Update api/routes.py

api/routes.py

@@ -1,6 +1,6 @@
 from fastapi import APIRouter, HTTPException, Depends, Body
 from fastapi.security import OAuth2PasswordRequestForm
-from models.schemas import SignupForm, TokenResponse, PatientCreate
+from models.schemas import SignupForm, TokenResponse, PatientCreate, DoctorCreate
 from db.mongo import users_collection, patients_collection
 from core.security import hash_password, verify_password, create_access_token, get_current_user
 from datetime import datetime
@@ -11,9 +11,12 @@ from pydantic import BaseModel
 
 router = APIRouter()
 
-# --- SIGNUP ---
+# --- SIGNUP (for patients only) ---
 @router.post("/signup")
 async def signup(data: SignupForm):
+    if data.role != "patient":
+        raise HTTPException(status_code=403, detail="Only patients can sign up via this route")
+
     email = data.email.lower().strip()
     existing = await users_collection.find_one({"email": email})
     if existing:
@@ -24,10 +27,30 @@ async def signup(data: SignupForm):
         "email": email,
         "full_name": data.full_name.strip(),
         "password": hashed_pw,
+        "role": "patient",
+        "created_at": datetime.utcnow()
+    }
+    await users_collection.insert_one(user_doc)
+    return {"success": True, "message": "Patient account created"}
+
+# --- ADMIN: Create doctor account ---
+@router.post("/admin/create-doctor")
+async def create_doctor(data: DoctorCreate):
+    existing = await users_collection.find_one({"email": data.email})
+    if existing:
+        raise HTTPException(status_code=409, detail="Email already exists")
+
+    hashed_pw = hash_password(data.password)
+    user_doc = {
+        "matricule": data.matricule,
+        "email": data.email.lower().strip(),
+        "full_name": data.full_name.strip(),
+        "password": hashed_pw,
+        "role": "doctor",
         "created_at": datetime.utcnow()
     }
     await users_collection.insert_one(user_doc)
-    return {"success": True, "message": "Account created"}
+    return {"success": True, "message": "Doctor account created"}
 
 # --- LOGIN ---
 @router.post("/login", response_model=TokenResponse)
@@ -46,17 +69,19 @@ async def get_me(current_user: dict = Depends(get_current_user)):
     return {
         "email": current_user["email"],
         "full_name": current_user.get("full_name", ""),
+        "role": current_user.get("role", "unknown"),
         "created_at": current_user.get("created_at", "")
     }
 
 # --- ADD NEW PATIENT ---
 @router.post("/patients")
 async def add_patient(data: PatientCreate, current_user: dict = Depends(get_current_user)):
+    if current_user.get("role") != "doctor":
+        raise HTTPException(status_code=403, detail="Only doctors can add patients")
+
     patient_doc = {
-        "full_name": data.full_name,
+        **data.dict(),
         "date_of_birth": datetime.combine(data.date_of_birth, datetime.min.time()),
-        "gender": data.gender,
-        "notes": data.notes,
         "contact": data.contact.dict() if data.contact else {},
         "created_by": current_user["email"],
         "created_at": datetime.utcnow()
@@ -67,6 +92,9 @@ async def add_patient(data: PatientCreate, current_user: dict = Depends(get_curr
 # --- GET ALL PATIENTS ---
 @router.get("/patients")
 async def list_patients(current_user: dict = Depends(get_current_user)):
+    if current_user.get("role") != "doctor":
+        raise HTTPException(status_code=403, detail="Only doctors can view patients")
+
     patients_cursor = patients_collection.find({"created_by": current_user["email"]})
     patients = []
     async for patient in patients_cursor:
@@ -75,113 +103,15 @@ async def list_patients(current_user: dict = Depends(get_current_user)):
             "full_name": patient.get("full_name", ""),
             "date_of_birth": patient.get("date_of_birth"),
             "gender": patient.get("gender", ""),
-            "notes": patient.get("notes", ""),
+            "notes": patient.get("notes", "")
         })
     return patients
 
-# --- GET PATIENT BY ID ---
-@router.get("/patients/{patient_id}")
-async def get_patient_by_id(patient_id: str, current_user: dict = Depends(get_current_user)):
-    try:
-        patient = await patients_collection.find_one({
-            "_id": ObjectId(patient_id),
-            "created_by": current_user["email"]
-        })
-    except InvalidId:
-        raise HTTPException(status_code=400, detail="Invalid patient ID")
-
-    if not patient:
-        raise HTTPException(status_code=404, detail="Patient not found")
-
-    return {
-        "id": str(patient["_id"]),
-        "full_name": patient.get("full_name", ""),
-        "date_of_birth": patient.get("date_of_birth"),
-        "gender": patient.get("gender", ""),
-        "notes": patient.get("notes", ""),
-        "contact": patient.get("contact", {}),
-        "created_at": patient.get("created_at"),
-    }
-
-# --- UPDATE PATIENT ---
-class PatientUpdate(BaseModel):
-    full_name: Optional[str]
-    date_of_birth: Optional[datetime]
-    gender: Optional[str]
-    notes: Optional[str]
-    contact: Optional[dict]
-
-@router.put("/patients/{patient_id}")
-async def update_patient(
-    patient_id: str,
-    data: PatientUpdate = Body(...),
-    current_user: dict = Depends(get_current_user)
-):
-    try:
-        oid = ObjectId(patient_id)
-    except InvalidId:
-        raise HTTPException(status_code=400, detail="Invalid patient ID")
-
-    update_data = {}
-    for key, value in data.dict(exclude_unset=True).items():
-        if key == "date_of_birth" and value:
-            update_data[key] = datetime.combine(value, datetime.min.time())
-        else:
-            update_data[key] = value
-
-    result = await patients_collection.update_one(
-        {"_id": oid, "created_by": current_user["email"]},
-        {"$set": update_data}
-    )
-
-    if result.matched_count == 0:
-        raise HTTPException(status_code=404, detail="Patient not found")
-
-    return {"message": "Patient updated successfully"}
-
-# --- DELETE PATIENT ---
-@router.delete("/patients/{patient_id}")
-async def delete_patient(patient_id: str, current_user: dict = Depends(get_current_user)):
-    try:
-        oid = ObjectId(patient_id)
-    except InvalidId:
-        raise HTTPException(status_code=400, detail="Invalid patient ID")
-
-    result = await patients_collection.delete_one({
-        "_id": oid,
-        "created_by": current_user["email"]
-    })
-
-    if result.deleted_count == 0:
-        raise HTTPException(status_code=404, detail="Patient not found or unauthorized")
-
-    return {"message": "Patient deleted successfully"}
-
 # --- COUNT PATIENTS BY DOCTOR ---
-@router.get("/patients-count")  # ✅ No chance of conflict
+@router.get("/patients-count")
 async def count_patients(current_user: dict = Depends(get_current_user)):
-    try:
-        email = current_user.get("email")
-        print("📌 Authenticated user email:", email)
-
-        if not email or not isinstance(email, str):
-            print("❗ Email missing or invalid:", email)
-            raise HTTPException(status_code=400, detail="Invalid user email")
-
-        if patients_collection is None:
-            print("❌ patients_collection is None")
-            raise HTTPException(status_code=500, detail="Database not connected")
-
-        filter_query = {"created_by": email}
-        print("🔍 Running count_documents with:", filter_query)
-
-        count = await patients_collection.count_documents(filter_query)
-
-        print("✅ Count result:", count)
-        return {"count": count}
+    if current_user.get("role") != "doctor":
+        raise HTTPException(status_code=403, detail="Only doctors can count patients")
 
-    except Exception as e:
-        import traceback
-        traceback.print_exc()
-        print("❌ ERROR in /patients/count:", repr(e))
-        raise HTTPException(status_code=500, detail="Internal Server Error")
+    count = await patients_collection.count_documents({"created_by": current_user["email"]})
+    return {"count": count}