = await ReceiptService.delete_receipt( session, receipt_id, current_user.username ) if not success: raise HTTPException(status_code=400, detail=message) return {"success": True, "message": message} # ============ Workflow Endpoints ============ @router.post("/{receipt_id}/submit", response_model=WorkflowAction) async def submit_receipt( receipt_id: int, session: AsyncSession = Depends(get_session), current_user: CurrentUser = Depends(get_current_user), ): """Submit receipt for review (DRAFT → PENDING_REVIEW).""" success, message, receipt = await ReceiptService.submit_for_review( session, receipt_id, current_user.username ) return WorkflowAction( success=success, message=message, receipt=ReceiptResponse.model_validate(receipt) if receipt else None, ) @router.post("/{receipt_id}/approve", response_model=WorkflowAction) async def approve_receipt( receipt_id: int, session: AsyncSession = Depends(get_session), current_user: CurrentUser = Depends(get_current_user), ): """Approve receipt (PENDING_REVIEW → APPROVED). Accountant action.""" success, message, receipt = await ReceiptService.approve_receipt( session, receipt_id, current_user.username ) return WorkflowAction( success=success, message=message, receipt=ReceiptResponse.model_validate(receipt) if receipt else None, ) @router.post("/{receipt_id}/reject", response_model=WorkflowAction) async def reject_receipt( receipt_id: int, data: RejectRequest, session: AsyncSession = Depends(get_session), current_user: CurrentUser = Depends(get_current_user), ): """Reject receipt (PENDING_REVIEW → REJECTED). Accountant action.""" success, message, receipt = await ReceiptService.reject_receipt( session, receipt_id, current_user.username, data.reason ) return WorkflowAction( success=success, message=message, receipt=ReceiptResponse.model_validate(receipt) if receipt else None, ) @router.post("/{receipt_id}/resubmit", response_model=WorkflowAction) async def resubmit_receipt( receipt_id: int, session: AsyncSession = Depends(get_session), current_user: CurrentUser = Depends(get_current_user), ): """Resubmit rejected receipt after corrections (REJECTED → PENDING_REVIEW).""" success, message, receipt = await ReceiptService.resubmit_receipt( session, receipt_id, current_user.username ) return WorkflowAction( success=success, message=message, receipt=ReceiptResponse.model_validate(receipt) if receipt else None, ) @router.post("/{receipt_id}/unapprove", response_model=WorkflowAction) async def unapprove_receipt( receipt_id: int, session: AsyncSession = Depends(get_session), current_user: CurrentUser = Depends(get_current_user), ): """Unapprove receipt (APPROVED → PENDING_REVIEW). Returns to pending for corrections.""" success, message, receipt = await ReceiptService.unapprove_receipt( session, receipt_id, current_user.username ) return WorkflowAction( success=success, message=message, receipt=ReceiptResponse.model_validate(receipt) if receipt else None, ) # ============ Accounting Entries Endpoints ============ @router.get("/{receipt_id}/entries", response_model=List[AccountingEntryResponse]) async def get_receipt_entries( receipt_id: int, session: AsyncSession = Depends(get_session), ): """Get accounting entries for a receipt.""" entries = await AccountingEntryCRUD.get_by_receipt_id(session, receipt_id) return [AccountingEntryResponse.model_validate(e) for e in entries] @router.put("/{receipt_id}/entries", response_model=List[AccountingEntryResponse]) async def update_receipt_entries( receipt_id: int, data: EntriesUpdateRequest, session: AsyncSession = Depends(get_session), current_user: CurrentUser = Depends(get_current_user), ): """Update accounting entries for a receipt (accountant action).""" success, message, entries = await ReceiptService.update_entries( session, receipt_id, data.entries, current_user.username ) if not success: raise HTTPException(status_code=400, detail=message) return [AccountingEntryResponse.model_validate(e) for e in entries] @router.post("/{receipt_id}/entries/regenerate", response_model=List[AccountingEntryResponse]) async def regenerate_entries( receipt_id: int, session: AsyncSession = Depends(get_session), current_user: CurrentUser = Depends(get_current_user), ): """Regenerate accounting entries based on receipt data.""" success, message, _ = await ReceiptService.regenerate_entries( session, receipt_id, current_user.username ) if not success: raise HTTPException(status_code=400, detail=message) entries = await AccountingEntryCRUD.get_by_receipt_id(session, receipt_id) return [AccountingEntryResponse.model_validate(e) for e in entries] # ============ Attachment Endpoints ============ @router.post("/{receipt_id}/attachments", response_model=AttachmentResponse) async def upload_attachment( receipt_id: int, file: UploadFile = File(...), session: AsyncSession = Depends(get_session), current_user: CurrentUser = Depends(get_current_user), ): """Upload attachment for a receipt.""" # Check receipt exists and user can modify it receipt = await ReceiptCRUD.get_by_id(session, receipt_id, include_relations=False) if not receipt: raise HTTPException(status_code=404, detail="Receipt not found") # Only allow uploads for DRAFT and REJECTED receipts if receipt.status not in [ReceiptStatus.DRAFT, ReceiptStatus.REJECTED]: raise HTTPException( status_code=400, detail="Cannot upload attachments for this receipt status" ) # Only creator can upload if receipt.created_by != current_user.username: raise HTTPException( status_code=403, detail="Only the creator can upload attachments" ) try: attachment = await AttachmentCRUD.create(session, receipt_id, file) return AttachmentResponse.model_validate(attachment) except ValueError as e: raise HTTPException(status_code=400, detail=str(e)) @router.get("/{receipt_id}/attachments", response_model=List[AttachmentResponse]) async def list_attachments( receipt_id: int, session: AsyncSession = Depends(get_session), ): """Get all attachments for a receipt.""" attachments = await AttachmentCRUD.get_by_receipt_id(session, receipt_id) return [AttachmentResponse.model_validate(a) for a in attachments] @router.get("/attachments/{attachment_id}/download") async def download_attachment( attachment_id: int, session: AsyncSession = Depends(get_session), ): """Download an attachment file.""" attachment = await AttachmentCRUD.get_by_id(session, attachment_id) if not attachment: raise HTTPException(status_code=404, detail="Attachment not found") file_path = AttachmentCRUD.get_file_path(attachment) if not file_path.exists(): raise HTTPException(status_code=404, detail="File not found on disk") return FileResponse( path=str(file_path), filename=attachment.filename, media_type=attachment.mime_type, ) @router.delete("/attachments/{attachment_id}") async def delete_attachment( attachment_id: int, session: AsyncSession = Depends(get_session), current_user: CurrentUser = Depends(get_current_user), ): """Delete an attachment.""" attachment = await AttachmentCRUD.get_by_id(session, attachment_id) if not attachment: raise HTTPException(status_code=404, detail="Attachment not found") # Get receipt to check permissions receipt = await ReceiptCRUD.get_by_id(session, attachment.receipt_id, include_relations=False) if not receipt: raise HTTPException(status_code=404, detail="Receipt not found") # Only allow deletion for DRAFT receipts by creator if receipt.status != ReceiptStatus.DRAFT: raise HTTPException( status_code=400, detail="Cannot delete attachments for this receipt status" ) if receipt.created_by != current_user.username: raise HTTPException( status_code=403, detail="Only the creator can delete attachments" ) await AttachmentCRUD.delete(session, attachment) return {"success": True, "message": "Attachment deleted"} # ============ Nomenclature Endpoints ============ @router.get("/nomenclature/partners", response_model=List[PartnerOption]) async def get_partners( search: Optional[str] = None, company_id: Optional[int] = None, session: AsyncSession = Depends(get_session), selected_company: SelectedCompany = None, ): """Get partners (suppliers/customers) for dropdown.""" return await NomenclatureService.get_partners( company_id or selected_company, search, session ) @router.get("/nomenclature/accounts", response_model=List[AccountOption]) async def get_accounts( prefix: Optional[str] = None, company_id: Optional[int] = None, selected_company: SelectedCompany = None, ): """Get chart of accounts for dropdown.""" return await NomenclatureService.get_accounts( company_id or selected_company, prefix ) @router.get("/nomenclature/cash-registers", response_model=List[CashRegisterOption]) async def get_cash_registers( company_id: Optional[int] = None, session: AsyncSession = Depends(get_session), selected_company: SelectedCompany = None, ): """Get cash registers and bank accounts for dropdown.""" return await NomenclatureService.get_cash_registers(company_id or selected_company, session) @router.get("/nomenclature/expense-types", response_model=List[ExpenseTypeOption]) async def get_expense_types(): """Get predefined expense types for dropdown.""" return await NomenclatureService.get_expense_types()