iristrack-api

Running

App Files Files Community

rairo commited on 14 days ago

Commit

2aa3865

verified ·

1 Parent(s): ba126ae

Update main.py

Browse files

Files changed (1) hide show

main.py +156 -3

main.py CHANGED Viewed

@@ -801,11 +801,15 @@ def add_user(org_id):
             fb_user = auth.create_user(email=email, password=password, display_name=display_name)
         except Exception as e:
             if "EMAIL_EXISTS" in str(e):
-                # User exists in Auth — try to get their uid and add to org
                 try:
                     fb_user = auth.get_user_by_email(email)
-                except Exception:
-                    return jsonify({"error": "Email already registered to another account."}), 409
             else:
                 raise
@@ -968,6 +972,131 @@ def list_kpi_models(org_id):
         return jsonify({"error": str(e)}), 403
 @app.route("/api/org/<string:org_id>/tasks", methods=["POST"])
 def create_task(org_id):
     """
@@ -1858,6 +1987,30 @@ def mark_notification_read(org_id, notif_id):
         return jsonify({"error": str(e)}), 403
 @app.route("/api/org/<string:org_id>/notifications/broadcast", methods=["POST"])
 def broadcast_notification(org_id):
     """

             fb_user = auth.create_user(email=email, password=password, display_name=display_name)
         except Exception as e:
             if "EMAIL_EXISTS" in str(e):
+                # User already exists in Firebase Auth — look them up and add to this org.
+                # This is intentional: an employee may have an account from another org
+                # or a pre-existing Firebase account. We enrol them here explicitly.
                 try:
                     fb_user = auth.get_user_by_email(email)
+                    logger.info(f"add_user | Email {email} exists in Auth — enrolling uid={fb_user.uid} into org={org_id}")
+                except Exception as lookup_err:
+                    logger.error(f"add_user | Could not look up existing user {email}: {lookup_err}")
+                    return jsonify({"error": "Email already registered and could not be retrieved."}), 409
             else:
                 raise
         return jsonify({"error": str(e)}), 403
+@app.route("/api/org/<string:org_id>/kpi-models/preview", methods=["POST"])
+def preview_kpi_model(org_id):
+    """
+    Gemini synthesises a KPI model from natural language and returns it for admin
+    review WITHOUT saving it. Admin confirms by calling POST /kpi-models with the
+    same payload (or the returned kpi_categories directly).
+    Body: { role_name, natural_language }
+    """
+    try:
+        uid, role, _ = verify_org_admin(request.headers.get("Authorization"), org_id)
+        data      = request.get_json() or {}
+        role_name = data.get("role_name", "").strip()
+        nl        = data.get("natural_language", "").strip()
+        if not role_name or not nl:
+            return jsonify({"error": "role_name and natural_language required."}), 400
+        synthesized = gemini_synthesize_kpi(nl, role_name)
+        return jsonify({"preview": synthesized, "confirmed": False}), 200
+    except PermissionError as e:
+        return jsonify({"error": str(e)}), 403
+    except Exception as e:
+        logger.error(f"preview_kpi_model failed: {e}")
+        return jsonify({"error": str(e)}), 500
+@app.route("/api/org/<string:org_id>/kpi-models/<string:model_id>", methods=["PUT"])
+def update_kpi_model(org_id, model_id):
+    """
+    Update an existing KPI model.
+    Body: { role_name?, kpi_categories?, natural_language? }
+    If natural_language provided, Gemini re-synthesises. Otherwise accepts kpi_categories directly.
+    """
+    try:
+        uid, role, _ = verify_org_admin(request.headers.get("Authorization"), org_id)
+        model_ref  = db_ref.child(f"kpi_models/{org_id}/{model_id}")
+        model_data = model_ref.get()
+        if not model_data:
+            return jsonify({"error": "KPI model not found."}), 404
+        data = request.get_json() or {}
+        update = {"updatedAt": _now_iso(), "updatedBy": uid}
+        if data.get("role_name"):
+            update["role"] = data["role_name"]
+        if data.get("natural_language"):
+            synthesized = gemini_synthesize_kpi(data["natural_language"], data.get("role_name", model_data.get("role", "")))
+            update["kpi_categories"]   = synthesized["kpi_categories"]
+            update["synthesized_from"] = data["natural_language"]
+        elif data.get("kpi_categories"):
+            update["kpi_categories"]   = data["kpi_categories"]
+            update["synthesized_from"] = "manual"
+        model_ref.update(update)
+        _write_audit(org_id, uid, "kpi_model_updated", {"model_id": model_id})
+        return jsonify({**model_data, **update}), 200
+    except PermissionError as e:
+        return jsonify({"error": str(e)}), 403
+    except Exception as e:
+        logger.error(f"update_kpi_model failed: {e}")
+        return jsonify({"error": str(e)}), 500
+@app.route("/api/org/<string:org_id>/kpi-models/<string:model_id>", methods=["DELETE"])
+def delete_kpi_model(org_id, model_id):
+    """
+    Delete a KPI model. Org admin only.
+    Models in active use (referenced by submissions) are soft-deleted — marked inactive
+    rather than removed, so historical alignment scores remain meaningful.
+    """
+    try:
+        uid, role, _ = verify_org_admin(request.headers.get("Authorization"), org_id)
+        if role != "org_admin":
+            return jsonify({"error": "Only org_admin can delete KPI models."}), 403
+        model_ref  = db_ref.child(f"kpi_models/{org_id}/{model_id}")
+        model_data = model_ref.get()
+        if not model_data:
+            return jsonify({"error": "KPI model not found."}), 404
+        # Check if any submission references this model
+        all_subs = db_ref.child(f"submissions/{org_id}").get() or {}
+        in_use   = any(
+            isinstance(week_sub, dict) and week_sub.get("kpiModelId") == model_id
+            for user_subs in all_subs.values() if isinstance(user_subs, dict)
+            for week_sub in user_subs.values() if isinstance(week_sub, dict)
+        )
+        if in_use:
+            # Soft delete — keep data, mark inactive
+            model_ref.update({"active": False, "deletedAt": _now_iso(), "deletedBy": uid})
+            _write_audit(org_id, uid, "kpi_model_soft_deleted", {"model_id": model_id})
+            return jsonify({"success": True, "soft_deleted": True, "reason": "Model has historical submissions — marked inactive rather than removed."}), 200
+        model_ref.delete()
+        _write_audit(org_id, uid, "kpi_model_deleted", {"model_id": model_id})
+        return jsonify({"success": True, "soft_deleted": False}), 200
+    except PermissionError as e:
+        return jsonify({"error": str(e)}), 403
+    except Exception as e:
+        logger.error(f"delete_kpi_model failed: {e}")
+        return jsonify({"error": str(e)}), 500
+@app.route("/api/org/<string:org_id>/tasks/preview", methods=["POST"])
+def preview_task(org_id):
+    """
+    Gemini structures a task from natural language and returns it for admin review
+    WITHOUT saving. Admin confirms by calling POST /tasks with the same payload.
+    Body: { natural_language, kpi_model_id? }
+    """
+    try:
+        uid, role, _ = verify_org_admin(request.headers.get("Authorization"), org_id)
+        data = request.get_json() or {}
+        nl   = data.get("natural_language", "").strip()
+        if not nl:
+            return jsonify({"error": "natural_language required."}), 400
+        org         = get_org(org_id)
+        org_context = (org.get("name", "") + " — " + org.get("industry", "")) if org else org_id
+        kpi_cats    = []
+        if data.get("kpi_model_id"):
+            model = db_ref.child(f"kpi_models/{org_id}/{data['kpi_model_id']}").get()
+            if model:
+                kpi_cats = [c["name"] for c in model.get("kpi_categories", [])]
+        structured = gemini_synthesize_task(nl, org_context, kpi_cats)
+        due_date   = (date.today() + timedelta(days=structured.get("suggested_due_days", 7))).isoformat()
+        return jsonify({"preview": {**structured, "resolved_due_date": due_date}, "confirmed": False}), 200
+    except PermissionError as e:
+        return jsonify({"error": str(e)}), 403
+    except Exception as e:
+        logger.error(f"preview_task failed: {e}")
+        return jsonify({"error": str(e)}), 500
 @app.route("/api/org/<string:org_id>/tasks", methods=["POST"])
 def create_task(org_id):
     """
         return jsonify({"error": str(e)}), 403
+@app.route("/api/org/<string:org_id>/notifications/mark-all-read", methods=["PUT"])
+def mark_all_notifications_read(org_id):
+    """
+    Marks all unread notifications for the calling user as read in a single write.
+    Far cheaper than fanning out individual PUTs from the frontend.
+    """
+    try:
+        uid, _ = verify_org_member(request.headers.get("Authorization"), org_id)
+        notifs = db_ref.child(f"notifications/{org_id}/{uid}").get() or {}
+        updates = {
+            notif_id: {**notif_data, "read": True}
+            for notif_id, notif_data in notifs.items()
+            if isinstance(notif_data, dict) and not notif_data.get("read", False)
+        }
+        if updates:
+            db_ref.child(f"notifications/{org_id}/{uid}").update(updates)
+        return jsonify({"success": True, "marked": len(updates)}), 200
+    except PermissionError as e:
+        return jsonify({"error": str(e)}), 403
+    except Exception as e:
+        logger.error(f"mark_all_notifications_read failed: {e}")
+        return jsonify({"error": str(e)}), 500
 @app.route("/api/org/<string:org_id>/notifications/broadcast", methods=["POST"])
 def broadcast_notification(org_id):
     """