from fastapi import FastAPI, Depends, HTTPException, APIRouter, status, Response from fastapi.middleware.cors import CORSMiddleware from sqlalchemy.orm import Session from typing import List, Optional, Dict, Any from datetime import datetime, timedelta, date import math import json import csv import io from .database import engine, get_db, Base from .models import ( Drug, DrugVariant, VariantPack, Dispensing, DispensingAllocation, Location, Batch, AuditLog, User, GtinMapping, ) from .auth import hash_password, verify_password, create_access_token, get_current_user, get_current_admin_user, get_current_non_readonly_user, ACCESS_TOKEN_EXPIRE_MINUTES from .mqtt_service import publish_label_print_with_response from .migrate_to_roles import migrate_users_table from .migrate_compliance import migrate_compliance_schema from .migrate_gtin import migrate_gtin_schema from pydantic import BaseModel # Run migration to convert is_admin to role try: migrate_users_table() except Exception as e: print(f"Warning: Migration failed: {e}. Continuing anyway...") try: migrate_compliance_schema() except Exception as e: print(f"Warning: Compliance migration failed: {e}. Continuing anyway...") # Create tables Base.metadata.create_all(bind=engine) try: migrate_gtin_schema() except Exception as e: print(f"Warning: GTIN migration failed: {e}. Continuing anyway...") # Seed default locations after table creation. try: migrate_compliance_schema() except Exception as e: print(f"Warning: Compliance seed pass failed: {e}. Continuing anyway...") app = FastAPI(title="Drug Inventory API") # CORS middleware for frontend app.add_middleware( CORSMiddleware, allow_origins=["*"], # In production, restrict this allow_credentials=True, allow_methods=["*"], allow_headers=["*"], ) # Create a router with /api prefix router = APIRouter(prefix="/api") # Pydantic schemas class UserCreate(BaseModel): username: str password: str role: Optional[str] = "user" # admin, user, readonly class PasswordChange(BaseModel): current_password: str new_password: str class AdminPasswordChange(BaseModel): new_password: str class UserResponse(BaseModel): id: int username: str role: str class Config: from_attributes = True class TokenResponse(BaseModel): access_token: str token_type: str user: UserResponse class DrugCreate(BaseModel): name: str description: Optional[str] = None is_controlled: bool = False class DrugUpdate(BaseModel): name: Optional[str] = None description: Optional[str] = None is_controlled: Optional[bool] = None class LocationCreate(BaseModel): name: str class LocationUpdate(BaseModel): name: Optional[str] = None is_active: Optional[bool] = None class LocationResponse(BaseModel): id: int name: str is_active: bool class Config: from_attributes = True class BatchCreate(BaseModel): batch_number: str quantity: Optional[float] = None received_pack_id: Optional[int] = None received_pack_count: Optional[float] = None expiry_date: date location_id: int notes: Optional[str] = None class BatchUpdate(BaseModel): batch_number: Optional[str] = None quantity: Optional[float] = None received_pack_id: Optional[int] = None received_pack_count: Optional[float] = None expiry_date: Optional[date] = None location_id: Optional[int] = None notes: Optional[str] = None class BatchDisposeRequest(BaseModel): notes: Optional[str] = None class GtinMappingCreate(BaseModel): gtin: str drug_variant_id: int variant_pack_id: int class GtinMappingResponse(BaseModel): id: int gtin: str drug_variant_id: int variant_pack_id: int drug_id: int drug_name: str variant_strength: str variant_unit: str pack_label: str pack_size_in_base_units: float pack_unit_name: str class Config: from_attributes = True class BatchResponse(BaseModel): id: int drug_variant_id: int batch_number: str quantity: float received_pack_id: Optional[int] = None received_pack_unit_name: Optional[str] = None received_pack_size_snapshot: Optional[float] = None current_full_pack_count: Optional[float] = None current_loose_base_units: Optional[float] = None expiry_date: date location_id: int location_name: Optional[str] = None notes: Optional[str] = None received_at: datetime disposed_at: Optional[datetime] = None disposed_by_user_id: Optional[int] = None disposed_quantity: Optional[float] = None disposal_notes: Optional[str] = None class Config: from_attributes = True class DrugResponse(BaseModel): id: int name: str description: Optional[str] = None is_controlled: bool class Config: from_attributes = True class DrugVariantCreate(BaseModel): strength: str quantity: float unit: str = "units" base_unit: Optional[str] = None low_stock_threshold: float = 10 class DrugVariantUpdate(BaseModel): strength: str = None quantity: float = None unit: str = None base_unit: str = None low_stock_threshold: float = None class VariantPackCreate(BaseModel): pack_unit_name: str pack_size_in_base_units: float is_active: bool = True class VariantPackUpdate(BaseModel): pack_unit_name: Optional[str] = None pack_size_in_base_units: Optional[float] = None is_active: Optional[bool] = None class VariantPackResponse(BaseModel): id: int drug_variant_id: int pack_unit_name: str pack_size_in_base_units: float is_active: bool class Config: from_attributes = True class DrugVariantResponse(BaseModel): id: int drug_id: int strength: str quantity: float unit: str base_unit: str low_stock_threshold: float has_inventory_history: bool = False packs: List[VariantPackResponse] = [] batches: List[BatchResponse] = [] class Config: from_attributes = True class DrugWithVariantsResponse(BaseModel): id: int name: str description: Optional[str] = None is_controlled: bool = False variants: List[DrugVariantResponse] = [] class Config: from_attributes = True class DispensingAllocationCreate(BaseModel): batch_id: int quantity: float class DispensingCreate(BaseModel): drug_variant_id: int quantity: Optional[float] = None dispense_mode: str = "subunit" dispense_source: str = "batch" requested_pack_id: Optional[int] = None requested_pack_count: Optional[float] = None animal_name: Optional[str] = None user_name: Optional[str] = None notes: Optional[str] = None allocations: List[DispensingAllocationCreate] = [] class DispensingAllocationResponse(BaseModel): batch_id: int quantity: float class Config: from_attributes = True class DispensingResponse(BaseModel): id: int drug_variant_id: int batch_id: Optional[int] = None actor_user_id: Optional[int] = None quantity: float dispense_mode: str = "subunit" requested_pack_id: Optional[int] = None requested_pack_count: Optional[float] = None animal_name: Optional[str] = None user_name: str notes: Optional[str] = None dispensed_at: datetime allocations: List[DispensingAllocationResponse] = [] class Config: from_attributes = True class LabelVariables(BaseModel): practice_name: str animal_name: str drug_name: str dosage: str quantity: str expiry_date: str class LabelPrintRequest(BaseModel): variables: LabelVariables class LabelPrintResponse(BaseModel): success: bool message: str class NotesVariables(BaseModel): animal_name: str notes: str class NotesPrintRequest(BaseModel): variables: NotesVariables class NotesPrintResponse(BaseModel): success: bool message: str def write_audit_log( db: Session, action: str, entity_type: str, entity_id: Optional[int], actor: Optional[User], details: Optional[Dict[str, Any]] = None, ) -> None: """Persist a best-effort audit event in the current transaction.""" payload = None if details is not None: payload = json.dumps(details, default=str) log = AuditLog( action=action, entity_type=entity_type, entity_id=entity_id, actor_user_id=actor.id if actor else None, actor_username=actor.username if actor else "system", details=payload, ) db.add(log) def enrich_variant_with_batches(db: Session, variant: DrugVariant) -> Dict[str, Any]: """Return variant data with active batch details for API responses.""" has_batch_history = ( db.query(Batch.id) .filter(Batch.drug_variant_id == variant.id) .first() is not None ) has_dispense_history = ( db.query(Dispensing.id) .filter(Dispensing.drug_variant_id == variant.id) .first() is not None ) variant_dict = { "id": variant.id, "drug_id": variant.drug_id, "strength": variant.strength, "quantity": variant.quantity, "unit": variant.unit, "base_unit": variant.unit, "low_stock_threshold": variant.low_stock_threshold, "has_inventory_history": has_batch_history or has_dispense_history, } packs = ( db.query(VariantPack) .filter(VariantPack.drug_variant_id == variant.id) .order_by(VariantPack.is_active.desc(), VariantPack.id.asc()) .all() ) variant_dict["packs"] = [serialize_variant_pack(pack) for pack in packs] batches = ( db.query(Batch) .filter(Batch.drug_variant_id == variant.id, Batch.quantity > 0) .order_by(Batch.expiry_date.asc(), Batch.received_at.asc()) .all() ) variant_dict["batches"] = [serialize_batch_response(db, batch) for batch in batches] return variant_dict def serialize_batch_response(db: Session, batch: Batch) -> Dict[str, Any]: location = db.query(Location).filter(Location.id == batch.location_id).first() pack = None if batch.received_pack_id is not None: pack = db.query(VariantPack).filter(VariantPack.id == batch.received_pack_id).first() return { "id": batch.id, "drug_variant_id": batch.drug_variant_id, "batch_number": batch.batch_number, "quantity": batch.quantity, "received_pack_id": batch.received_pack_id, "received_pack_unit_name": pack.pack_unit_name if pack else None, "received_pack_count": batch.received_pack_count, "received_pack_size_snapshot": batch.received_pack_size_snapshot, "current_full_pack_count": batch.current_full_pack_count, "current_loose_base_units": batch.current_loose_base_units, "expiry_date": batch.expiry_date, "location_id": batch.location_id, "location_name": location.name if location else None, "notes": batch.notes, "received_at": batch.received_at, "disposed_at": batch.disposed_at, "disposed_by_user_id": batch.disposed_by_user_id, "disposed_quantity": batch.disposed_quantity, "disposal_notes": batch.disposal_notes, } def resolve_pack_size_snapshot(db: Session, pack_id: Optional[int]) -> Optional[float]: if pack_id is None: return None pack = db.query(VariantPack).filter(VariantPack.id == pack_id).first() if not pack: return None return pack.pack_size_in_base_units def recompute_batch_pack_state(batch: Batch) -> None: pack_size = batch.received_pack_size_snapshot if pack_size is None or pack_size <= 0 or batch.quantity < 0: batch.current_full_pack_count = None batch.current_loose_base_units = None return full_packs = math.floor((batch.quantity + 1e-9) / pack_size) loose_units = batch.quantity - (full_packs * pack_size) if loose_units < 1e-9: loose_units = 0.0 batch.current_full_pack_count = float(full_packs) batch.current_loose_base_units = loose_units def serialize_variant_pack(pack: VariantPack) -> Dict[str, Any]: return { "id": pack.id, "drug_variant_id": pack.drug_variant_id, "pack_unit_name": pack.pack_unit_name, "pack_size_in_base_units": pack.pack_size_in_base_units, "is_active": pack.is_active, } def resolve_pack_quantity( db: Session, variant_id: int, quantity: Optional[float], pack_id: Optional[int], pack_count: Optional[float], ) -> Dict[str, Any]: """Resolve canonical base-unit quantity from either direct quantity or pack input.""" if quantity is None and pack_id is None and pack_count is None: raise HTTPException(status_code=400, detail="Either quantity or pack fields must be provided") resolved_quantity = quantity resolved_pack: Optional[VariantPack] = None if pack_id is not None or pack_count is not None: if pack_id is None or pack_count is None: raise HTTPException(status_code=400, detail="Both pack_id and pack_count are required when using pack input") if pack_count <= 0: raise HTTPException(status_code=400, detail="Pack count must be greater than zero") resolved_pack = ( db.query(VariantPack) .filter( VariantPack.id == pack_id, VariantPack.drug_variant_id == variant_id, VariantPack.is_active.is_(True), ) .first() ) if resolved_pack is None: raise HTTPException(status_code=400, detail="Pack not found for variant or is inactive") derived_quantity = pack_count * resolved_pack.pack_size_in_base_units if derived_quantity <= 0: raise HTTPException(status_code=400, detail="Derived quantity from pack must be greater than zero") if resolved_quantity is None: resolved_quantity = derived_quantity elif abs(resolved_quantity - derived_quantity) > 1e-6: raise HTTPException( status_code=400, detail="Quantity does not match pack conversion for selected pack", ) if resolved_quantity is None or resolved_quantity <= 0: raise HTTPException(status_code=400, detail="Quantity must be greater than zero") return { "quantity": resolved_quantity, "pack_id": resolved_pack.id if resolved_pack else None, "pack_count": pack_count, } def resolve_requested_allocations( db: Session, variant_id: int, variant_quantity: float, requested_quantity: float, requested_allocations: List[DispensingAllocationCreate], dispense_mode: str, dispense_source: str, requested_pack_id: Optional[int], ) -> List[Dict[str, Any]]: """Validate explicit batch allocations against in-date stock for the variant.""" today = date.today() total_batched_quantity = sum(float(batch.quantity or 0) for batch in db.query(Batch).filter(Batch.drug_variant_id == variant_id).all()) legacy_unbatched_quantity = max(0.0, float(variant_quantity or 0) - total_batched_quantity) selected_source = (dispense_source or "batch").strip().lower() if selected_source not in {"batch", "legacy"}: raise HTTPException(status_code=400, detail="dispense_source must be either 'batch' or 'legacy'") eligible_batches = ( db.query(Batch) .filter( Batch.drug_variant_id == variant_id, Batch.quantity > 0, Batch.expiry_date >= today, ) .order_by(Batch.expiry_date.asc(), Batch.received_at.asc()) .all() ) if selected_source == "legacy": if dispense_mode == "pack": raise HTTPException(status_code=400, detail="Whole-pack dispensing requires batched stock with pack information") if requested_allocations: raise HTTPException(status_code=400, detail="Batch allocations cannot be supplied when dispensing legacy stock") if legacy_unbatched_quantity <= 0: raise HTTPException(status_code=400, detail="No legacy loose stock is available for this variant") if requested_quantity - legacy_unbatched_quantity > 1e-6: raise HTTPException( status_code=400, detail=f"Insufficient unbatched stock. Available: {legacy_unbatched_quantity}, Requested: {requested_quantity}", ) return [] if not eligible_batches: if dispense_mode == "pack": raise HTTPException(status_code=400, detail="Whole-pack dispensing requires batched stock with pack information") if requested_allocations: raise HTTPException(status_code=400, detail="Batch allocations cannot be supplied when dispensing legacy stock") if legacy_unbatched_quantity <= 0: raise HTTPException(status_code=400, detail="No in-date stock batches available for this variant") if requested_quantity - legacy_unbatched_quantity > 1e-6: raise HTTPException( status_code=400, detail=f"Insufficient unbatched stock. Available: {legacy_unbatched_quantity}, Requested: {requested_quantity}", ) return [] if not requested_allocations: raise HTTPException(status_code=400, detail="At least one batch allocation is required") eligible_by_id = {batch.id: batch for batch in eligible_batches} seen_batch_ids = set() allocations: List[Dict[str, Any]] = [] total_allocated = 0.0 selected_pack = None selected_pack_size = None if dispense_mode == "pack": if requested_pack_id is None: raise HTTPException(status_code=400, detail="Pack dispense requires a requested pack") selected_pack = ( db.query(VariantPack) .filter( VariantPack.id == requested_pack_id, VariantPack.drug_variant_id == variant_id, VariantPack.is_active.is_(True), ) .first() ) if selected_pack is None: raise HTTPException(status_code=400, detail="Selected pack is unavailable for this variant") selected_pack_size = selected_pack.pack_size_in_base_units total_full_packs_available = sum( int(batch.current_full_pack_count or 0) for batch in eligible_batches if batch.received_pack_id == requested_pack_id ) if total_full_packs_available <= 0: raise HTTPException(status_code=400, detail="No full packs are available for the selected pack") if requested_quantity - (total_full_packs_available * selected_pack_size) > 1e-6: raise HTTPException( status_code=400, detail=f"Only {total_full_packs_available} full packs are available for the selected pack", ) for entry in requested_allocations: batch = eligible_by_id.get(entry.batch_id) if batch is None: raise HTTPException(status_code=400, detail=f"Batch {entry.batch_id} is unavailable, expired, or not valid for this variant") if entry.batch_id in seen_batch_ids: raise HTTPException(status_code=400, detail="Each batch may only be allocated once") if entry.quantity < 0: raise HTTPException(status_code=400, detail="Batch allocation quantity cannot be negative") if entry.quantity == 0: continue if entry.quantity - batch.quantity > 1e-6: raise HTTPException(status_code=400, detail=f"Batch {batch.batch_number} does not have enough stock for requested allocation") if dispense_mode == "pack": if batch.received_pack_id != requested_pack_id: raise HTTPException( status_code=400, detail=f"Batch {batch.batch_number} does not contain full packs of the selected pack type", ) available_full_packs = int(batch.current_full_pack_count or 0) available_batch_quantity = available_full_packs * selected_pack_size if available_full_packs <= 0 or available_batch_quantity <= 0: raise HTTPException( status_code=400, detail=f"Batch {batch.batch_number} has no full packs available", ) if abs((entry.quantity / selected_pack_size) - round(entry.quantity / selected_pack_size)) > 1e-6: raise HTTPException( status_code=400, detail=f"Batch {batch.batch_number} allocation must be a whole number of packs", ) if entry.quantity - available_batch_quantity > 1e-6: raise HTTPException( status_code=400, detail=f"Batch {batch.batch_number} only has {available_full_packs} full packs available", ) seen_batch_ids.add(entry.batch_id) allocations.append({"batch": batch, "quantity": entry.quantity}) total_allocated += entry.quantity if not allocations: raise HTTPException(status_code=400, detail="At least one batch allocation must be greater than zero") if abs(total_allocated - requested_quantity) > 1e-6: raise HTTPException( status_code=400, detail=f"Allocated quantity ({total_allocated}) must match requested quantity ({requested_quantity})", ) return allocations # Authentication Routes @router.post("/auth/register", response_model=TokenResponse) def register(user_data: UserCreate, db: Session = Depends(get_db)): """Register the first admin user (only allowed if no users exist)""" # Check if users already exist user_count = db.query(User).count() if user_count > 0: raise HTTPException( status_code=403, detail="Registration is disabled. Contact an administrator to create an account." ) # Check if user already exists existing_user = db.query(User).filter(User.username == user_data.username).first() if existing_user: raise HTTPException(status_code=400, detail="Username already registered") # First (and only allowed) user is admin hashed_password = hash_password(user_data.password) db_user = User( username=user_data.username, hashed_password=hashed_password, role="admin" ) db.add(db_user) write_audit_log( db, action="auth.register", entity_type="user", entity_id=None, actor=None, details={"username": user_data.username, "assigned_role": "admin"}, ) db.commit() db.refresh(db_user) # Create access token access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES) access_token = create_access_token( data={"sub": db_user.username}, expires_delta=access_token_expires ) return { "access_token": access_token, "token_type": "bearer", "user": db_user } @router.post("/auth/login", response_model=TokenResponse) def login(user_data: UserCreate, db: Session = Depends(get_db)): """Login with username and password""" user = db.query(User).filter(User.username == user_data.username).first() if not user or not verify_password(user_data.password, user.hashed_password): raise HTTPException(status_code=401, detail="Invalid credentials") write_audit_log( db, action="auth.login", entity_type="user", entity_id=user.id, actor=user, details={"username": user.username}, ) db.commit() # Create access token access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES) access_token = create_access_token( data={"sub": user.username}, expires_delta=access_token_expires ) return { "access_token": access_token, "token_type": "bearer", "user": user } @router.get("/auth/me", response_model=UserResponse) def get_current_user_info(current_user: User = Depends(get_current_user)): """Get current user info""" return current_user # User Management Routes (Admin only) @router.get("/users", response_model=List[UserResponse]) def list_users(db: Session = Depends(get_db), current_user: User = Depends(get_current_admin_user)): """List all users (admin only)""" return db.query(User).all() @router.post("/users", response_model=UserResponse) def create_user(user_data: UserCreate, db: Session = Depends(get_db), current_user: User = Depends(get_current_admin_user)): """Create a new user (admin only)""" # Check if user already exists existing_user = db.query(User).filter(User.username == user_data.username).first() if existing_user: raise HTTPException(status_code=400, detail="Username already exists") # Validate role valid_roles = ["admin", "user", "readonly"] role = user_data.role or "user" if role not in valid_roles: raise HTTPException(status_code=400, detail=f"Invalid role. Must be one of: {', '.join(valid_roles)}") hashed_password = hash_password(user_data.password) db_user = User( username=user_data.username, hashed_password=hashed_password, role=role ) db.add(db_user) write_audit_log( db, action="user.create", entity_type="user", entity_id=None, actor=current_user, details={"username": user_data.username, "role": role}, ) db.commit() db.refresh(db_user) return db_user @router.delete("/users/{user_id}") def delete_user(user_id: int, db: Session = Depends(get_db), current_user: User = Depends(get_current_admin_user)): """Delete a user (admin only)""" # Don't allow deleting yourself if current_user.id == user_id: raise HTTPException(status_code=400, detail="Cannot delete your own user account") user = db.query(User).filter(User.id == user_id).first() if not user: raise HTTPException(status_code=404, detail="User not found") write_audit_log( db, action="user.delete", entity_type="user", entity_id=user_id, actor=current_user, details={"username": user.username}, ) db.delete(user) db.commit() return {"message": "User deleted successfully"} @router.post("/auth/change-password") def change_own_password(password_data: PasswordChange, db: Session = Depends(get_db), current_user: User = Depends(get_current_user)): """Change current user's password""" user = db.query(User).filter(User.id == current_user.id).first() if not user: raise HTTPException(status_code=404, detail="User not found") # Verify current password if not verify_password(password_data.current_password, user.hashed_password): raise HTTPException(status_code=401, detail="Current password is incorrect") # Update password user.hashed_password = hash_password(password_data.new_password) write_audit_log( db, action="auth.password.change.self", entity_type="user", entity_id=user.id, actor=current_user, details={"username": user.username}, ) db.commit() return {"message": "Password changed successfully"} @router.post("/users/{user_id}/change-password") def admin_change_password(user_id: int, password_data: AdminPasswordChange, db: Session = Depends(get_db), current_user: User = Depends(get_current_admin_user)): """Change a user's password (admin only)""" user = db.query(User).filter(User.id == user_id).first() if not user: raise HTTPException(status_code=404, detail="User not found") # Don't allow changing yourself via this endpoint if current_user.id == user_id: raise HTTPException(status_code=400, detail="Use /auth/change-password to change your own password") # Update password user.hashed_password = hash_password(password_data.new_password) write_audit_log( db, action="auth.password.change.admin", entity_type="user", entity_id=user.id, actor=current_user, details={"username": user.username}, ) db.commit() return {"message": "Password changed successfully"} # Routes @router.get("/") def read_root(): return {"message": "Drug Inventory API"} @router.get("/drugs", response_model=List[DrugWithVariantsResponse]) def list_drugs(db: Session = Depends(get_db), current_user: User = Depends(get_current_user)): """Get all drugs with their variants""" drugs = db.query(Drug).all() result = [] for drug in drugs: variants = db.query(DrugVariant).filter(DrugVariant.drug_id == drug.id).all() drug_dict = { "id": drug.id, "name": drug.name, "description": drug.description, "is_controlled": bool(drug.is_controlled), "variants": [enrich_variant_with_batches(db, v) for v in variants], } result.append(drug_dict) return result @router.get("/drugs/low-stock", response_model=List[DrugWithVariantsResponse]) def low_stock_drugs(db: Session = Depends(get_db), current_user: User = Depends(get_current_user)): """Get drugs with low stock variants""" # Get variants that are low on stock low_stock_variants = db.query(DrugVariant).filter( DrugVariant.quantity <= DrugVariant.low_stock_threshold ).all() # Get unique drug IDs drug_ids = list(set(v.drug_id for v in low_stock_variants)) drugs = db.query(Drug).filter(Drug.id.in_(drug_ids)).all() result = [] for drug in drugs: variants = [v for v in low_stock_variants if v.drug_id == drug.id] drug_dict = { "id": drug.id, "name": drug.name, "description": drug.description, "is_controlled": bool(drug.is_controlled), "variants": [enrich_variant_with_batches(db, v) for v in variants], } result.append(drug_dict) return result @router.get("/drugs/{drug_id}", response_model=DrugWithVariantsResponse) def get_drug(drug_id: int, db: Session = Depends(get_db), current_user: User = Depends(get_current_user)): """Get a specific drug with its variants""" drug = db.query(Drug).filter(Drug.id == drug_id).first() if not drug: raise HTTPException(status_code=404, detail="Drug not found") variants = db.query(DrugVariant).filter(DrugVariant.drug_id == drug.id).all() drug_dict = { "id": drug.id, "name": drug.name, "description": drug.description, "is_controlled": bool(drug.is_controlled), "variants": [enrich_variant_with_batches(db, v) for v in variants], } return drug_dict @router.post("/drugs", response_model=DrugWithVariantsResponse) def create_drug(drug: DrugCreate, db: Session = Depends(get_db), current_user: User = Depends(get_current_non_readonly_user)): """Create a new drug""" # Check if drug name already exists existing = db.query(Drug).filter(Drug.name == drug.name).first() if existing: raise HTTPException(status_code=400, detail="Drug with this name already exists") db_drug = Drug(name=drug.name, description=drug.description, is_controlled=drug.is_controlled) db.add(db_drug) write_audit_log( db, action="drug.create", entity_type="drug", entity_id=None, actor=current_user, details={"name": drug.name, "is_controlled": drug.is_controlled}, ) db.commit() db.refresh(db_drug) # Return drug with empty variants list drug_dict = { "id": db_drug.id, "name": db_drug.name, "description": db_drug.description, "is_controlled": bool(db_drug.is_controlled), "variants": [], } return drug_dict @router.put("/drugs/{drug_id}", response_model=DrugWithVariantsResponse) def update_drug(drug_id: int, drug_update: DrugUpdate, db: Session = Depends(get_db), current_user: User = Depends(get_current_non_readonly_user)): """Update a drug""" drug = db.query(Drug).filter(Drug.id == drug_id).first() if not drug: raise HTTPException(status_code=404, detail="Drug not found") before = { "name": drug.name, "description": drug.description, "is_controlled": bool(drug.is_controlled), } for field, value in drug_update.dict(exclude_unset=True).items(): setattr(drug, field, value) write_audit_log( db, action="drug.update", entity_type="drug", entity_id=drug.id, actor=current_user, details={"before": before, "after": drug_update.dict(exclude_unset=True)}, ) db.commit() db.refresh(drug) variants = db.query(DrugVariant).filter(DrugVariant.drug_id == drug.id).all() drug_dict = { "id": drug.id, "name": drug.name, "description": drug.description, "is_controlled": bool(drug.is_controlled), "variants": [enrich_variant_with_batches(db, v) for v in variants], } return drug_dict @router.delete("/drugs/{drug_id}") def delete_drug(drug_id: int, db: Session = Depends(get_db), current_user: User = Depends(get_current_non_readonly_user)): """Delete a drug and all its variants""" drug = db.query(Drug).filter(Drug.id == drug_id).first() if not drug: raise HTTPException(status_code=404, detail="Drug not found") variant_ids = [row[0] for row in db.query(DrugVariant.id).filter(DrugVariant.drug_id == drug_id).all()] if variant_ids: has_batch_history = ( db.query(Batch.id) .filter(Batch.drug_variant_id.in_(variant_ids)) .first() is not None ) has_dispense_history = ( db.query(Dispensing.id) .filter(Dispensing.drug_variant_id.in_(variant_ids)) .first() is not None ) if has_batch_history or has_dispense_history: raise HTTPException( status_code=400, detail="Cannot delete drug with variants that have batch or dispensing history. Archive or manage records first.", ) if variant_ids: batch_ids = [row[0] for row in db.query(Batch.id).filter(Batch.drug_variant_id.in_(variant_ids)).all()] if batch_ids: db.query(DispensingAllocation).filter(DispensingAllocation.batch_id.in_(batch_ids)).delete(synchronize_session=False) db.query(Batch).filter(Batch.id.in_(batch_ids)).delete(synchronize_session=False) db.query(Dispensing).filter(Dispensing.drug_variant_id.in_(variant_ids)).delete(synchronize_session=False) db.query(VariantPack).filter(VariantPack.drug_variant_id.in_(variant_ids)).delete(synchronize_session=False) db.query(DrugVariant).filter(DrugVariant.id.in_(variant_ids)).delete(synchronize_session=False) write_audit_log( db, action="drug.delete", entity_type="drug", entity_id=drug_id, actor=current_user, details={"name": drug.name}, ) # Delete the drug db.delete(drug) db.commit() return {"message": "Drug and all variants deleted successfully"} # Drug Variant endpoints @router.post("/drugs/{drug_id}/variants", response_model=DrugVariantResponse) def create_drug_variant(drug_id: int, variant: DrugVariantCreate, db: Session = Depends(get_db), current_user: User = Depends(get_current_non_readonly_user)): """Create a new variant for a drug""" # Check if drug exists drug = db.query(Drug).filter(Drug.id == drug_id).first() if not drug: raise HTTPException(status_code=404, detail="Drug not found") # Check if variant with same strength already exists for this drug existing = db.query(DrugVariant).filter( DrugVariant.drug_id == drug_id, DrugVariant.strength == variant.strength ).first() if existing: raise HTTPException(status_code=400, detail="Variant with this strength already exists for this drug") base_unit = (variant.base_unit or variant.unit).strip() if not base_unit: raise HTTPException(status_code=400, detail="Variant unit/base_unit cannot be empty") db_variant = DrugVariant( drug_id=drug_id, strength=variant.strength, quantity=variant.quantity, unit=base_unit, low_stock_threshold=variant.low_stock_threshold ) db.add(db_variant) db.flush() # Ensure each variant has at least one active default 1:1 pack representation. db.add(VariantPack( drug_variant_id=db_variant.id, pack_unit_name=base_unit, pack_size_in_base_units=1, is_active=True, )) write_audit_log( db, action="variant.create", entity_type="drug_variant", entity_id=None, actor=current_user, details={ "drug_id": drug_id, "strength": variant.strength, "quantity": variant.quantity, "unit": base_unit, }, ) db.commit() db.refresh(db_variant) return enrich_variant_with_batches(db, db_variant) @router.get("/variants/{variant_id}", response_model=DrugVariantResponse) def get_drug_variant(variant_id: int, db: Session = Depends(get_db), current_user: User = Depends(get_current_user)): """Get a specific drug variant""" variant = db.query(DrugVariant).filter(DrugVariant.id == variant_id).first() if not variant: raise HTTPException(status_code=404, detail="Drug variant not found") return enrich_variant_with_batches(db, variant) @router.put("/variants/{variant_id}", response_model=DrugVariantResponse) def update_drug_variant(variant_id: int, variant_update: DrugVariantUpdate, db: Session = Depends(get_db), current_user: User = Depends(get_current_non_readonly_user)): """Update a drug variant""" variant = db.query(DrugVariant).filter(DrugVariant.id == variant_id).first() if not variant: raise HTTPException(status_code=404, detail="Drug variant not found") before = { "strength": variant.strength, "quantity": variant.quantity, "unit": variant.unit, "low_stock_threshold": variant.low_stock_threshold, } payload = variant_update.dict(exclude_unset=True) if "base_unit" in payload and payload["base_unit"] is not None: cleaned_base_unit = payload["base_unit"].strip() if not cleaned_base_unit: raise HTTPException(status_code=400, detail="base_unit cannot be empty") payload["unit"] = cleaned_base_unit payload.pop("base_unit", None) has_batch_history = ( db.query(Batch.id) .filter(Batch.drug_variant_id == variant_id) .first() is not None ) has_dispense_history = ( db.query(Dispensing.id) .filter(Dispensing.drug_variant_id == variant_id) .first() is not None ) is_locked = has_batch_history or has_dispense_history locked_field_changes = [] if is_locked: if "strength" in payload and payload["strength"] != variant.strength: locked_field_changes.append("strength") if "unit" in payload and payload["unit"] != variant.unit: locked_field_changes.append("base_unit") if "quantity" in payload and payload["quantity"] != variant.quantity: locked_field_changes.append("quantity") if locked_field_changes: raise HTTPException( status_code=400, detail=( "Cannot change " + ", ".join(locked_field_changes) + " after batches or dispensing history exist for this variant" ), ) for field, value in payload.items(): setattr(variant, field, value) write_audit_log( db, action="variant.update", entity_type="drug_variant", entity_id=variant.id, actor=current_user, details={"before": before, "after": payload}, ) db.commit() db.refresh(variant) return enrich_variant_with_batches(db, variant) @router.delete("/variants/{variant_id}") def delete_drug_variant(variant_id: int, db: Session = Depends(get_db), current_user: User = Depends(get_current_non_readonly_user)): """Delete a drug variant""" variant = db.query(DrugVariant).filter(DrugVariant.id == variant_id).first() if not variant: raise HTTPException(status_code=404, detail="Drug variant not found") has_batch_history = ( db.query(Batch.id) .filter(Batch.drug_variant_id == variant_id) .first() is not None ) has_dispense_history = ( db.query(Dispensing.id) .filter(Dispensing.drug_variant_id == variant_id) .first() is not None ) if has_batch_history or has_dispense_history: raise HTTPException( status_code=400, detail="Cannot delete variant with batch or dispensing history. Archive or manage records first.", ) batch_ids = [row[0] for row in db.query(Batch.id).filter(Batch.drug_variant_id == variant_id).all()] if batch_ids: db.query(DispensingAllocation).filter(DispensingAllocation.batch_id.in_(batch_ids)).delete(synchronize_session=False) db.query(Batch).filter(Batch.id.in_(batch_ids)).delete(synchronize_session=False) db.query(Dispensing).filter(Dispensing.drug_variant_id == variant_id).delete(synchronize_session=False) db.query(VariantPack).filter(VariantPack.drug_variant_id == variant_id).delete(synchronize_session=False) write_audit_log( db, action="variant.delete", entity_type="drug_variant", entity_id=variant_id, actor=current_user, details={"drug_id": variant.drug_id, "strength": variant.strength}, ) db.delete(variant) db.commit() return {"message": "Drug variant deleted successfully"} @router.get("/variants/{variant_id}/packs", response_model=List[VariantPackResponse]) def list_variant_packs( variant_id: int, active_only: bool = False, db: Session = Depends(get_db), current_user: User = Depends(get_current_user), ): variant = db.query(DrugVariant).filter(DrugVariant.id == variant_id).first() if not variant: raise HTTPException(status_code=404, detail="Drug variant not found") query = db.query(VariantPack).filter(VariantPack.drug_variant_id == variant_id) if active_only: query = query.filter(VariantPack.is_active.is_(True)) packs = query.order_by(VariantPack.is_active.desc(), VariantPack.id.asc()).all() return [serialize_variant_pack(pack) for pack in packs] @router.post("/variants/{variant_id}/packs", response_model=VariantPackResponse) def create_variant_pack( variant_id: int, payload: VariantPackCreate, db: Session = Depends(get_db), current_user: User = Depends(get_current_non_readonly_user), ): variant = db.query(DrugVariant).filter(DrugVariant.id == variant_id).first() if not variant: raise HTTPException(status_code=404, detail="Drug variant not found") pack_unit_name = payload.pack_unit_name.strip() if not pack_unit_name: raise HTTPException(status_code=400, detail="Pack unit name cannot be empty") if payload.pack_size_in_base_units <= 0: raise HTTPException(status_code=400, detail="Pack size in base units must be greater than zero") row = VariantPack( drug_variant_id=variant_id, pack_unit_name=pack_unit_name, pack_size_in_base_units=payload.pack_size_in_base_units, is_active=payload.is_active, ) db.add(row) write_audit_log( db, action="variant_pack.create", entity_type="variant_pack", entity_id=None, actor=current_user, details={ "variant_id": variant_id, "pack_unit_name": pack_unit_name, "pack_size_in_base_units": payload.pack_size_in_base_units, "is_active": payload.is_active, }, ) db.commit() db.refresh(row) return serialize_variant_pack(row) @router.put("/variant-packs/{pack_id}", response_model=VariantPackResponse) def update_variant_pack( pack_id: int, payload: VariantPackUpdate, db: Session = Depends(get_db), current_user: User = Depends(get_current_non_readonly_user), ): row = db.query(VariantPack).filter(VariantPack.id == pack_id).first() if not row: raise HTTPException(status_code=404, detail="Variant pack not found") before = serialize_variant_pack(row) if payload.pack_unit_name is not None: cleaned = payload.pack_unit_name.strip() if not cleaned: raise HTTPException(status_code=400, detail="Pack unit name cannot be empty") row.pack_unit_name = cleaned if payload.pack_size_in_base_units is not None: if payload.pack_size_in_base_units <= 0: raise HTTPException(status_code=400, detail="Pack size in base units must be greater than zero") row.pack_size_in_base_units = payload.pack_size_in_base_units if payload.is_active is not None and payload.is_active is False: # Keep at least one active pack per variant to preserve usable receive/dispense UX. active_count = db.query(VariantPack).filter( VariantPack.drug_variant_id == row.drug_variant_id, VariantPack.is_active.is_(True), VariantPack.id != row.id, ).count() if active_count == 0: raise HTTPException(status_code=400, detail="At least one active pack must remain for this variant") row.is_active = False elif payload.is_active is not None and payload.is_active is True: row.is_active = True write_audit_log( db, action="variant_pack.update", entity_type="variant_pack", entity_id=pack_id, actor=current_user, details={"before": before, "after": payload.dict(exclude_unset=True)}, ) db.commit() db.refresh(row) return serialize_variant_pack(row) # Dispensing endpoints @router.post("/dispense", response_model=DispensingResponse) def dispense_drug(dispensing: DispensingCreate, db: Session = Depends(get_db), current_user: User = Depends(get_current_non_readonly_user)): """Record a drug dispensing and reduce inventory""" # Check if drug variant exists variant = db.query(DrugVariant).filter(DrugVariant.id == dispensing.drug_variant_id).first() if not variant: raise HTTPException(status_code=404, detail="Drug variant not found") dispense_mode = (dispensing.dispense_mode or "subunit").strip().lower() if dispense_mode not in {"subunit", "pack"}: raise HTTPException(status_code=400, detail="dispense_mode must be either 'subunit' or 'pack'") if dispense_mode == "pack": if dispensing.requested_pack_id is None or dispensing.requested_pack_count is None: raise HTTPException(status_code=400, detail="Pack dispense requires requested_pack_id and requested_pack_count") if dispensing.requested_pack_count <= 0: raise HTTPException(status_code=400, detail="Pack count must be greater than zero") if abs(dispensing.requested_pack_count - round(dispensing.requested_pack_count)) > 1e-6: raise HTTPException(status_code=400, detail="Whole-pack dispense requires an integer pack count") resolved = resolve_pack_quantity( db, variant_id=variant.id, quantity=None, pack_id=dispensing.requested_pack_id, pack_count=dispensing.requested_pack_count, ) else: if dispensing.quantity is None or dispensing.quantity <= 0: raise HTTPException(status_code=400, detail="Subunit dispense requires quantity > 0") resolved = resolve_pack_quantity( db, variant_id=variant.id, quantity=dispensing.quantity, pack_id=None, pack_count=None, ) dispense_qty = resolved["quantity"] # Check if enough total quantity available from active stock (legacy and batch-based remain in sync). if variant.quantity < dispense_qty: raise HTTPException( status_code=400, detail=f"Insufficient quantity. Available: {variant.quantity}, Requested: {dispense_qty}", ) allocations = resolve_requested_allocations( db, variant_id=variant.id, variant_quantity=variant.quantity, requested_quantity=dispense_qty, requested_allocations=dispensing.allocations, dispense_mode=dispense_mode, dispense_source=dispensing.dispense_source, requested_pack_id=resolved["pack_id"], ) selected_source = (dispensing.dispense_source or ("legacy" if not allocations else "batch")).strip().lower() user_name = dispensing.user_name or current_user.username primary_batch_id = allocations[0]["batch"].id if allocations else None db_dispensing = Dispensing( drug_variant_id=dispensing.drug_variant_id, batch_id=primary_batch_id, actor_user_id=current_user.id, quantity=dispense_qty, dispense_mode=dispense_mode, requested_pack_id=resolved["pack_id"], requested_pack_count=resolved["pack_count"], animal_name=dispensing.animal_name, user_name=user_name, notes=dispensing.notes, ) db.add(db_dispensing) db.flush() allocation_payload = [] for allocation in allocations: batch = allocation["batch"] qty = allocation["quantity"] batch.quantity -= qty recompute_batch_pack_state(batch) allocation_payload.append({"batch_id": batch.id, "quantity": qty}) db.add(DispensingAllocation(dispensing_id=db_dispensing.id, batch_id=batch.id, quantity=qty)) # Keep legacy variant quantity field in sync for existing frontend flows. variant.quantity -= dispense_qty write_audit_log( db, action="dispense.create", entity_type="dispensing", entity_id=db_dispensing.id, actor=current_user, details={ "drug_variant_id": dispensing.drug_variant_id, "requested_quantity": dispense_qty, "dispense_mode": dispense_mode, "dispense_source": selected_source, "requested_pack_id": resolved["pack_id"], "requested_pack_count": resolved["pack_count"], "allocations": allocation_payload, "animal_name": dispensing.animal_name, "notes": dispensing.notes, }, ) db.commit() db.refresh(db_dispensing) return { "id": db_dispensing.id, "drug_variant_id": db_dispensing.drug_variant_id, "batch_id": db_dispensing.batch_id, "actor_user_id": db_dispensing.actor_user_id, "quantity": db_dispensing.quantity, "dispense_mode": db_dispensing.dispense_mode, "requested_pack_id": db_dispensing.requested_pack_id, "requested_pack_count": db_dispensing.requested_pack_count, "animal_name": db_dispensing.animal_name, "user_name": db_dispensing.user_name, "notes": db_dispensing.notes, "dispensed_at": db_dispensing.dispensed_at, "allocations": allocation_payload, } @router.get("/dispense/history", response_model=List[DispensingResponse]) def list_dispensings(skip: int = 0, limit: int = 100, db: Session = Depends(get_db), current_user: User = Depends(get_current_user)): """Get dispensing records (audit log)""" entries = db.query(Dispensing).order_by(Dispensing.dispensed_at.desc()).offset(skip).limit(limit).all() result = [] for item in entries: allocations = db.query(DispensingAllocation).filter(DispensingAllocation.dispensing_id == item.id).all() result.append( { "id": item.id, "drug_variant_id": item.drug_variant_id, "batch_id": item.batch_id, "actor_user_id": item.actor_user_id, "quantity": item.quantity, "dispense_mode": item.dispense_mode, "requested_pack_id": item.requested_pack_id, "requested_pack_count": item.requested_pack_count, "animal_name": item.animal_name, "user_name": item.user_name, "notes": item.notes, "dispensed_at": item.dispensed_at, "allocations": [{"batch_id": a.batch_id, "quantity": a.quantity} for a in allocations], } ) return result @router.get("/drugs/{drug_id}/dispense/history", response_model=List[DispensingResponse]) def get_drug_dispensings(drug_id: int, db: Session = Depends(get_db), current_user: User = Depends(get_current_user)): """Get dispensing history for a specific drug (all variants)""" # Verify drug exists drug = db.query(Drug).filter(Drug.id == drug_id).first() if not drug: raise HTTPException(status_code=404, detail="Drug not found") # Get all variant IDs for this drug variant_ids = db.query(DrugVariant.id).filter(DrugVariant.drug_id == drug_id).subquery() entries = db.query(Dispensing).filter(Dispensing.drug_variant_id.in_(variant_ids)).order_by(Dispensing.dispensed_at.desc()).all() result = [] for item in entries: allocations = db.query(DispensingAllocation).filter(DispensingAllocation.dispensing_id == item.id).all() result.append( { "id": item.id, "drug_variant_id": item.drug_variant_id, "batch_id": item.batch_id, "actor_user_id": item.actor_user_id, "quantity": item.quantity, "dispense_mode": item.dispense_mode, "requested_pack_id": item.requested_pack_id, "requested_pack_count": item.requested_pack_count, "animal_name": item.animal_name, "user_name": item.user_name, "notes": item.notes, "dispensed_at": item.dispensed_at, "allocations": [{"batch_id": a.batch_id, "quantity": a.quantity} for a in allocations], } ) return result @router.get("/variants/{variant_id}/dispense/history", response_model=List[DispensingResponse]) def get_variant_dispensings(variant_id: int, db: Session = Depends(get_db), current_user: User = Depends(get_current_user)): """Get dispensing history for a specific drug variant""" # Verify variant exists variant = db.query(DrugVariant).filter(DrugVariant.id == variant_id).first() if not variant: raise HTTPException(status_code=404, detail="Drug variant not found") entries = db.query(Dispensing).filter(Dispensing.drug_variant_id == variant_id).order_by(Dispensing.dispensed_at.desc()).all() result = [] for item in entries: allocations = db.query(DispensingAllocation).filter(DispensingAllocation.dispensing_id == item.id).all() result.append( { "id": item.id, "drug_variant_id": item.drug_variant_id, "batch_id": item.batch_id, "actor_user_id": item.actor_user_id, "quantity": item.quantity, "dispense_mode": item.dispense_mode, "requested_pack_id": item.requested_pack_id, "requested_pack_count": item.requested_pack_count, "animal_name": item.animal_name, "user_name": item.user_name, "notes": item.notes, "dispensed_at": item.dispensed_at, "allocations": [{"batch_id": a.batch_id, "quantity": a.quantity} for a in allocations], } ) return result @router.get("/locations", response_model=List[LocationResponse]) def list_locations(active_only: bool = True, db: Session = Depends(get_db), current_user: User = Depends(get_current_user)): query = db.query(Location) if active_only: query = query.filter(Location.is_active.is_(True)) return query.order_by(Location.name.asc()).all() @router.post("/locations", response_model=LocationResponse) def create_location(location: LocationCreate, db: Session = Depends(get_db), current_user: User = Depends(get_current_admin_user)): cleaned_name = location.name.strip() if not cleaned_name: raise HTTPException(status_code=400, detail="Location name cannot be empty") existing = db.query(Location).filter(Location.name == cleaned_name).first() if existing: raise HTTPException(status_code=400, detail="Location with this name already exists") row = Location(name=cleaned_name, is_active=True) db.add(row) write_audit_log( db, action="location.create", entity_type="location", entity_id=None, actor=current_user, details={"name": row.name}, ) db.commit() db.refresh(row) return row @router.put("/locations/{location_id}", response_model=LocationResponse) def update_location(location_id: int, payload: LocationUpdate, db: Session = Depends(get_db), current_user: User = Depends(get_current_admin_user)): location = db.query(Location).filter(Location.id == location_id).first() if not location: raise HTTPException(status_code=404, detail="Location not found") before = {"name": location.name, "is_active": location.is_active} if payload.name is not None: cleaned_name = payload.name.strip() if not cleaned_name: raise HTTPException(status_code=400, detail="Location name cannot be empty") dup = db.query(Location).filter(Location.name == cleaned_name, Location.id != location_id).first() if dup: raise HTTPException(status_code=400, detail="Another location already uses that name") location.name = cleaned_name if payload.is_active is not None and payload.is_active is False: stock_count = db.query(Batch).filter(Batch.location_id == location_id, Batch.quantity > 0).count() if stock_count > 0: raise HTTPException(status_code=400, detail="Cannot archive location while active stock remains") location.is_active = False elif payload.is_active is not None and payload.is_active is True: location.is_active = True write_audit_log( db, action="location.update", entity_type="location", entity_id=location_id, actor=current_user, details={"before": before, "after": payload.dict(exclude_unset=True)}, ) db.commit() db.refresh(location) return location @router.get("/variants/{variant_id}/batches", response_model=List[BatchResponse]) def list_variant_batches(variant_id: int, db: Session = Depends(get_db), current_user: User = Depends(get_current_user)): variant = db.query(DrugVariant).filter(DrugVariant.id == variant_id).first() if not variant: raise HTTPException(status_code=404, detail="Drug variant not found") batches = ( db.query(Batch) .filter(Batch.drug_variant_id == variant_id) .order_by(Batch.expiry_date.asc(), Batch.received_at.asc()) .all() ) return [serialize_batch_response(db, batch) for batch in batches] @router.post("/variants/{variant_id}/batches", response_model=BatchResponse) def create_variant_batch(variant_id: int, payload: BatchCreate, db: Session = Depends(get_db), current_user: User = Depends(get_current_non_readonly_user)): variant = db.query(DrugVariant).filter(DrugVariant.id == variant_id).first() if not variant: raise HTTPException(status_code=404, detail="Drug variant not found") resolved = resolve_pack_quantity( db, variant_id=variant_id, quantity=payload.quantity, pack_id=payload.received_pack_id, pack_count=payload.received_pack_count, ) batch_quantity = resolved["quantity"] location = db.query(Location).filter(Location.id == payload.location_id, Location.is_active.is_(True)).first() if not location: raise HTTPException(status_code=400, detail="Location not found or inactive") batch_number = payload.batch_number.strip() if not batch_number: raise HTTPException(status_code=400, detail="Batch number cannot be empty") existing = ( db.query(Batch) .filter(Batch.drug_variant_id == variant_id, Batch.batch_number == batch_number) .first() ) if existing: raise HTTPException(status_code=400, detail="Batch number already exists for this variant") row = Batch( drug_variant_id=variant_id, batch_number=batch_number, quantity=batch_quantity, received_pack_id=resolved["pack_id"], received_pack_count=resolved["pack_count"], received_pack_size_snapshot=resolve_pack_size_snapshot(db, resolved["pack_id"]), expiry_date=payload.expiry_date, location_id=payload.location_id, notes=payload.notes, ) recompute_batch_pack_state(row) db.add(row) variant.quantity += batch_quantity write_audit_log( db, action="batch.create", entity_type="batch", entity_id=None, actor=current_user, details={ "variant_id": variant_id, "batch_number": batch_number, "quantity": batch_quantity, "received_pack_id": resolved["pack_id"], "received_pack_count": resolved["pack_count"], "received_pack_size_snapshot": row.received_pack_size_snapshot, "expiry_date": payload.expiry_date, "location_id": payload.location_id, }, ) db.commit() db.refresh(row) return serialize_batch_response(db, row) @router.put("/batches/{batch_id}", response_model=BatchResponse) def update_batch(batch_id: int, payload: BatchUpdate, db: Session = Depends(get_db), current_user: User = Depends(get_current_non_readonly_user)): batch = db.query(Batch).filter(Batch.id == batch_id).first() if not batch: raise HTTPException(status_code=404, detail="Batch not found") variant = db.query(DrugVariant).filter(DrugVariant.id == batch.drug_variant_id).first() if not variant: raise HTTPException(status_code=404, detail="Parent variant not found") before = { "batch_number": batch.batch_number, "quantity": batch.quantity, "received_pack_id": batch.received_pack_id, "received_pack_count": batch.received_pack_count, "received_pack_size_snapshot": batch.received_pack_size_snapshot, "current_full_pack_count": batch.current_full_pack_count, "current_loose_base_units": batch.current_loose_base_units, "expiry_date": batch.expiry_date, "location_id": batch.location_id, "notes": batch.notes, "disposed_at": batch.disposed_at, "disposed_by_user_id": batch.disposed_by_user_id, "disposed_quantity": batch.disposed_quantity, "disposal_notes": batch.disposal_notes, } if payload.batch_number is not None: cleaned_batch_number = payload.batch_number.strip() if not cleaned_batch_number: raise HTTPException(status_code=400, detail="Batch number cannot be empty") duplicate = ( db.query(Batch) .filter( Batch.drug_variant_id == batch.drug_variant_id, Batch.batch_number == cleaned_batch_number, Batch.id != batch.id, ) .first() ) if duplicate: raise HTTPException(status_code=400, detail="Batch number already exists for this variant") batch.batch_number = cleaned_batch_number if payload.location_id is not None: location = db.query(Location).filter(Location.id == payload.location_id, Location.is_active.is_(True)).first() if not location: raise HTTPException(status_code=400, detail="Location not found or inactive") batch.location_id = payload.location_id if payload.expiry_date is not None: batch.expiry_date = payload.expiry_date if payload.notes is not None: batch.notes = payload.notes if payload.received_pack_id is not None or payload.received_pack_count is not None or payload.quantity is not None: if payload.quantity is not None and payload.quantity < 0: raise HTTPException(status_code=400, detail="Batch quantity cannot be negative") if payload.received_pack_id is None and payload.received_pack_count is None: if payload.quantity is None: raise HTTPException(status_code=400, detail="Batch quantity cannot be empty") resolved_quantity = payload.quantity resolved_pack_id = batch.received_pack_id resolved_pack_count = batch.received_pack_count else: target_pack_id = payload.received_pack_id if payload.received_pack_id is not None else batch.received_pack_id target_pack_count = payload.received_pack_count if payload.received_pack_count is not None else batch.received_pack_count if target_pack_id is None or target_pack_count is None: raise HTTPException(status_code=400, detail="Both pack_id and pack_count are required for pack-based updates") resolved = resolve_pack_quantity( db, variant_id=batch.drug_variant_id, quantity=payload.quantity, pack_id=target_pack_id, pack_count=target_pack_count, ) resolved_quantity = resolved["quantity"] resolved_pack_id = resolved["pack_id"] resolved_pack_count = resolved["pack_count"] delta = resolved_quantity - batch.quantity projected_variant_qty = variant.quantity + delta if projected_variant_qty < 0: raise HTTPException(status_code=400, detail="Variant quantity cannot become negative") batch.quantity = resolved_quantity batch.received_pack_id = resolved_pack_id batch.received_pack_count = resolved_pack_count batch.received_pack_size_snapshot = resolve_pack_size_snapshot(db, resolved_pack_id) recompute_batch_pack_state(batch) variant.quantity = projected_variant_qty write_audit_log( db, action="batch.update", entity_type="batch", entity_id=batch_id, actor=current_user, details={"before": before, "after": payload.dict(exclude_unset=True)}, ) db.commit() db.refresh(batch) return serialize_batch_response(db, batch) @router.post("/batches/{batch_id}/dispose", response_model=BatchResponse) def dispose_batch(batch_id: int, payload: BatchDisposeRequest, db: Session = Depends(get_db), current_user: User = Depends(get_current_non_readonly_user)): batch = db.query(Batch).filter(Batch.id == batch_id).first() if not batch: raise HTTPException(status_code=404, detail="Batch not found") if batch.disposed_at is not None: raise HTTPException(status_code=400, detail="Batch has already been disposed") if batch.quantity <= 0: raise HTTPException(status_code=400, detail="Batch has no remaining stock to dispose") if batch.expiry_date >= date.today(): raise HTTPException(status_code=400, detail="Only expired batches can be marked as disposed") variant = db.query(DrugVariant).filter(DrugVariant.id == batch.drug_variant_id).first() if not variant: raise HTTPException(status_code=404, detail="Parent variant not found") disposed_quantity = batch.quantity if variant.quantity - disposed_quantity < -1e-6: raise HTTPException(status_code=400, detail="Variant quantity cannot become negative during disposal") batch.quantity = 0 batch.disposed_at = datetime.utcnow() batch.disposed_by_user_id = current_user.id batch.disposed_quantity = disposed_quantity batch.disposal_notes = (payload.notes or '').strip() or None recompute_batch_pack_state(batch) variant.quantity = max(0, variant.quantity - disposed_quantity) write_audit_log( db, action="batch.dispose", entity_type="batch", entity_id=batch.id, actor=current_user, details={ "batch_number": batch.batch_number, "variant_id": batch.drug_variant_id, "disposed_quantity": disposed_quantity, "expiry_date": batch.expiry_date.isoformat() if batch.expiry_date else None, "location_id": batch.location_id, "disposal_notes": batch.disposal_notes, }, ) db.commit() db.refresh(batch) return serialize_batch_response(db, batch) @router.get("/audit", response_model=List[Dict[str, Any]]) def list_audit_events(skip: int = 0, limit: int = 200, db: Session = Depends(get_db), current_user: User = Depends(get_current_admin_user)): events = db.query(AuditLog).order_by(AuditLog.created_at.desc()).offset(skip).limit(limit).all() response = [] for evt in events: details = None if evt.details: try: details = json.loads(evt.details) except json.JSONDecodeError: details = {"raw": evt.details} response.append( { "id": evt.id, "action": evt.action, "entity_type": evt.entity_type, "entity_id": evt.entity_id, "actor_user_id": evt.actor_user_id, "actor_username": evt.actor_username, "details": details, "created_at": evt.created_at, } ) return response def _csv_response(filename: str, headers: List[str], rows: List[List[Any]]) -> Response: output = io.StringIO() writer = csv.writer(output) writer.writerow(headers) writer.writerows(rows) return Response( content=output.getvalue(), media_type="text/csv", headers={"Content-Disposition": f"attachment; filename={filename}"}, ) @router.get("/reports/controlled-movement") def report_controlled_movement( from_date: Optional[date] = None, to_date: Optional[date] = None, format: str = "json", db: Session = Depends(get_db), current_user: User = Depends(get_current_user), ): query = ( db.query(Dispensing, Drug, DrugVariant) .join(DrugVariant, Dispensing.drug_variant_id == DrugVariant.id) .join(Drug, DrugVariant.drug_id == Drug.id) .filter(Drug.is_controlled.is_(True)) ) if from_date is not None: query = query.filter(Dispensing.dispensed_at >= datetime.combine(from_date, datetime.min.time())) if to_date is not None: query = query.filter(Dispensing.dispensed_at < datetime.combine(to_date + timedelta(days=1), datetime.min.time())) rows = query.order_by(Dispensing.dispensed_at.desc()).all() result = [ { "dispensing_id": d.id, "dispensed_at": d.dispensed_at, "drug_name": drug.name, "strength": variant.strength, "quantity": d.quantity, "dispense_mode": d.dispense_mode, "requested_pack_id": d.requested_pack_id, "requested_pack_count": d.requested_pack_count, "user_name": d.user_name, "animal_name": d.animal_name, "batch_id": d.batch_id, } for d, drug, variant in rows ] if format.lower() == "csv": csv_rows = [ [ item["dispensing_id"], item["dispensed_at"], item["drug_name"], item["strength"], item["quantity"], item["user_name"], item["animal_name"], item["batch_id"], ] for item in result ] return _csv_response( "controlled_movement.csv", ["dispensing_id", "dispensed_at", "drug_name", "strength", "quantity", "user_name", "animal_name", "batch_id"], csv_rows, ) return result @router.get("/reports/batch-expiry") def report_batch_expiry( days: int = 30, format: str = "json", db: Session = Depends(get_db), current_user: User = Depends(get_current_user), ): if days < 0: raise HTTPException(status_code=400, detail="Days must be non-negative") today = date.today() cutoff = today + timedelta(days=days) rows = ( db.query(Batch, DrugVariant, Drug, Location) .join(DrugVariant, Batch.drug_variant_id == DrugVariant.id) .join(Drug, DrugVariant.drug_id == Drug.id) .join(Location, Batch.location_id == Location.id) .filter(Batch.quantity > 0, Batch.expiry_date <= cutoff) .order_by(Batch.expiry_date.asc()) .all() ) result = [] for batch, variant, drug, location in rows: status_label = "expired" if batch.expiry_date < today else "expiring" result.append( { "batch_id": batch.id, "batch_number": batch.batch_number, "drug_name": drug.name, "strength": variant.strength, "quantity": batch.quantity, "location": location.name, "expiry_date": batch.expiry_date, "status": status_label, "is_controlled": bool(drug.is_controlled), } ) if format.lower() == "csv": csv_rows = [ [ item["batch_id"], item["batch_number"], item["drug_name"], item["strength"], item["quantity"], item["location"], item["expiry_date"], item["status"], item["is_controlled"], ] for item in result ] return _csv_response( "batch_expiry.csv", ["batch_id", "batch_number", "drug_name", "strength", "quantity", "location", "expiry_date", "status", "is_controlled"], csv_rows, ) return result @router.get("/reports/stock-by-location") def report_stock_by_location( format: str = "json", db: Session = Depends(get_db), current_user: User = Depends(get_current_user), ): rows = ( db.query(Location, Batch, DrugVariant, Drug) .join(Batch, Batch.location_id == Location.id) .join(DrugVariant, Batch.drug_variant_id == DrugVariant.id) .join(Drug, DrugVariant.drug_id == Drug.id) .filter(Batch.quantity > 0) .order_by(Location.name.asc(), Drug.name.asc(), DrugVariant.strength.asc()) .all() ) result = [ { "location_id": location.id, "location_name": location.name, "batch_id": batch.id, "batch_number": batch.batch_number, "drug_name": drug.name, "strength": variant.strength, "quantity": batch.quantity, "unit": variant.unit, "expiry_date": batch.expiry_date, "is_controlled": bool(drug.is_controlled), } for location, batch, variant, drug in rows ] if format.lower() == "csv": csv_rows = [ [ item["location_id"], item["location_name"], item["batch_id"], item["batch_number"], item["drug_name"], item["strength"], item["quantity"], item["unit"], item["expiry_date"], item["is_controlled"], ] for item in result ] return _csv_response( "stock_by_location.csv", ["location_id", "location_name", "batch_id", "batch_number", "drug_name", "strength", "quantity", "unit", "expiry_date", "is_controlled"], csv_rows, ) return result @router.get("/reports/global-inventory") def report_global_inventory( format: str = "json", db: Session = Depends(get_db), current_user: User = Depends(get_current_user), ): variant_rows = ( db.query(DrugVariant, Drug) .join(Drug, DrugVariant.drug_id == Drug.id) .order_by(Drug.name.asc(), DrugVariant.strength.asc()) .all() ) result: List[Dict[str, Any]] = [] for variant, drug in variant_rows: batch_rows = ( db.query(Batch, Location) .join(Location, Batch.location_id == Location.id) .filter(Batch.drug_variant_id == variant.id, Batch.quantity > 0) .order_by(Batch.expiry_date.asc(), Location.name.asc(), Batch.batch_number.asc()) .all() ) total_batch_quantity = 0.0 for batch, location in batch_rows: total_batch_quantity += float(batch.quantity or 0) result.append( { "batch_id": batch.id, "batch_number": batch.batch_number, "drug_name": drug.name, "strength": variant.strength, "quantity": batch.quantity, "unit": variant.unit, "location_name": location.name, "expiry_date": batch.expiry_date, "inventory_source": "batch", "is_controlled": bool(drug.is_controlled), } ) legacy_quantity = max(0.0, float(variant.quantity or 0) - total_batch_quantity) if legacy_quantity > 1e-6: result.append( { "batch_id": None, "batch_number": "Legacy stock", "drug_name": drug.name, "strength": variant.strength, "quantity": legacy_quantity, "unit": variant.unit, "location_name": None, "expiry_date": None, "inventory_source": "legacy", "is_controlled": bool(drug.is_controlled), } ) if format.lower() == "csv": csv_rows = [ [ item["drug_name"], item["strength"], item["batch_number"], item["quantity"], item["unit"], item["location_name"], item["expiry_date"], item["inventory_source"], item["is_controlled"], ] for item in result ] return _csv_response( "global_inventory.csv", [ "drug_name", "strength", "batch_number", "quantity", "unit", "location_name", "expiry_date", "inventory_source", "is_controlled", ], csv_rows, ) return result @router.get("/reports/batch-attention") def report_batch_attention( format: str = "json", db: Session = Depends(get_db), current_user: User = Depends(get_current_user), ): today = date.today() rows = ( db.query(Batch, DrugVariant, Drug, Location) .join(DrugVariant, Batch.drug_variant_id == DrugVariant.id) .join(Drug, DrugVariant.drug_id == Drug.id) .join(Location, Batch.location_id == Location.id) .filter(Batch.quantity > 0, Batch.expiry_date < today) .order_by(Batch.expiry_date.asc(), Drug.name.asc(), DrugVariant.strength.asc(), Batch.batch_number.asc()) .all() ) result = [] for batch, variant, drug, location in rows: result.append( { "batch_id": batch.id, "batch_number": batch.batch_number, "drug_name": drug.name, "strength": variant.strength, "quantity": batch.quantity, "unit": variant.unit, "location": location.name, "expiry_date": batch.expiry_date, "status": "expired", "received_pack_unit_name": None, "current_full_pack_count": batch.current_full_pack_count, "current_loose_base_units": batch.current_loose_base_units, "is_controlled": bool(drug.is_controlled), } ) if format.lower() == "csv": csv_rows = [ [ item["batch_id"], item["batch_number"], item["drug_name"], item["strength"], item["quantity"], item["unit"], item["location"], item["expiry_date"], item["status"], item["current_full_pack_count"], item["current_loose_base_units"], item["is_controlled"], ] for item in result ] return _csv_response( "batch_attention.csv", [ "batch_id", "batch_number", "drug_name", "strength", "quantity", "unit", "location", "expiry_date", "status", "current_full_pack_count", "current_loose_base_units", "is_controlled", ], csv_rows, ) return result @router.get("/reports/audit-trail") def report_audit_trail( from_date: Optional[date] = None, to_date: Optional[date] = None, format: str = "json", db: Session = Depends(get_db), current_user: User = Depends(get_current_admin_user), ): query = db.query(AuditLog) if from_date is not None: query = query.filter(AuditLog.created_at >= datetime.combine(from_date, datetime.min.time())) if to_date is not None: query = query.filter(AuditLog.created_at < datetime.combine(to_date + timedelta(days=1), datetime.min.time())) rows = query.order_by(AuditLog.created_at.desc()).all() result = [] for evt in rows: details = None if evt.details: try: details = json.loads(evt.details) except json.JSONDecodeError: details = {"raw": evt.details} result.append( { "id": evt.id, "created_at": evt.created_at, "action": evt.action, "entity_type": evt.entity_type, "entity_id": evt.entity_id, "actor_user_id": evt.actor_user_id, "actor_username": evt.actor_username, "details": details, } ) if format.lower() == "csv": csv_rows = [ [ item["id"], item["created_at"], item["action"], item["entity_type"], item["entity_id"], item["actor_user_id"], item["actor_username"], json.dumps(item["details"], default=str) if item["details"] is not None else "", ] for item in result ] return _csv_response( "audit_trail.csv", ["id", "created_at", "action", "entity_type", "entity_id", "actor_user_id", "actor_username", "details"], csv_rows, ) return result # Helper function to capitalize text for labels def capitalize_label_text(text: str) -> str: """Capitalize the first letter of each sentence in the text""" if not text: return text # Capitalize first letter of the entire string result = text[0].upper() + text[1:] if len(text) > 1 else text.upper() # Also capitalize after periods and common sentence breaks for delimiter in ['. ', '! ', '? ']: parts = result.split(delimiter) result = delimiter.join([ part[0].upper() + part[1:] if part else part for part in parts ]) return result # Label printing endpoint @router.post("/labels/print", response_model=LabelPrintResponse) def print_label(label_request: LabelPrintRequest, current_user: User = Depends(get_current_non_readonly_user)): """ Print a drug label by publishing an MQTT message This endpoint publishes a label print request to the MQTT broker, which will be picked up by the label printing service. """ try: # Get label configuration from environment import os template_id = os.getenv("LABEL_TEMPLATE_ID", "vet_label") label_size = os.getenv("LABEL_SIZE", "29x90") test_mode = os.getenv("LABEL_TEST", "false").lower() == "true" # Capitalize all text fields for better presentation variables = label_request.variables.dict() variables["practice_name"] = capitalize_label_text(variables["practice_name"]) variables["animal_name"] = capitalize_label_text(variables["animal_name"]) variables["drug_name"] = capitalize_label_text(variables["drug_name"]) variables["dosage"] = capitalize_label_text(variables["dosage"]) variables["quantity"] = capitalize_label_text(variables["quantity"]) # expiry_date doesn't need capitalization # Convert the request to the MQTT message format mqtt_message = { "template_id": template_id, "label_size": label_size, "variables": variables, "test": test_mode } # Publish to MQTT and wait for response success, response = publish_label_print_with_response(mqtt_message, timeout=10.0) print(f"Label print result: success={success}, response={response}") if success: result = LabelPrintResponse( success=True, message=response.get("message", "Label printed successfully") ) print(f"Returning success response: {result}") return result else: # Return error details from printer # Check both 'message' and 'error' fields for error details if response: error_msg = response.get("message") or response.get("error", "Unknown error") else: error_msg = "No response from printer" result = LabelPrintResponse( success=False, message=f"Print failed: {error_msg}" ) print(f"Returning error response: {result}") return result except Exception as e: raise HTTPException( status_code=500, detail=f"Error sending label print request: {str(e)}" ) # Notes printing endpoint @router.post("/notes/print", response_model=NotesPrintResponse) def print_notes(notes_request: NotesPrintRequest, current_user: User = Depends(get_current_non_readonly_user)): """ Print notes by publishing an MQTT message This endpoint publishes a notes print request to the MQTT broker, which will be picked up by the label printing service. """ try: # Get notes template configuration from environment import os template_id = os.getenv("NOTES_TEMPLATE_ID", "notes_template") label_size = os.getenv("LABEL_SIZE", "29x90") test_mode = os.getenv("LABEL_TEST", "false").lower() == "true" # Capitalize text fields for better presentation variables = notes_request.variables.dict() variables["animal_name"] = capitalize_label_text(variables["animal_name"]) variables["notes"] = capitalize_label_text(variables["notes"]) # Convert the request to the MQTT message format mqtt_message = { "template_id": template_id, "label_size": label_size, "variables": variables, "test": test_mode } # Publish to MQTT and wait for response success, response = publish_label_print_with_response(mqtt_message, timeout=10.0) print(f"Notes print result: success={success}, response={response}") if success: result = NotesPrintResponse( success=True, message=response.get("message", "Notes printed successfully") ) print(f"Returning success response: {result}") return result else: # Return error details from printer # Check both 'message' and 'error' fields for error details if response: error_msg = response.get("message") or response.get("error", "Unknown error") else: error_msg = "No response from printer" result = NotesPrintResponse( success=False, message=f"Print failed: {error_msg}" ) print(f"Returning error response: {result}") return result except Exception as e: raise HTTPException( status_code=500, detail=f"Error sending notes print request: {str(e)}" ) @router.get("/gtin/{gtin}", response_model=GtinMappingResponse) def get_gtin_mapping( gtin: str, db: Session = Depends(get_db), current_user: User = Depends(get_current_user), ): mapping = db.query(GtinMapping).filter(GtinMapping.gtin == gtin).first() if not mapping: raise HTTPException(status_code=404, detail="GTIN not found") variant = db.query(DrugVariant).filter(DrugVariant.id == mapping.drug_variant_id).first() drug = db.query(Drug).filter(Drug.id == variant.drug_id).first() if variant else None pack = db.query(VariantPack).filter(VariantPack.id == mapping.variant_pack_id).first() if not variant or not drug or not pack: # Referenced records no longer exist — delete the stale mapping and treat as unknown db.delete(mapping) db.commit() raise HTTPException(status_code=404, detail="GTIN not found") return GtinMappingResponse( id=mapping.id, gtin=mapping.gtin, drug_variant_id=mapping.drug_variant_id, variant_pack_id=mapping.variant_pack_id, drug_id=drug.id, drug_name=drug.name, variant_strength=variant.strength, variant_unit=variant.unit, pack_label=f"{pack.pack_unit_name} of {int(pack.pack_size_in_base_units) if pack.pack_size_in_base_units == int(pack.pack_size_in_base_units) else pack.pack_size_in_base_units}", pack_size_in_base_units=pack.pack_size_in_base_units, pack_unit_name=pack.pack_unit_name, ) @router.post("/gtin", response_model=GtinMappingResponse, status_code=201) def create_gtin_mapping( body: GtinMappingCreate, db: Session = Depends(get_db), current_user: User = Depends(get_current_non_readonly_user), ): existing = db.query(GtinMapping).filter(GtinMapping.gtin == body.gtin).first() if existing: raise HTTPException(status_code=409, detail="GTIN mapping already exists") variant = db.query(DrugVariant).filter(DrugVariant.id == body.drug_variant_id).first() if not variant: raise HTTPException(status_code=404, detail="Drug variant not found") pack = db.query(VariantPack).filter( VariantPack.id == body.variant_pack_id, VariantPack.drug_variant_id == body.drug_variant_id, ).first() if not pack: raise HTTPException(status_code=404, detail="Pack not found for this variant") drug = db.query(Drug).filter(Drug.id == variant.drug_id).first() mapping = GtinMapping( gtin=body.gtin, drug_variant_id=body.drug_variant_id, variant_pack_id=body.variant_pack_id, created_by_user_id=current_user.id, ) db.add(mapping) db.commit() db.refresh(mapping) return GtinMappingResponse( id=mapping.id, gtin=mapping.gtin, drug_variant_id=mapping.drug_variant_id, variant_pack_id=mapping.variant_pack_id, drug_id=drug.id, drug_name=drug.name, variant_strength=variant.strength, variant_unit=variant.unit, pack_label=f"{pack.pack_unit_name} of {int(pack.pack_size_in_base_units) if pack.pack_size_in_base_units == int(pack.pack_size_in_base_units) else pack.pack_size_in_base_units}", pack_size_in_base_units=pack.pack_size_in_base_units, pack_unit_name=pack.pack_unit_name, ) # Include router with /api prefix app.include_router(router)