intrgrating suggestions after betta 1

2025-09-08 18:06:00 +03:00
parent eb262451ad
commit 106045d72a
34 changed files with 1549 additions and 146 deletions
--- a/transportmanager/server/routes/ouders_in.py
+++ b/transportmanager/server/routes/ouders_in.py
@@ -1,9 +1,12 @@
-from flask import Blueprint, request, jsonify
+from flask import Blueprint, request, jsonify, abort
 from flask_jwt_extended import jwt_required, get_jwt_identity
 from models.order_in import OrdersIn
 from models.transporters import Transporters
 from models.user import Users
 from datetime import datetime
+import os
+from flask import send_from_directory
+import mimetypes

 orders_in_bp = Blueprint("orders_in", __name__, url_prefix="/orders_in")

@@ -11,6 +14,10 @@ orders_in_bp = Blueprint("orders_in", __name__, url_prefix="/orders_in")
@jwt_required()
 def create_order_in_route():
    user_id = get_jwt_identity()
+    users = Users()
+    user = users.get_user_by_id(user_id)
+    if user['user_role'] == 'company_user':
+        user_id = user['company_id']
    orders = OrdersIn()
    incoming_data = request.json
    try:
@@ -25,7 +32,10 @@ def create_order_in_route():
            'track_reg_number': incoming_data["track_reg_number"],
            'trailer_reg_number': incoming_data["trailer_reg_number"],
            'products_description': incoming_data["products_description"],
+            'file': incoming_data['file'],
+            'expenses': incoming_data['expenses']
        }
+        #print(order_data)
        order_id = orders.create_order(order_data)

        for address in incoming_data["loading_addresses"]:
@@ -60,6 +70,10 @@ def update_order_route(order_id):
    orders = OrdersIn()
    data = request.json
    user_id = get_jwt_identity()
+    users = Users()
+    user = users.get_user_by_id(user_id)
+    if user['user_role'] == 'company_user':
+        user_id = user['company_id']
    order = orders.get_order_by_id(order_id)
    if not order:
        return jsonify({"error": "Order in not found"}), 404
@@ -77,6 +91,8 @@ def update_order_route(order_id):
            "track_reg_number": data.get("track_reg_number", order["track_reg_number"]),
            "trailer_reg_number": data.get("trailer_reg_number", order["trailer_reg_number"]),
            "products_description": data.get("products_description", order["products_description"]),
+            'file': data.get("file", order["file"]),
+            'expenses': data.get("expenses", order["expenses"]),
            "user_id":user_id
        })

@@ -113,6 +129,10 @@ def update_order_route(order_id):
 def delete_order_route(order_id):
    orders = OrdersIn()
    user_id = get_jwt_identity()
+    users = Users()
+    user = users.get_user_by_id(user_id)
+    if user['user_role'] == 'company_user':
+        user_id = user['company_id']
    order = orders.get_order_by_id(order_id)
    if not order:
        return jsonify({"error": "Order in not found"}), 404
@@ -131,6 +151,10 @@ def delete_order_route(order_id):
 def list_orders():
    orders = OrdersIn()
    user_id = get_jwt_identity()
+    users = Users()
+    user = users.get_user_by_id(user_id)
+    if user['user_role'] == 'company_user':
+        user_id = user['company_id']
    try:
        user_orders = orders.get_orders_by_user(user_id)
        #result = [{"id": order["id"], "order_number": order["order_number"]} for order in user_orders]
@@ -143,6 +167,10 @@ def list_orders():
 def get_order(order_id):
    orders = OrdersIn()
    user_id = get_jwt_identity()
+    users = Users()
+    user = users.get_user_by_id(user_id)
+    if user['user_role'] == 'company_user':
+        user_id = user['company_id']
    order = orders.get_order_by_id(order_id)
    points = orders.get_order_points_by_order(order['id'])
    loading_points = []
@@ -160,4 +188,26 @@ def get_order(order_id):
    print(f'{type(order["user_id"])} {type(user_id)}')
    if order["user_id"] != int(user_id):
        return jsonify({"error": "Unauthorized"}), 403
-    return jsonify(order), 200
+    return jsonify(order), 200
+
+@orders_in_bp.route("/files/<path:filename>", methods=["GET"])
+#@jwt_required()
+def serve_order_pdf(filename):
+    try:
+        # Directory containing uploaded client files
+        uploads_dir = os.path.abspath(
+            os.path.join(os.path.dirname(__file__), "..", "..", "client", "uploads")
+        )
+        # Security: prevent path traversal and ensure file exists
+        abs_file_path = os.path.abspath(os.path.join(uploads_dir, filename))
+        if not abs_file_path.startswith(uploads_dir + os.sep):
+            abort(404)
+        if not os.path.isfile(abs_file_path):
+            abort(404)
+
+        guessed_type = mimetypes.guess_type(filename)[0] or "application/octet-stream"
+        # send_from_directory expects the directory and the filename relative to it
+        return send_from_directory(uploads_dir, filename, mimetype=guessed_type, as_attachment=False)
+    except Exception as e:
+        print(e)
+        return jsonify({"error": "File not found"}), 404