""" FAQ router for FAQ management """ import os from fastapi import APIRouter, HTTPException, Depends from fastapi.security import HTTPBearer from sqlalchemy.orm import Session from models.admin import Admin, AdminRole from models.faqs import FAQ, FAQStatus, FAQCreate, FAQUpdate, FAQResponse from core.database import get_db router = APIRouter(prefix="/admin", tags=["faqs"]) # JWT settings (reuse from admin router) SECRET_KEY = os.getenv("SECRET_KEY", "your-secret-key-here") ALGORITHM = "HS256" security = HTTPBearer() def get_current_admin( credentials = Depends(security), db: Session = Depends(get_db) ) -> Admin: """Get current admin from JWT token""" try: import jwt payload = jwt.decode(credentials.credentials, SECRET_KEY, algorithms=[ALGORITHM]) username: str = payload.get("sub") if username is None: raise HTTPException(status_code=401, detail="Invalid token") except jwt.ExpiredSignatureError: raise HTTPException(status_code=401, detail="Token expired") except jwt.JWTError: raise HTTPException(status_code=401, detail="Invalid token") admin = db.query(Admin).filter(Admin.username == username).first() if admin is None: raise HTTPException(status_code=401, detail="Admin not found") if not admin.is_active: raise HTTPException(status_code=401, detail="Admin account is inactive") return admin def require_admin_or_subadmin(admin: Admin = Depends(get_current_admin)): """Require Administrator or Sub-admin role""" if admin.role not in [AdminRole.ADMINISTRATOR, AdminRole.SUB_ADMIN]: raise HTTPException(status_code=403, detail="Access denied") return admin @router.get("/faqs", response_model=list[FAQResponse]) async def get_faqs( db: Session = Depends(get_db), current_admin: Admin = Depends(require_admin_or_subadmin) ): """Get all FAQs (Administrator and Sub-admin only)""" faqs = db.query(FAQ).all() return [ FAQResponse( id=faq.id, question=faq.question, answer=faq.answer, created_by=faq.created_by, created_at=faq.created_at, updated_at=faq.updated_at, status=faq.status ) for faq in faqs ] @router.post("/faqs", response_model=FAQResponse) async def create_faq( faq_data: FAQCreate, db: Session = Depends(get_db), current_admin: Admin = Depends(require_admin_or_subadmin) ): """Create new FAQ (Administrator and Sub-admin only)""" new_faq = FAQ( question=faq_data.question, answer=faq_data.answer, created_by=current_admin.id, status=faq_data.status ) db.add(new_faq) db.commit() db.refresh(new_faq) return FAQResponse( id=new_faq.id, question=new_faq.question, answer=new_faq.answer, created_by=new_faq.created_by, created_at=new_faq.created_at, updated_at=new_faq.updated_at, status=new_faq.status ) @router.put("/faqs/{faq_id}", response_model=FAQResponse) async def update_faq( faq_id: int, faq_data: FAQUpdate, db: Session = Depends(get_db), current_admin: Admin = Depends(require_admin_or_subadmin) ): """Update FAQ (Administrator and Sub-admin only)""" faq = db.query(FAQ).filter(FAQ.id == faq_id).first() if not faq: raise HTTPException(status_code=404, detail="FAQ not found") if faq_data.question is not None: faq.question = faq_data.question if faq_data.answer is not None: faq.answer = faq_data.answer if faq_data.status is not None: faq.status = faq_data.status db.commit() db.refresh(faq) return FAQResponse( id=faq.id, question=faq.question, answer=faq.answer, created_by=faq.created_by, created_at=faq.created_at, updated_at=faq.updated_at, status=faq.status ) @router.delete("/faqs/{faq_id}") async def delete_faq( faq_id: int, db: Session = Depends(get_db), current_admin: Admin = Depends(require_admin_or_subadmin) ): """Delete FAQ (Administrator and Sub-admin only)""" faq = db.query(FAQ).filter(FAQ.id == faq_id).first() if not faq: raise HTTPException(status_code=404, detail="FAQ not found") db.delete(faq) db.commit() return {"message": "FAQ deleted successfully"}