ecommercebackendapi-i2sw8b/app/api/endpoints/reviews.py

from typing import Any, List

from fastapi import APIRouter, Depends, HTTPException, status
from sqlalchemy.orm import Session

from app import crud, models, schemas
from app.api import deps

router = APIRouter()


@router.get("/product/{product_id}", response_model=List[schemas.Review])
def read_product_reviews(
    *,
    db: Session = Depends(deps.get_db),
    product_id: int,
    skip: int = 0,
    limit: int = 100,
) -> Any:
    """
    Retrieve reviews for a specific product.
    """
    # Check if product exists
    product = crud.product.get(db, id=product_id)
    if not product:
        raise HTTPException(
            status_code=status.HTTP_404_NOT_FOUND,
            detail="Product not found",
        )

    reviews = crud.review.get_reviews_by_product(
        db, product_id=product_id, skip=skip, limit=limit
    )
    return reviews


@router.post("/", response_model=schemas.Review)
def create_review(
    *,
    db: Session = Depends(deps.get_db),
    review_in: schemas.ReviewCreate,
    current_user: models.User = Depends(deps.get_current_active_user),
) -> Any:
    """
    Create a new review for a product.
    """
    # Check if product exists
    product = crud.product.get(db, id=review_in.product_id)
    if not product:
        raise HTTPException(
            status_code=status.HTTP_404_NOT_FOUND,
            detail="Product not found",
        )

    # Check if user has already reviewed this product
    existing_review = crud.review.get_user_review_for_product(
        db, user_id=current_user.id, product_id=review_in.product_id
    )
    if existing_review:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
            detail="You have already reviewed this product",
        )

    review = crud.review.create_user_review(
        db, obj_in=review_in, user_id=current_user.id
    )
    return review


@router.put("/{review_id}", response_model=schemas.Review)
def update_review(
    *,
    db: Session = Depends(deps.get_db),
    review_id: int,
    review_in: schemas.ReviewUpdate,
    current_user: models.User = Depends(deps.get_current_active_user),
) -> Any:
    """
    Update a review.
    """
    review = crud.review.get(db, id=review_id)
    if not review:
        raise HTTPException(
            status_code=status.HTTP_404_NOT_FOUND,
            detail="Review not found",
        )

    # Check if user is authorized to update this review
    if review.user_id != current_user.id and not current_user.is_admin:
        raise HTTPException(
            status_code=status.HTTP_403_FORBIDDEN,
            detail="Not enough permissions",
        )

    review = crud.review.update(db, db_obj=review, obj_in=review_in)
    return review


@router.delete("/{review_id}", status_code=status.HTTP_204_NO_CONTENT, response_model=None)
def delete_review(
    *,
    db: Session = Depends(deps.get_db),
    review_id: int,
    current_user: models.User = Depends(deps.get_current_active_user),
) -> None:
    """
    Delete a review.
    """
    review = crud.review.get(db, id=review_id)
    if not review:
        raise HTTPException(
            status_code=status.HTTP_404_NOT_FOUND,
            detail="Review not found",
        )

    # Check if user is authorized to delete this review
    if review.user_id != current_user.id and not current_user.is_admin:
        raise HTTPException(
            status_code=status.HTTP_403_FORBIDDEN,
            detail="Not enough permissions",
        )

    crud.review.remove(db, id=review_id)