Implement teams in own file

backend/app/api/routes/teams.py

@@ -0,0 +1,193 @@
+from typing import Any
+
+from fastapi import APIRouter, HTTPException
+from sqlmodel import func, select
+
+from app.api.deps import CurrentUser, SessionDep
+from app.models.base import (
+    ApiTags,
+    Message,
+    RowId,
+)
+from app.models.team import (
+    Team,
+    TeamCreate,
+    TeamUpdate,
+    TeamPublic,
+    TeamsPublic,
+)
+from app.models.event import (
+    Event,
+    EventUserLink,
+)
+from app.models.user import (
+    PermissionModule,
+    PermissionPart,
+    PermissionRight,
+)
+
+router = APIRouter(prefix="/teams", tags=[ApiTags.TEAMS])
+
+
+# region # Teams ###############################################################
+
+@router.get("/", response_model=TeamsPublic)
+def read_teams(
+    session: SessionDep, current_user: CurrentUser, skip: int = 0, limit: int = 100
+) -> Any:
+    """
+    Retrieve all teams.
+    """
+
+    if current_user.has_permissions(
+        module=PermissionModule.TEAM,
+        part=PermissionPart.ADMIN,
+        rights=PermissionRight.READ,
+    ):
+        count_statement = select(func.count()).select_from(Team)
+        count = session.exec(count_statement).one()
+        statement = select(Team).offset(skip).limit(limit)
+        teams = session.exec(statement).all()
+
+    else:
+        # Only read teams that are connected to an event that the user can read
+        count_statement = (
+            select(func.count())
+            .select_from(Team)
+            .join(Event)  # Join with Event to filter teams based on events
+            .join(EventUserLink)  # Join with EventUserLink to check user permissions
+            .where(
+                EventUserLink.user_id == current_user.id,
+                # FIXME: (EventUserLink.rights & (PermissionRight.READ | PermissionRight.MANAGE_TEAMS)) > 0
+            )
+        )
+        count = session.exec(count_statement).one()
+
+        statement = (
+            select(Team)
+            .join(Event)
+            .join(EventUserLink)
+            .where(
+                EventUserLink.user_id == current_user.id,
+                # FIXME: (EventUserLink.rights & (PermissionRight.READ | PermissionRight.MANAGE_TEAMS)) > 0
+            )
+            .offset(skip)
+            .limit(limit)
+        )
+        teams = session.exec(statement).all()
+
+    return TeamsPublic(data=teams, count=count)
+
+
+@router.get("/{id}", response_model=TeamPublic)
+def read_team(session: SessionDep, current_user: CurrentUser, id: RowId) -> Any:
+    """
+    Get team by ID.
+    """
+    team = session.get(Team, id)
+    if not team:
+        raise HTTPException(status_code=404, detail="Team not found")
+
+    event = session.get(Event, team.event_id)
+    if not event:
+        raise HTTPException(status_code=404, detail="Event not found")
+
+    if not current_user.has_permissions(
+            module=PermissionModule.TEAM,
+            part=PermissionPart.ADMIN,
+            rights=PermissionRight.READ,
+    ) and not (event.user_has_rights(user=current_user, rights=PermissionRight.MANAGE_TEAMS)):
+        raise HTTPException(status_code=400, detail="Not enough permissions")
+
+    return team
+
+
+@router.post("/", response_model=TeamPublic)
+def create_team(
+    *, session: SessionDep, current_user: CurrentUser, team_in: TeamCreate
+) -> Any:
+    """
+    Create new team.
+    """
+
+    event = session.get(Event, team_in.event_id)
+    if not event:
+        raise HTTPException(status_code=404, detail="Event not found")
+
+    if not current_user.has_permissions(
+        module=PermissionModule.TEAM,
+        part=PermissionPart.ADMIN,
+        rights=PermissionRight.UPDATE,
+    ) and not (event.user_has_rights(user=current_user, rights=PermissionRight.MANAGE_TEAMS)):
+        raise HTTPException(status_code=400, detail="Not enough permissions")
+
+    team = Team.create(create_obj=team_in, session=session)
+    return team
+
+
+@router.put("/{id}", response_model=TeamPublic)
+def update_team(
+    *, session: SessionDep, current_user: CurrentUser, id: RowId, team_in: TeamUpdate
+) -> Any:
+    """
+    Update a team.
+    """
+    team = session.get(Team, id)
+    if not team:
+        raise HTTPException(status_code=404, detail="Team not found")
+
+    # Check user's permissions for the existing event
+    event = session.get(Event, team.event_id)
+    if not event:
+        raise HTTPException(status_code=404, detail="Event not found")
+
+    if not current_user.has_permissions(
+        module=PermissionModule.TEAM,
+        part=PermissionPart.ADMIN,
+        rights=PermissionRight.UPDATE,
+    ) and not (event.user_has_rights(user=current_user, rights=PermissionRight.MANAGE_TEAMS)):
+        raise HTTPException(status_code=400, detail="Not enough permissions")
+
+    # Check rights for the new event data
+    if team_in.event_id:
+        event = session.get(Event, team_in.event_id)
+        if not event:
+            raise HTTPException(status_code=404, detail="New event not found")
+
+        if not current_user.has_permissions(
+                module=PermissionModule.TEAM,
+                part=PermissionPart.ADMIN,
+                rights=PermissionRight.UPDATE,
+        ) and not (event.user_has_rights(user=current_user, rights=PermissionRight.MANAGE_TEAMS)):
+            raise HTTPException(status_code=400, detail="Not enough permissions")
+
+    # Update the team
+    team = Team.update(db_obj=team, in_obj=team_in, session=session)
+    return team
+
+
+@router.delete("/{id}")
+def delete_team(session: SessionDep,current_user: CurrentUser, id: RowId) -> Message:
+    """
+    Delete a team.
+    """
+    team = session.get(Team, id)
+    if not team:
+        raise HTTPException(status_code=404, detail="Team not found")
+
+    event = session.get(Event, team.event_id)
+    if not event:
+        raise HTTPException(status_code=404, detail="Event not found")
+
+    if not current_user.has_permissions(
+        module=PermissionModule.TEAM,
+        part=PermissionPart.ADMIN,
+        rights=PermissionRight.DELETE,
+    ) and not (event.user_has_rights(user=current_user, rights=PermissionRight.MANAGE_TEAMS)):
+        raise HTTPException(status_code=400, detail="Not enough permissions")
+
+    session.delete(team)
+    session.commit()
+    return Message(message="Team deleted successfully")
+
+# endregion