tunasonga-api

Sleeping

App Files Files Community

rairo commited on Jun 3, 2025

Commit

14b1751

verified ·

1 Parent(s): 710f02f

Update main.py

Browse files

Files changed (1) hide show

main.py +89 -42

main.py CHANGED Viewed

@@ -673,14 +673,14 @@ def propose_deal():
 @app.route('/api/deals/<deal_id>/respond', methods=['POST'])
 def respond_to_deal(deal_id):
-    auth_header = request.headers.get('Authorization');
-    uid = None
     try:
         uid = verify_token(auth_header)
         if not FIREBASE_INITIALIZED: return jsonify({'error': 'Server configuration error'}), 503
         data = request.get_json()
-        response_action = data.get('action')
         if response_action not in ['accept', 'reject']:
             return jsonify({'error': 'Invalid action. Must be "accept" or "reject".'}), 400
@@ -690,58 +690,105 @@ def respond_to_deal(deal_id):
         if not deal_data or not isinstance(deal_data, dict):
             return jsonify({'error': 'Deal not found.'}), 404
-        if deal_data.get('farmer_id') != uid:
-            return jsonify({'error': 'Not authorized to respond to this deal.'}), 403
-        if deal_data.get('status') != 'proposed':
-            return jsonify({'error': f"Deal cannot be responded to from current status: '{deal_data.get('status')}'."}), 400
         update_time = datetime.now(timezone.utc).isoformat()
-        buyer_id = deal_data.get('buyer_id')
-        listing_id = deal_data.get('listing_id')
-        listing_data_for_notif = {}
         if listing_id:
             listing_data_for_notif = db.reference(f'listings/{listing_id}', app=db_app).get() or {}
-        crop_type_for_notif = listing_data_for_notif.get('crop_type', 'your listing')
         if response_action == 'accept':
-            if listing_id and isinstance(listing_data_for_notif, dict):
-                available_quantity = listing_data_for_notif.get('quantity', 0)
-                proposed_quantity = deal_data.get('proposed_quantity', 0)
-                if proposed_quantity > available_quantity:
-                    deal_ref.update({
-                        'status': 'rejected_by_system_insufficient_qty',
-                        'system_rejection_at': update_time,
-                        'system_rejection_reason': f'Listing quantity ({available_quantity}) insufficient for deal quantity ({proposed_quantity}) at time of acceptance.'
-                    })
-                    _send_system_notification(buyer_id, f"Your deal proposal for '{crop_type_for_notif}' could not be accepted by the farmer due to insufficient stock.", "deal_status_update", f"/deals/{deal_id}")
-                    return jsonify({'success': False, 'error': 'Deal could not be accepted. Listing quantity is no longer sufficient.'}), 409
-            new_status = 'accepted_by_farmer'
-            deal_ref.update({'status': new_status, 'farmer_responded_at': update_time}) # Changed from farmer_accepted_at
-            _send_system_notification(
-                buyer_id,
-                f"Your deal proposal for '{crop_type_for_notif}' has been ACCEPTED by the farmer. It is now pending admin approval.",
-                "deal_status_update",
-                f"/deals/{deal_id}"
-            )
             admins_ref = db.reference('users', app=db_app).order_by_child('is_admin').equal_to(True).get()
             if admins_ref:
                 for admin_id_loop, _ in admins_ref.items():
-                     _send_system_notification(admin_id_loop, f"Deal ID {deal_id} for '{crop_type_for_notif}' has been accepted by farmer and needs your approval.", "admin_deal_approval_needed", f"/admin/deals/pending")
-            return jsonify({'success': True, 'message': 'Deal accepted by farmer, pending admin approval.'}), 200
         elif response_action == 'reject':
-            deal_ref.update({'status': 'rejected_by_farmer', 'farmer_responded_at': update_time}) # Changed from farmer_rejected_at
-            _send_system_notification(
-                buyer_id,
-                f"Your deal proposal for '{crop_type_for_notif}' has been REJECTED by the farmer.",
-                "deal_status_update",
-                f"/deals/{deal_id}"
-            )
-            return jsonify({'success': True, 'message': 'Deal rejected by farmer.'}), 200
     except Exception as e:
         return handle_route_errors(e, uid_context=uid)

 @app.route('/api/deals/<deal_id>/respond', methods=['POST'])
 def respond_to_deal(deal_id):
+    auth_header = request.headers.get('Authorization')
+    uid = None  # UID of the currently logged-in user responding
     try:
         uid = verify_token(auth_header)
         if not FIREBASE_INITIALIZED: return jsonify({'error': 'Server configuration error'}), 503
         data = request.get_json()
+        response_action = data.get('action')  # 'accept' or 'reject'
         if response_action not in ['accept', 'reject']:
             return jsonify({'error': 'Invalid action. Must be "accept" or "reject".'}), 400
         if not deal_data or not isinstance(deal_data, dict):
             return jsonify({'error': 'Deal not found.'}), 404
+        current_deal_status = deal_data.get('status')
+        proposer_id = deal_data.get('proposer_id')
+        farmer_id_in_deal = deal_data.get('farmer_id')
+        buyer_id_in_deal = deal_data.get('buyer_id')
+        # Authorization Check: Who is allowed to respond?
+        can_respond = False
+        if current_deal_status == 'proposed':
+            if proposer_id == buyer_id_in_deal and uid == farmer_id_in_deal: # Buyer proposed, Farmer responds
+                can_respond = True
+            elif proposer_id == farmer_id_in_deal and uid == buyer_id_in_deal: # Farmer proposed/countered, Buyer responds
+                can_respond = True
+        # Add other statuses if a different party needs to respond (e.g., after admin action)
+        if not can_respond:
+            logger.warning(f"UID {uid} unauthorized to respond to deal {deal_id}. Deal status: {current_deal_status}, Proposer: {proposer_id}, Farmer: {farmer_id_in_deal}, Buyer: {buyer_id_in_deal}")
+            return jsonify({'error': 'Not authorized to respond to this deal at its current state.'}), 403
         update_time = datetime.now(timezone.utc).isoformat()
+        # Determine the other party for notification
+        other_party_id = None
+        if uid == farmer_id_in_deal:
+            other_party_id = buyer_id_in_deal
+        elif uid == buyer_id_in_deal:
+            other_party_id = farmer_id_in_deal
+        listing_id = deal_data.get('listing_id')
+        listing_data_for_notif = {}
         if listing_id:
             listing_data_for_notif = db.reference(f'listings/{listing_id}', app=db_app).get() or {}
+        crop_type_for_notif = listing_data_for_notif.get('crop_type', 'your listing/demand')
         if response_action == 'accept':
+            # Quantity check (if applicable, e.g., if responding to a proposal against a produce listing)
+            if proposer_id == buyer_id_in_deal and uid == farmer_id_in_deal: # Farmer accepting buyer's proposal
+                if listing_id and isinstance(listing_data_for_notif, dict):
+                    available_quantity = listing_data_for_notif.get('quantity', 0)
+                    proposed_quantity = deal_data.get('proposed_quantity', 0)
+                    if proposed_quantity > available_quantity:
+                        deal_ref.update({
+                            'status': 'rejected_by_system_insufficient_qty',
+                            'system_rejection_at': update_time,
+                            'system_rejection_reason': f'Listing quantity ({available_quantity}) insufficient for deal quantity ({proposed_quantity}) at time of acceptance.'
+                        })
+                        if other_party_id:
+                            _send_system_notification(other_party_id, f"Your deal proposal for '{crop_type_for_notif}' could not be accepted due to insufficient stock.", "deal_status_update", f"/deals/{deal_id}")
+                        return jsonify({'success': False, 'error': 'Deal could not be accepted. Listing quantity is no longer sufficient.'}), 409
+            # If a buyer accepts a farmer's counter-offer, or farmer accepts buyer's initial proposal
+            # The deal moves to 'accepted_by_farmer' or 'accepted_by_buyer' then to admin.
+            # For simplicity, let's assume both lead to a state needing admin approval.
+            # We need a clear "who accepted" field.
+            accepted_by_field = ""
+            new_status = ""
+            if uid == farmer_id_in_deal:
+                accepted_by_field = "farmer_accepted_at"
+                new_status = "accepted_by_farmer" # Farmer accepts buyer's proposal
+                notification_message_to_other_party = f"Your deal proposal for '{crop_type_for_notif}' has been ACCEPTED by the farmer. It is now pending admin approval."
+            elif uid == buyer_id_in_deal:
+                accepted_by_field = "buyer_accepted_at"
+                new_status = "accepted_by_buyer" # Buyer accepts farmer's offer/counter
+                notification_message_to_other_party = f"Your offer/counter-offer for '{crop_type_for_notif}' has been ACCEPTED by the buyer. It is now pending admin approval."
+            else: # Should not happen due to auth check
+                return jsonify({'error': 'Internal error determining accepter role.'}), 500
+            deal_ref.update({'status': new_status, accepted_by_field: update_time, 'last_responder_id': uid})
+            if other_party_id:
+                _send_system_notification(other_party_id, notification_message_to_other_party, "deal_status_update", f"/deals/{deal_id}")
+            # Notify admins
             admins_ref = db.reference('users', app=db_app).order_by_child('is_admin').equal_to(True).get()
             if admins_ref:
                 for admin_id_loop, _ in admins_ref.items():
+                     _send_system_notification(admin_id_loop, f"Deal ID {deal_id} for '{crop_type_for_notif}' has been accepted by {uid[:6]}... and needs your approval.", "admin_deal_approval_needed", f"/admin/deals/pending") # Path for admin to see pending deals
+            return jsonify({'success': True, 'message': f'Deal accepted by {("farmer" if uid == farmer_id_in_deal else "buyer")}, pending admin approval.'}), 200
         elif response_action == 'reject':
+            rejected_by_field = ""
+            new_status = ""
+            if uid == farmer_id_in_deal:
+                rejected_by_field = "farmer_rejected_at" # Or just 'responded_at'
+                new_status = "rejected_by_farmer"
+                notification_message_to_other_party = f"Your deal proposal for '{crop_type_for_notif}' has been REJECTED by the farmer."
+            elif uid == buyer_id_in_deal:
+                rejected_by_field = "buyer_rejected_at"
+                new_status = "rejected_by_buyer"
+                notification_message_to_other_party = f"Your offer/counter-offer for '{crop_type_for_notif}' has been REJECTED by the buyer."
+            else: # Should not happen
+                return jsonify({'error': 'Internal error determining rejector role.'}), 500
+            deal_ref.update({'status': new_status, rejected_by_field: update_time, 'last_responder_id': uid})
+            if other_party_id:
+                _send_system_notification(other_party_id, notification_message_to_other_party, "deal_status_update", f"/deals/{deal_id}")
+            return jsonify({'success': True, 'message': f'Deal rejected by {("farmer" if uid == farmer_id_in_deal else "buyer")}.'}), 200
     except Exception as e:
         return handle_route_errors(e, uid_context=uid)