testing pipe

backend/app/routers/auth.py

@@ -18,8 +18,9 @@ async def login_for_access_token(
     form_data: OAuth2PasswordRequestForm = Depends(),
     db: Session = Depends(get_db)
 ):
+    """Авторизация сотрудника"""
     # Проверяем учетные данные сотрудника
-    employee = employees.get_employee_by_last_name(db, form_data.username)
+    employee = employees.get_employee_by_email(db, form_data.username)
     if not employee or not verify_password(form_data.password, employee.hashed_password):
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
@@ -40,17 +41,18 @@ async def admin_login(
     form_data: OAuth2PasswordRequestForm = Depends(),
     db: Session = Depends(get_db)
 ):
+    """Авторизация администратора"""
     # Проверяем учетные данные администратора
-    if form_data.username != "admin" or form_data.password != "admin123":
+    employee = employees.get_employee_by_email(db, form_data.username)
+    if not employee or not employee.is_admin or not verify_password(form_data.password, employee.hashed_password):
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
             detail="Incorrect username or password",
             headers={"WWW-Authenticate": "Bearer"},
         )
     
-    # Для админа используем специальный ID
-    admin_id = -1
-    access_token = create_and_save_token(admin_id, db)
+    # Создаем и сохраняем токен
+    access_token = create_and_save_token(employee.id, db)
     
     return {
         "access_token": access_token,

backend/app/routers/employees.py

@@ -5,19 +5,21 @@ from typing import List
 import logging
 from ..database import get_db
 from ..crud import employees
-from ..schemas.employee import Employee, EmployeeCreate, EmployeeUpdate
-from ..utils.auth import get_current_admin, get_password_hash
+from ..schemas.employee import Employee as EmployeeSchema
+from ..schemas.employee import EmployeeCreate, EmployeeUpdate
+from ..models.employee import Employee
+from ..utils.auth import get_current_admin, get_current_employee, get_password_hash
 
 # Настройка логирования
 logger = logging.getLogger(__name__)
 
 router = APIRouter(tags=["employees"])
 
-@router.post("", response_model=Employee, status_code=status.HTTP_201_CREATED)
+@router.post("", response_model=EmployeeSchema, status_code=status.HTTP_201_CREATED)
 async def create_employee(
     employee: EmployeeCreate,
     db: Session = Depends(get_db),
-    _: dict = Depends(get_current_admin)
+    current_admin: Employee = Depends(get_current_admin)
 ):
     """Create new employee"""
     try:
@@ -31,12 +33,12 @@ async def create_employee(
             detail="Error creating employee"
         )
 
-@router.get("", response_model=List[Employee])
+@router.get("", response_model=List[EmployeeSchema])
 async def get_employees(
     skip: int = 0,
     limit: int = 100,
     db: Session = Depends(get_db),
-    _: dict = Depends(get_current_admin)
+    current_admin: Employee = Depends(get_current_admin)
 ):
     """Get all employees"""
     try:
@@ -49,11 +51,40 @@ async def get_employees(
             detail="Error getting employees"
         )
 
-@router.get("/{employee_id}", response_model=Employee)
+@router.get("/me", response_model=EmployeeSchema)
+async def get_me(
+    current_employee: Employee = Depends(get_current_employee)
+):
+    """Get current employee"""
+    return current_employee
+
+@router.put("/me", response_model=EmployeeSchema)
+async def update_me(
+    employee: EmployeeUpdate,
+    db: Session = Depends(get_db),
+    current_employee: Employee = Depends(get_current_employee)
+):
+    """Update current employee data"""
+    try:
+        logger.info(f"Updating employee {current_employee.id}: {employee}")
+        db_employee = employees.update_employee(db, current_employee.id, employee)
+        if db_employee is None:
+            raise HTTPException(status_code=404, detail="Employee not found")
+        return db_employee
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error(f"Error updating employee: {e}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Error updating employee"
+        )
+
+@router.get("/{employee_id}", response_model=EmployeeSchema)
 async def get_employee(
     employee_id: int,
     db: Session = Depends(get_db),
-    _: dict = Depends(get_current_admin)
+    current_admin: Employee = Depends(get_current_admin)
 ):
     """Get employee by ID"""
     try:
@@ -71,12 +102,12 @@ async def get_employee(
             detail="Error getting employee"
         )
 
-@router.put("/{employee_id}", response_model=Employee)
+@router.put("/{employee_id}", response_model=EmployeeSchema)
 async def update_employee(
     employee_id: int,
     employee: EmployeeUpdate,
     db: Session = Depends(get_db),
-    _: dict = Depends(get_current_admin)
+    current_admin: Employee = Depends(get_current_admin)
 ):
     """Update employee data"""
     try:
@@ -94,11 +125,11 @@ async def update_employee(
             detail="Error updating employee"
         )
 
-@router.delete("/{employee_id}", response_model=Employee)
+@router.delete("/{employee_id}", response_model=EmployeeSchema)
 async def delete_employee(
     employee_id: int,
     db: Session = Depends(get_db),
-    _: dict = Depends(get_current_admin)
+    current_admin: Employee = Depends(get_current_admin)
 ):
     """Delete employee"""
     try:

backend/app/routers/requests.py

@@ -6,19 +6,20 @@ from ..database import get_db
 from ..crud import requests
 from ..schemas.request import Request, RequestCreate, RequestUpdate
 from ..models.request import RequestStatus
+from ..models.employee import Employee
 from ..utils.auth import get_current_employee, get_current_admin
 from ..utils.telegram import notify_new_request
 
 router = APIRouter()
 
-@router.post("/", response_model=Request)
+@router.post("/", response_model=Request, status_code=201)
 async def create_request(
     request: RequestCreate,
     db: Session = Depends(get_db),
-    current_employee: dict = Depends(get_current_employee)
+    current_employee: Employee = Depends(get_current_employee)
 ):
     """Create new request"""
-    db_request = requests.create_request(db, request, current_employee["id"])
+    db_request = requests.create_request(db, request, current_employee.id)
     # Отправляем уведомление в Telegram
     await notify_new_request(db_request.id)
     return db_request
@@ -26,10 +27,10 @@ async def create_request(
 @router.get("/my", response_model=List[Request])
 def get_employee_requests(
     db: Session = Depends(get_db),
-    current_employee: dict = Depends(get_current_employee)
+    current_employee: Employee = Depends(get_current_employee)
 ):
     """Get current employee's requests"""
-    return requests.get_employee_requests(db, current_employee["id"])
+    return requests.get_employee_requests(db, current_employee.id)
 
 @router.get("/admin", response_model=List[Request])
 def get_all_requests(
@@ -37,7 +38,7 @@ def get_all_requests(
     skip: int = 0,
     limit: int = 100,
     db: Session = Depends(get_db),
-    _: dict = Depends(get_current_admin)
+    current_admin: Employee = Depends(get_current_admin)
 ):
     """Get all requests (admin only)"""
     return requests.get_requests(db, status=status, skip=skip, limit=limit)
@@ -47,9 +48,15 @@ def update_request_status(
     request_id: int,
     request_update: RequestUpdate,
     db: Session = Depends(get_db),
-    _: dict = Depends(get_current_admin)
+    current_employee: Employee = Depends(get_current_employee)
 ):
     """Update request status (admin only)"""
+    if not current_employee.is_admin:
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="Not enough permissions"
+        )
+    
     db_request = requests.update_request_status(db, request_id, request_update.status)
     if db_request is None:
         raise HTTPException(status_code=404, detail="Request not found")
@@ -58,14 +65,11 @@ def update_request_status(
 @router.get("/statistics")
 def get_request_statistics(
     db: Session = Depends(get_db),
-    _: dict = Depends(get_current_admin)
+    current_admin: Employee = Depends(get_current_admin)
 ):
     """Get request statistics (admin only)"""
     stats = requests.get_statistics(db)
     return {
         "total": stats["total"],
-        "by_status": {
-            status: count
-            for status, count in stats["by_status"].items()
-        }
+        "by_status": stats["by_status"]
     }

backend/app/routers/statistics.py

@@ -2,7 +2,8 @@
 from fastapi import APIRouter, Depends
 from sqlalchemy.orm import Session
 from ..database import get_db
-from ..crud import statistics
+from ..crud import requests
+from ..models.employee import Employee
 from ..utils.auth import get_current_admin
 
 router = APIRouter()
@@ -10,7 +11,11 @@ router = APIRouter()
 @router.get("/")
 def get_statistics(
     db: Session = Depends(get_db),
-    _: dict = Depends(get_current_admin)
+    current_admin: Employee = Depends(get_current_admin)
 ):
-    """Get system statistics"""
-    return statistics.get_request_statistics(db) 
+    """Get request statistics (admin only)"""
+    stats = requests.get_statistics(db)
+    return {
+        "total": stats["total"],
+        "by_status": stats["by_status"]
+    }