tailfin/api/routes/flights.py

import logging

from fastapi import APIRouter, HTTPException

from models import FlightModel

from mongoengine import DoesNotExist, ValidationError

from flask_jwt_extended import get_jwt_identity, jwt_required

from database.models import User, Flight, AuthLevel
from database.utils import get_flight_list
from routes.utils import auth_level_required

router = APIRouter()

logger = logging.getLogger("flights")


@router.get('/flights')
@jwt_required()
def get_flights():
    """
    Get a list of the flights logged by the currently logged-in user

    :return: List of flights
    """
    try:
        user = User.objects.get(username=get_jwt_identity())
    except DoesNotExist:
        logger.warning("User %s not found", get_jwt_identity())
        return {"msg": "user not found"}, 401

    flights = get_flight_list(filters=[[{"field": "user", "operator": "eq", "value": user.id}]]).to_json()
    return flights, 200


@router.get('/flights/all')
@jwt_required()
@auth_level_required(AuthLevel.ADMIN)
def get_all_flights():
    """
    Get a list of all flights logged by any user

    :return: List of flights
    """
    logger.debug("Get all flights - user: %s", get_jwt_identity())
    flights = get_flight_list().to_json()
    return flights, 200


@router.get('/flights/{flight_id}', response_model=FlightModel)
@jwt_required()
def get_flight(flight_id: str):
    """
    Get all details of a given flight

    :param flight_id: ID of requested flight
    :return: Flight details
    """
    try:
        user = User.objects.get(username=get_jwt_identity())
    except DoesNotExist:
        logger.warning("User %s not found", get_jwt_identity())
        raise HTTPException(401, "User not found")

    flight = Flight.objects(id=flight_id).to_json()
    if flight.user != user.id and AuthLevel(user.level) != AuthLevel.ADMIN:
        logger.info("Attempted access to unauthorized flight by %s", user.username)
        raise HTTPException(403, "Unauthorized access")

    return flight


@router.post('/flights')
@jwt_required()
def add_flight(flight_body: FlightModel):
    """
    Add a flight logbook entry

    :return: Error message if request invalid, else ID of newly created log
    """
    try:
        user = User.objects.get(username=get_jwt_identity())
    except DoesNotExist:
        logger.warning("User %s not found", get_jwt_identity())
        raise HTTPException(401, "User not found")

    try:
        flight = Flight(user=user.id, **flight_body.model_dump()).save()
    except ValidationError as e:
        logger.info("Invalid flight body: %s", e)
        raise HTTPException(400, "Invalid request")

    return {"id": flight.id}


@router.put('/flights/{flight_id}', status_code=201, response_model=FlightModel)
@jwt_required()
def update_flight(flight_id: str, flight_body: FlightModel):
    """
    Update the given flight with new information

    :param flight_id: ID of flight to update
    :param flight_body: New flight information to update with
    :return: Updated flight
    """
    try:
        user = User.objects.get(username=get_jwt_identity())
    except DoesNotExist:
        logger.warning("User %s not found", get_jwt_identity())
        raise HTTPException(status_code=401, detail="user not found")

    flight = Flight.objects(id=flight_id)

    if flight.user != user and AuthLevel(user.level) != AuthLevel.ADMIN:
        logger.info("Attempted access to unauthorized flight by %s", user.username)
        raise HTTPException(403, "Unauthorized access")

    flight.update(**flight_body.model_dump())

    return flight_body


@router.delete('/flights/{flight_id}', status_code=200)
def delete_flight(flight_id: str):
    """
    Delete the given flight

    :param flight_id: ID of flight to delete
    :return: 200
    """
    try:
        user = User.objects.get(username=get_jwt_identity())
    except DoesNotExist:
        logger.warning("User %s not found", get_jwt_identity())
        raise HTTPException(401, "user not found")

    flight = Flight.objects(id=flight_id)

    if flight.user != user and AuthLevel(user.level) != AuthLevel.ADMIN:
        logger.info("Attempted access to unauthorized flight by %s", user.username)
        raise HTTPException(403, "Unauthorized access")

    flight.delete()

    return '', 200