from typing import Any, List from fastapi import APIRouter, Depends, HTTPException, status from sqlalchemy.orm import Session from app import crud, models, schemas from app.auth import deps from app.db.session import get_db router = APIRouter() @router.get("/", response_model=List[schemas.Comment]) def read_comments( db: Session = Depends(get_db), skip: int = 0, limit: int = 100, current_user: models.User = Depends(deps.get_current_active_superuser), ) -> Any: """ Retrieve comments. Only superusers can see all comments. """ comments = crud.comment.get_multi(db, skip=skip, limit=limit) return comments @router.post("/", response_model=schemas.Comment) def create_comment( *, db: Session = Depends(get_db), comment_in: schemas.CommentCreate, current_user: models.User = Depends(deps.get_current_active_user), ) -> Any: """ Create new comment. """ post = crud.post.get(db, id=comment_in.post_id) if not post: raise HTTPException( status_code=status.HTTP_404_NOT_FOUND, detail="Post not found", ) comment = crud.comment.create_with_author( db=db, obj_in=comment_in, author_id=current_user.id ) return comment @router.get("/{comment_id}", response_model=schemas.Comment) def read_comment( *, db: Session = Depends(get_db), comment_id: str, ) -> Any: """ Get comment by ID. """ comment = crud.comment.get(db, id=comment_id) if not comment: raise HTTPException( status_code=status.HTTP_404_NOT_FOUND, detail="Comment not found", ) return comment @router.put("/{comment_id}", response_model=schemas.Comment) def update_comment( *, db: Session = Depends(get_db), comment_id: str, comment_in: schemas.CommentUpdate, current_user: models.User = Depends(deps.get_current_active_user), ) -> Any: """ Update a comment. """ comment = crud.comment.get(db, id=comment_id) if not comment: raise HTTPException( status_code=status.HTTP_404_NOT_FOUND, detail="Comment not found", ) if comment.author_id != current_user.id and not current_user.is_superuser: raise HTTPException( status_code=status.HTTP_403_FORBIDDEN, detail="You can only update your own comments", ) comment = crud.comment.update(db, db_obj=comment, obj_in=comment_in) return comment @router.delete("/{comment_id}", response_model=schemas.Comment) def delete_comment( *, db: Session = Depends(get_db), comment_id: str, current_user: models.User = Depends(deps.get_current_active_user), ) -> Any: """ Delete a comment. """ comment = crud.comment.get(db, id=comment_id) if not comment: raise HTTPException( status_code=status.HTTP_404_NOT_FOUND, detail="Comment not found", ) if comment.author_id != current_user.id and not current_user.is_superuser: raise HTTPException( status_code=status.HTTP_403_FORBIDDEN, detail="You can only delete your own comments", ) comment = crud.comment.remove(db, id=comment_id) return comment @router.get("/post/{post_id}", response_model=List[schemas.Comment]) def read_comments_by_post( post_id: str, db: Session = Depends(get_db), skip: int = 0, limit: int = 100, ) -> Any: """ Retrieve comments by post. """ post = crud.post.get(db, id=post_id) if not post: raise HTTPException( status_code=status.HTTP_404_NOT_FOUND, detail="Post not found", ) comments = crud.comment.get_multi_by_post( db=db, post_id=post_id, skip=skip, limit=limit ) return comments @router.get("/user/{user_id}", response_model=List[schemas.Comment]) def read_comments_by_user( user_id: str, db: Session = Depends(get_db), skip: int = 0, limit: int = 100, current_user: models.User = Depends(deps.get_current_active_user), ) -> Any: """ Retrieve comments by user. """ if current_user.id != user_id and not current_user.is_superuser: raise HTTPException( status_code=status.HTTP_403_FORBIDDEN, detail="You can only view your own comments", ) user = crud.user.get(db, id=user_id) if not user: raise HTTPException( status_code=status.HTTP_404_NOT_FOUND, detail="User not found", ) comments = crud.comment.get_multi_by_author( db=db, author_id=user_id, skip=skip, limit=limit ) return comments