feat(03-03): wire get_current_user into /api/topics/*; add load_topics_for_user; POST /api/admin/topics
- api/topics.py: add get_current_user dep to all 5 handlers (list, create, update, delete, suggest) - list_topics: uses load_topics_for_user (system topics + user's own) with user-scoped doc counts - create_topic: passes user_id=current_user.id (never creates system topics via regular endpoint) - update_topic/delete_topic: ownership assertion — system topics and other users' topics return 404 - api/admin.py: add SystemTopicCreate model + POST /api/admin/topics (user_id=NULL, admin-only) - services/storage.py: add or_ import; load_topics_for_user (D-17); create_topic gains user_id param with namespace-scoped dedup; topic_doc_counts gains optional user_id for user-scoped counts; add load_topics_for_user to __all__ - services/classifier.py: replace load_topics with load_topics_for_user(doc.user_id); pass user_id=doc.user_id to create_topic for AI-suggested topics (D-11) - Tests: update all topic tests to pass auth headers; implement test_topic_namespace, test_admin_create_system_topic, test_regular_user_cannot_create_system_topic, test_topics_require_auth
This commit is contained in:
curo1305
+32
-1
@@ -32,7 +32,7 @@ from pydantic import BaseModel, EmailStr, field_validator
|
||||
from sqlalchemy import func, select
|
||||
from sqlalchemy.ext.asyncio import AsyncSession
|
||||
|
||||
from db.models import Quota, RefreshToken, User
|
||||
from db.models import Quota, RefreshToken, Topic, User
|
||||
from deps.auth import get_current_admin
|
||||
from deps.db import get_db
|
||||
from services.auth import hash_password, revoke_all_refresh_tokens
|
||||
@@ -127,6 +127,14 @@ class AiConfigUpdate(BaseModel):
|
||||
ai_model: Optional[str] = None
|
||||
|
||||
|
||||
class SystemTopicCreate(BaseModel):
|
||||
"""Request model for admin system topic creation (D-09)."""
|
||||
|
||||
name: str
|
||||
description: str = ""
|
||||
color: str = "#6366f1"
|
||||
|
||||
|
||||
# ── Endpoints ─────────────────────────────────────────────────────────────────
|
||||
|
||||
|
||||
@@ -378,3 +386,26 @@ async def update_ai_config(
|
||||
"ai_provider": user.ai_provider,
|
||||
"ai_model": user.ai_model,
|
||||
}
|
||||
|
||||
|
||||
@router.post("/topics", status_code=status.HTTP_201_CREATED)
|
||||
async def create_system_topic(
|
||||
body: SystemTopicCreate,
|
||||
session: AsyncSession = Depends(get_db),
|
||||
_admin: User = Depends(get_current_admin),
|
||||
) -> dict:
|
||||
"""Create a system topic visible to all users (D-09, DOC-04).
|
||||
|
||||
System topics have user_id = NULL, making them visible to every user as
|
||||
defaults in their topic namespace. Only admins can create system topics.
|
||||
Regular users create per-user topics via POST /api/topics.
|
||||
|
||||
Deduplication: case-insensitive match within the system namespace (user_id IS NULL).
|
||||
Returns the existing system topic if one with the same name already exists.
|
||||
"""
|
||||
from services import storage # noqa: PLC0415
|
||||
|
||||
topic = await storage.create_topic(
|
||||
session, body.name, body.description, body.color, user_id=None
|
||||
)
|
||||
return topic
|
||||
|
||||
Reference in New Issue
Block a user