feat: implement core backend API structure and frontend service layer for case management and authentication
This commit is contained in:
@@ -5,6 +5,7 @@ from werkzeug.utils import secure_filename
|
||||
from datetime import datetime
|
||||
|
||||
from ..db import get_db_connection, release_db_connection
|
||||
from ..middleware import token_required
|
||||
|
||||
cases_blueprint = Blueprint('cases', __name__)
|
||||
|
||||
@@ -24,7 +25,8 @@ def serialize_case(row):
|
||||
|
||||
# ---------- CASE CRUD ----------
|
||||
@cases_blueprint.route('/cases', methods=['GET'])
|
||||
def list_cases():
|
||||
@token_required
|
||||
def list_cases(current_user_id):
|
||||
# optional filters: ?article=...&status=...&platform=...
|
||||
article = request.args.get('article')
|
||||
status = request.args.get('status')
|
||||
@@ -32,8 +34,8 @@ def list_cases():
|
||||
conn = get_db_connection()
|
||||
cur = conn.cursor()
|
||||
query = "SELECT id, platform, violator_url, violator_article, my_article, comment, status, created_at, updated_at FROM cases"
|
||||
params = []
|
||||
conditions = []
|
||||
params = [current_user_id]
|
||||
conditions = ["user_id = %s"]
|
||||
if article:
|
||||
conditions.append("violator_article = %s")
|
||||
params.append(article)
|
||||
@@ -52,7 +54,8 @@ def list_cases():
|
||||
return jsonify([serialize_case(r) for r in rows])
|
||||
|
||||
@cases_blueprint.route('/cases', methods=['POST'])
|
||||
def create_case():
|
||||
@token_required
|
||||
def create_case(current_user_id):
|
||||
data = request.json
|
||||
required = ["platform", "violator_url", "violator_article"]
|
||||
for f in required:
|
||||
@@ -61,9 +64,10 @@ def create_case():
|
||||
conn = get_db_connection()
|
||||
cur = conn.cursor()
|
||||
cur.execute(
|
||||
"""INSERT INTO cases (platform, violator_url, violator_article, my_article, comment, status)
|
||||
VALUES (%s, %s, %s, %s, %s, %s) RETURNING id""",
|
||||
"""INSERT INTO cases (user_id, platform, violator_url, violator_article, my_article, comment, status)
|
||||
VALUES (%s, %s, %s, %s, %s, %s, %s) RETURNING id""",
|
||||
(
|
||||
current_user_id,
|
||||
data.get('platform'),
|
||||
data.get('violator_url'),
|
||||
data.get('violator_article'),
|
||||
@@ -78,10 +82,11 @@ def create_case():
|
||||
return jsonify({"id": case_id}), 201
|
||||
|
||||
@cases_blueprint.route('/cases/<int:case_id>', methods=['GET'])
|
||||
def get_case(case_id):
|
||||
@token_required
|
||||
def get_case(current_user_id, case_id):
|
||||
conn = get_db_connection()
|
||||
cur = conn.cursor()
|
||||
cur.execute("SELECT id, platform, violator_url, violator_article, my_article, comment, status, created_at, updated_at FROM cases WHERE id = %s", (case_id,))
|
||||
cur.execute("SELECT id, platform, violator_url, violator_article, my_article, comment, status, created_at, updated_at FROM cases WHERE id = %s AND user_id = %s", (case_id, current_user_id))
|
||||
row = cur.fetchone()
|
||||
release_db_connection(conn)
|
||||
if not row:
|
||||
@@ -89,7 +94,8 @@ def get_case(case_id):
|
||||
return jsonify(serialize_case(row))
|
||||
|
||||
@cases_blueprint.route('/cases/<int:case_id>', methods=['PUT'])
|
||||
def update_case(case_id):
|
||||
@token_required
|
||||
def update_case(current_user_id, case_id):
|
||||
data = request.json
|
||||
fields = []
|
||||
params = []
|
||||
@@ -100,27 +106,29 @@ def update_case(case_id):
|
||||
params.append(data[f])
|
||||
if not fields:
|
||||
return jsonify({"error": "No updatable fields provided"}), 400
|
||||
params.append(case_id)
|
||||
params.extend([case_id, current_user_id])
|
||||
conn = get_db_connection()
|
||||
cur = conn.cursor()
|
||||
cur.execute(f"UPDATE cases SET {', '.join(fields)}, updated_at = %s WHERE id = %s",
|
||||
(*params[:-1], datetime.utcnow(), case_id))
|
||||
cur.execute(f"UPDATE cases SET {', '.join(fields)}, updated_at = %s WHERE id = %s AND user_id = %s",
|
||||
(*params[:-2], datetime.utcnow(), case_id, current_user_id))
|
||||
conn.commit()
|
||||
release_db_connection(conn)
|
||||
return jsonify({"message": "Case updated"})
|
||||
|
||||
@cases_blueprint.route('/cases/<int:case_id>', methods=['DELETE'])
|
||||
def delete_case(case_id):
|
||||
@token_required
|
||||
def delete_case(current_user_id, case_id):
|
||||
conn = get_db_connection()
|
||||
cur = conn.cursor()
|
||||
cur.execute("DELETE FROM cases WHERE id = %s", (case_id,))
|
||||
cur.execute("DELETE FROM cases WHERE id = %s AND user_id = %s", (case_id, current_user_id))
|
||||
conn.commit()
|
||||
release_db_connection(conn)
|
||||
return jsonify({"message": "Case deleted"})
|
||||
|
||||
# ---------- FILE UPLOAD ----------
|
||||
@cases_blueprint.route('/cases/<int:case_id>/files', methods=['POST'])
|
||||
def upload_files(case_id):
|
||||
@token_required
|
||||
def upload_files(current_user_id, case_id):
|
||||
if 'files' not in request.files:
|
||||
return jsonify({"error": "No files part in request"}), 400
|
||||
files = request.files.getlist('files')
|
||||
@@ -128,6 +136,13 @@ def upload_files(case_id):
|
||||
upload_folder = current_app.config['UPLOAD_FOLDER']
|
||||
conn = get_db_connection()
|
||||
cur = conn.cursor()
|
||||
|
||||
# Check ownership
|
||||
cur.execute("SELECT id FROM cases WHERE id = %s AND user_id = %s", (case_id, current_user_id))
|
||||
if not cur.fetchone():
|
||||
release_db_connection(conn)
|
||||
return jsonify({"error": "Case not found"}), 404
|
||||
|
||||
for f in files:
|
||||
if f.filename == '':
|
||||
continue
|
||||
@@ -149,10 +164,11 @@ def upload_files(case_id):
|
||||
|
||||
# Get files for a case
|
||||
@cases_blueprint.route('/cases/<int:case_id>/files', methods=['GET'])
|
||||
def list_files(case_id):
|
||||
@token_required
|
||||
def list_files(current_user_id, case_id):
|
||||
conn = get_db_connection()
|
||||
cur = conn.cursor()
|
||||
cur.execute("SELECT id, file_path, uploaded_at FROM files WHERE case_id = %s", (case_id,))
|
||||
cur.execute("SELECT f.id, f.file_path, f.uploaded_at FROM files f JOIN cases c ON f.case_id = c.id WHERE f.case_id = %s AND c.user_id = %s", (case_id, current_user_id))
|
||||
rows = cur.fetchall()
|
||||
release_db_connection(conn)
|
||||
files = [{"id": r[0], "path": r[1], "uploaded_at": r[2].isoformat()} for r in rows]
|
||||
|
||||
Reference in New Issue
Block a user