feat(03-03): wire get_current_user into /api/topics/*; add load_topics_for_user; POST /api/admin/topics
- api/topics.py: add get_current_user dep to all 5 handlers (list, create, update, delete, suggest) - list_topics: uses load_topics_for_user (system topics + user's own) with user-scoped doc counts - create_topic: passes user_id=current_user.id (never creates system topics via regular endpoint) - update_topic/delete_topic: ownership assertion — system topics and other users' topics return 404 - api/admin.py: add SystemTopicCreate model + POST /api/admin/topics (user_id=NULL, admin-only) - services/storage.py: add or_ import; load_topics_for_user (D-17); create_topic gains user_id param with namespace-scoped dedup; topic_doc_counts gains optional user_id for user-scoped counts; add load_topics_for_user to __all__ - services/classifier.py: replace load_topics with load_topics_for_user(doc.user_id); pass user_id=doc.user_id to create_topic for AI-suggested topics (D-11) - Tests: update all topic tests to pass auth headers; implement test_topic_namespace, test_admin_create_system_topic, test_regular_user_cannot_create_system_topic, test_topics_require_auth
This commit is contained in:
curo1305
@@ -5,11 +5,18 @@ Loads settings, selects AI provider, classifies document, auto-creates suggested
|
||||
Updated in Plan 05: classify_document and suggest_topics_for_document now accept
|
||||
an AsyncSession as their first argument so they can be called from the Celery task
|
||||
wrapper and from API route handlers that already hold a session.
|
||||
|
||||
Updated in Plan 03-03: classify_document uses load_topics_for_user (D-17) to scope
|
||||
topic lookup to the document owner's namespace, and creates AI-suggested topics in
|
||||
the user's namespace via create_topic(user_id=doc.user_id) (D-11).
|
||||
"""
|
||||
from __future__ import annotations
|
||||
|
||||
import uuid as _uuid
|
||||
|
||||
from sqlalchemy.ext.asyncio import AsyncSession
|
||||
|
||||
from db.models import Document
|
||||
from services import storage
|
||||
from ai import get_provider
|
||||
|
||||
@@ -24,7 +31,7 @@ async def classify_document(
|
||||
"""
|
||||
Classify a document by its ID. Returns the list of assigned topic names.
|
||||
If topic_names is provided, restrict classification to those topics.
|
||||
Auto-creates any newly suggested topics.
|
||||
Auto-creates any newly suggested topics in the document owner's namespace (D-11).
|
||||
"""
|
||||
meta = await storage.get_metadata(session, doc_id)
|
||||
if meta is None:
|
||||
@@ -34,9 +41,22 @@ async def classify_document(
|
||||
system_prompt = settings.get("system_prompt", "")
|
||||
provider = get_provider(settings)
|
||||
|
||||
# Use all known topics if not specified
|
||||
# Load the Document ORM object to get the owner's user_id (D-11, D-17)
|
||||
try:
|
||||
uid = _uuid.UUID(doc_id)
|
||||
except ValueError:
|
||||
uid = None
|
||||
|
||||
doc = await session.get(Document, uid) if uid is not None else None
|
||||
doc_user_id = doc.user_id if doc is not None else None
|
||||
|
||||
# Use namespace-scoped topic list if not specified (D-17)
|
||||
if topic_names is None:
|
||||
all_topics = await storage.load_topics(session)
|
||||
if doc_user_id is not None:
|
||||
all_topics = await storage.load_topics_for_user(session, user_id=doc_user_id)
|
||||
else:
|
||||
# Fallback for documents without a user (legacy / test data)
|
||||
all_topics = await storage.load_topics(session)
|
||||
topic_names = [t["name"] for t in all_topics]
|
||||
|
||||
text = meta.get("extracted_text", "")
|
||||
@@ -45,11 +65,11 @@ async def classify_document(
|
||||
# Collect all topic names to persist (assigned + suggested)
|
||||
all_new_names = set(result.suggested_new_topics) | set(result.topics)
|
||||
|
||||
# Auto-create any topic not already in the registry
|
||||
# Auto-create any topic not already in the registry — in the user's namespace (D-11)
|
||||
existing_names = {t.lower() for t in topic_names}
|
||||
for name in all_new_names:
|
||||
if name.strip() and name.lower() not in existing_names:
|
||||
await storage.create_topic(session, name.strip())
|
||||
await storage.create_topic(session, name.strip(), user_id=doc_user_id)
|
||||
|
||||
# Final list: everything the AI assigned or suggested
|
||||
final_topics = [t for t in list(set(result.topics + result.suggested_new_topics)) if t.strip()]
|
||||
|
||||
+67
-10
@@ -28,7 +28,7 @@ import uuid
|
||||
from datetime import datetime, timezone
|
||||
from typing import Optional
|
||||
|
||||
from sqlalchemy import select, delete, text
|
||||
from sqlalchemy import select, delete, text, or_
|
||||
from sqlalchemy import func as sql_func
|
||||
from sqlalchemy.ext.asyncio import AsyncSession
|
||||
|
||||
@@ -258,6 +258,24 @@ async def load_topics(session: AsyncSession) -> list:
|
||||
]
|
||||
|
||||
|
||||
async def load_topics_for_user(session: AsyncSession, user_id: uuid.UUID) -> list:
|
||||
"""Return system topics (user_id IS NULL) + the user's own topics, ordered by name.
|
||||
|
||||
D-08 + D-17 + DOC-04: layered topic namespace. System topics are visible to all
|
||||
users; per-user topics are visible only to their owner. A user's topic list is
|
||||
the union of both sets.
|
||||
"""
|
||||
q = await session.execute(
|
||||
select(Topic).where(
|
||||
or_(Topic.user_id == user_id, Topic.user_id.is_(None))
|
||||
).order_by(Topic.name)
|
||||
)
|
||||
return [
|
||||
{"id": str(t.id), "name": t.name, "description": t.description, "color": t.color}
|
||||
for t in q.scalars()
|
||||
]
|
||||
|
||||
|
||||
async def save_topics(session: AsyncSession, topics: list) -> None:
|
||||
"""Idempotent bulk replace — delete all Topic rows then insert the list.
|
||||
|
||||
@@ -293,11 +311,35 @@ async def create_topic(
|
||||
name: str,
|
||||
description: str = "",
|
||||
color: str = "#6366f1",
|
||||
user_id: Optional[uuid.UUID] = None,
|
||||
) -> dict:
|
||||
"""Create a topic, or return the existing one (case-insensitive deduplication)."""
|
||||
q = await session.execute(
|
||||
select(Topic).where(sql_func.lower(Topic.name) == name.lower())
|
||||
)
|
||||
"""Create a topic, or return the existing one (case-insensitive, namespace-scoped dedup).
|
||||
|
||||
D-08: user_id=None creates a system topic (visible to all users).
|
||||
D-08: user_id=<uuid> creates a per-user topic (visible only to that user).
|
||||
|
||||
Deduplication is scoped by user_id namespace:
|
||||
- System topics (user_id=None) dedup against other system topics only
|
||||
- Per-user topics dedup within that user's namespace only
|
||||
This allows "Finance" to exist as both a system topic and a per-user topic.
|
||||
|
||||
SQLite note: Uses a branching approach instead of IS NOT DISTINCT FROM
|
||||
(SQLite doesn't support that PostgreSQL construct for NULL comparison).
|
||||
"""
|
||||
if user_id is None:
|
||||
q = await session.execute(
|
||||
select(Topic).where(
|
||||
sql_func.lower(Topic.name) == name.lower(),
|
||||
Topic.user_id.is_(None),
|
||||
)
|
||||
)
|
||||
else:
|
||||
q = await session.execute(
|
||||
select(Topic).where(
|
||||
sql_func.lower(Topic.name) == name.lower(),
|
||||
Topic.user_id == user_id,
|
||||
)
|
||||
)
|
||||
existing = q.scalars().first()
|
||||
if existing is not None:
|
||||
return {
|
||||
@@ -307,7 +349,7 @@ async def create_topic(
|
||||
"color": existing.color,
|
||||
}
|
||||
|
||||
topic = Topic(name=name, description=description, color=color)
|
||||
topic = Topic(name=name, description=description, color=color, user_id=user_id)
|
||||
session.add(topic)
|
||||
await session.commit()
|
||||
return {
|
||||
@@ -361,13 +403,27 @@ async def delete_topic(session: AsyncSession, topic_id: str) -> Optional[str]:
|
||||
return name
|
||||
|
||||
|
||||
async def topic_doc_counts(session: AsyncSession) -> dict:
|
||||
"""Return a mapping of topic name -> document count."""
|
||||
q = await session.execute(
|
||||
async def topic_doc_counts(
|
||||
session: AsyncSession, user_id: Optional[uuid.UUID] = None
|
||||
) -> dict:
|
||||
"""Return a mapping of topic name -> document count.
|
||||
|
||||
If user_id is provided, counts only documents belonging to that user.
|
||||
This ensures a user sees the count of their own documents for each topic,
|
||||
not the global count across all users.
|
||||
"""
|
||||
stmt = (
|
||||
select(Topic.name, sql_func.count(DocumentTopic.document_id))
|
||||
.join(DocumentTopic, DocumentTopic.topic_id == Topic.id, isouter=True)
|
||||
.group_by(Topic.name)
|
||||
)
|
||||
if user_id is not None:
|
||||
stmt = stmt.join(
|
||||
Document, Document.id == DocumentTopic.document_id, isouter=True
|
||||
).where(
|
||||
or_(Document.user_id == user_id, Document.user_id.is_(None))
|
||||
)
|
||||
stmt = stmt.group_by(Topic.name)
|
||||
q = await session.execute(stmt)
|
||||
return {name: count for name, count in q}
|
||||
|
||||
|
||||
@@ -422,6 +478,7 @@ __all__ = [
|
||||
"update_document_topics",
|
||||
"remove_topic_from_all_documents",
|
||||
"load_topics",
|
||||
"load_topics_for_user",
|
||||
"save_topics",
|
||||
"get_topic",
|
||||
"create_topic",
|
||||
|
||||
Reference in New Issue
Block a user