From 5cc576cec9247c062b0c58fa069956f818c2f9b2 Mon Sep 17 00:00:00 2001 From: Adriano Date: Fri, 20 Feb 2026 11:58:41 +0100 Subject: [PATCH] feat: add image_path to recipe/subtask and user password change API - Recipe model: add image_path field for recipe-level image - RecipeSubtask model: add image_path for per-subtask detail images - Schemas: add image_path to create/update/response for recipe and subtask - Task router: pass image_path when creating tasks and subtasks - Recipe service: copy image_path in versioning and update-in-place - Users router: add PUT /{user_id}/password endpoint (admin only) - User schema: add UserPasswordChange model Co-Authored-By: Claude Opus 4.6 --- server/models/recipe.py | 1 + server/models/task.py | 1 + server/routers/tasks.py | 3 +++ server/routers/users.py | 19 ++++++++++++++++++- server/schemas/recipe.py | 3 +++ server/schemas/task.py | 3 +++ server/schemas/user.py | 5 +++++ server/services/recipe_service.py | 8 +++++++- 8 files changed, 41 insertions(+), 2 deletions(-) diff --git a/server/models/recipe.py b/server/models/recipe.py index ce1bbe5..4b8945a 100644 --- a/server/models/recipe.py +++ b/server/models/recipe.py @@ -18,6 +18,7 @@ class Recipe(Base): code: Mapped[str] = mapped_column(String(100), unique=True, nullable=False, index=True) name: Mapped[str] = mapped_column(String(255), nullable=False) description: Mapped[Optional[str]] = mapped_column(Text, nullable=True) + image_path: Mapped[Optional[str]] = mapped_column(String(500), nullable=True) created_by: Mapped[int] = mapped_column(Integer, ForeignKey("users.id"), nullable=False) created_at: Mapped[datetime] = mapped_column( DateTime, nullable=False, server_default=func.now() diff --git a/server/models/task.py b/server/models/task.py index eebe247..48e413b 100644 --- a/server/models/task.py +++ b/server/models/task.py @@ -69,6 +69,7 @@ class RecipeSubtask(Base): ltl: Mapped[Optional[float]] = mapped_column(DECIMAL(12, 6), nullable=True) # Lower Tolerance Limit unit: Mapped[str] = mapped_column(String(20), nullable=False, default="mm") + image_path: Mapped[Optional[str]] = mapped_column(String(500), nullable=True) # Relationships task: Mapped["RecipeTask"] = relationship(back_populates="subtasks") diff --git a/server/routers/tasks.py b/server/routers/tasks.py index e608192..6bd5cca 100644 --- a/server/routers/tasks.py +++ b/server/routers/tasks.py @@ -175,6 +175,7 @@ async def create_task( title=data.title, directive=data.directive, description=data.description, + file_path=data.file_path, file_type=data.file_type, annotations_json=data.annotations_json, ) @@ -194,6 +195,7 @@ async def create_task( lwl=sub_data.lwl, ltl=sub_data.ltl, unit=sub_data.unit, + image_path=sub_data.image_path, ) db.add(sub) @@ -333,6 +335,7 @@ async def create_subtask( lwl=data.lwl, ltl=data.ltl, unit=data.unit, + image_path=data.image_path, ) db.add(subtask) await db.flush() diff --git a/server/routers/users.py b/server/routers/users.py index a93b392..ed57a51 100644 --- a/server/routers/users.py +++ b/server/routers/users.py @@ -6,7 +6,7 @@ from sqlalchemy.ext.asyncio import AsyncSession from database import get_db from middleware.api_key import require_admin_user from models.user import User -from schemas.user import UserCreate, UserResponse, UserUpdate +from schemas.user import UserCreate, UserPasswordChange, UserResponse, UserUpdate from services.auth_service import create_user, hash_password, regenerate_api_key router = APIRouter(prefix="/api/users", tags=["users"]) @@ -91,6 +91,23 @@ async def update_user( return UserResponse.model_validate(user) +@router.put("/{user_id}/password", status_code=status.HTTP_200_OK) +async def change_user_password( + user_id: int, + data: UserPasswordChange, + admin: User = Depends(require_admin_user), + db: AsyncSession = Depends(get_db), +): + """Change user password (admin only).""" + result = await db.execute(select(User).where(User.id == user_id)) + user = result.scalar_one_or_none() + if user is None: + raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="User not found") + user.password_hash = hash_password(data.password) + await db.flush() + return {"message": f"Password changed for user {user.username}"} + + @router.delete("/{user_id}", status_code=status.HTTP_204_NO_CONTENT) async def deactivate_user( user_id: int, diff --git a/server/schemas/recipe.py b/server/schemas/recipe.py index 59dad7d..d6275be 100644 --- a/server/schemas/recipe.py +++ b/server/schemas/recipe.py @@ -13,6 +13,7 @@ class RecipeCreate(BaseModel): code: str = Field(..., min_length=1, max_length=100) name: str = Field(..., min_length=1, max_length=255) description: Optional[str] = None + image_path: Optional[str] = Field(None, max_length=500) # Optional task-level fields for the initial technical drawing file_path: Optional[str] = Field(None, max_length=500) file_type: Optional[str] = Field(None, pattern="^(image|pdf)$") @@ -23,6 +24,7 @@ class RecipeUpdate(BaseModel): """Schema for updating a recipe (creates new version).""" name: Optional[str] = Field(None, min_length=1, max_length=255) description: Optional[str] = None + image_path: Optional[str] = Field(None, max_length=500) change_notes: Optional[str] = None # Task-level fields: saved to the first task of the new version file_path: Optional[str] = Field(None, max_length=500) @@ -52,6 +54,7 @@ class RecipeResponse(BaseModel): code: str name: str description: Optional[str] = None + image_path: Optional[str] = None created_by: int created_at: datetime active: bool diff --git a/server/schemas/task.py b/server/schemas/task.py index 0aa7b3c..79a419b 100644 --- a/server/schemas/task.py +++ b/server/schemas/task.py @@ -15,6 +15,7 @@ class SubtaskCreate(BaseModel): lwl: Optional[float] = None ltl: Optional[float] = None unit: str = Field("mm", max_length=20) + image_path: Optional[str] = Field(None, max_length=500) class SubtaskUpdate(BaseModel): @@ -27,6 +28,7 @@ class SubtaskUpdate(BaseModel): lwl: Optional[float] = None ltl: Optional[float] = None unit: Optional[str] = Field(None, max_length=20) + image_path: Optional[str] = Field(None, max_length=500) class SubtaskResponse(BaseModel): @@ -44,6 +46,7 @@ class SubtaskResponse(BaseModel): lwl: Optional[float] = None ltl: Optional[float] = None unit: str + image_path: Optional[str] = None class TaskCreate(BaseModel): diff --git a/server/schemas/user.py b/server/schemas/user.py index 6fcff20..7c6e71b 100644 --- a/server/schemas/user.py +++ b/server/schemas/user.py @@ -52,6 +52,11 @@ class UserResponse(BaseModel): last_login: Optional[datetime] = None +class UserPasswordChange(BaseModel): + """Schema for changing user password (admin only).""" + password: str = Field(..., min_length=6, max_length=128) + + class LoginRequest(BaseModel): """Schema for login request.""" username: str diff --git a/server/services/recipe_service.py b/server/services/recipe_service.py index b155831..ec0eb8d 100644 --- a/server/services/recipe_service.py +++ b/server/services/recipe_service.py @@ -77,6 +77,7 @@ async def _copy_tasks_to_version( lwl=sub.lwl, ltl=sub.ltl, unit=sub.unit, + image_path=sub.image_path, ) db.add(new_sub) @@ -132,6 +133,7 @@ async def create_recipe( code=data.code, name=data.name, description=data.description, + image_path=data.image_path, created_by=user.id, ) db.add(recipe) @@ -285,6 +287,8 @@ async def create_new_version( update_fields["name"] = data.name if data.description is not None: update_fields["description"] = data.description + if data.image_path is not None: + update_fields["image_path"] = data.image_path if update_fields: await db.execute( update(Recipe).where(Recipe.id == recipe_id).values(**update_fields) @@ -373,12 +377,14 @@ async def update_current_version( data: RecipeUpdate, ) -> RecipeVersion: """Update recipe header in-place on the current version (no copy-on-write).""" - # Apply header updates (name, description) + # Apply header updates (name, description, image_path) update_fields: dict = {} if data.name is not None: update_fields["name"] = data.name if data.description is not None: update_fields["description"] = data.description + if data.image_path is not None: + update_fields["image_path"] = data.image_path if update_fields: await db.execute( update(Recipe).where(Recipe.id == recipe_id).values(**update_fields)