egg/PROJECT-CONTORL
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2d80a8384eaea1cb4ce346668031d80386bb65ad
PROJECT-CONTORL/backend/app/api/triggers/router.py
beabigegg 9b220523ff feat: complete issue fixes and implement remaining features 
## Critical Issues (CRIT-001~003) - All Fixed
- JWT secret key validation with pydantic field_validator
- Login audit logging for success/failure attempts
- Frontend API path prefix removal

## High Priority Issues (HIGH-001~008) - All Fixed
- Project soft delete using is_active flag
- Redis session token bytes handling
- Rate limiting with slowapi (5 req/min for login)
- Attachment API permission checks
- Kanban view with drag-and-drop
- Workload heatmap UI (WorkloadPage, WorkloadHeatmap)
- TaskDetailModal integrating Comments/Attachments
- UserSelect component for task assignment

## Medium Priority Issues (MED-001~012) - All Fixed
- MED-001~005: DB commits, N+1 queries, datetime, error format, blocker flag
- MED-006: Project health dashboard (HealthService, ProjectHealthPage)
- MED-007: Capacity update API (PUT /api/users/{id}/capacity)
- MED-008: Schedule triggers (cron parsing, deadline reminders)
- MED-009: Watermark feature (image/PDF watermarking)
- MED-010~012: useEffect deps, DOM operations, PDF export

## New Files
- backend/app/api/health/ - Project health API
- backend/app/services/health_service.py
- backend/app/services/trigger_scheduler.py
- backend/app/services/watermark_service.py
- backend/app/core/rate_limiter.py
- frontend/src/pages/ProjectHealthPage.tsx
- frontend/src/components/ProjectHealthCard.tsx
- frontend/src/components/KanbanBoard.tsx
- frontend/src/components/WorkloadHeatmap.tsx

## Tests
- 113 new tests passing (health: 32, users: 14, triggers: 35, watermark: 32)

## OpenSpec Archives
- add-project-health-dashboard
- add-capacity-update-api
- add-schedule-triggers
- add-watermark-feature
- add-rate-limiting
- enhance-frontend-ux
- add-resource-management-ui

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-04 21:49:52 +08:00

322 lines
11 KiB
Python
Raw Blame History

import uuid
from fastapi import APIRouter, Depends, HTTPException, status
from sqlalchemy.orm import Session
from typing import Optional
from app.core.database import get_db
from app.models import User, Project, Trigger, TriggerLog
from app.schemas.trigger import (
TriggerCreate, TriggerUpdate, TriggerResponse, TriggerListResponse,
TriggerLogResponse, TriggerLogListResponse, TriggerUserInfo
)
from app.middleware.auth import get_current_user, check_project_access, check_project_edit_access
from app.services.trigger_scheduler import TriggerSchedulerService
router = APIRouter(tags=["triggers"])
def trigger_to_response(trigger: Trigger) -> TriggerResponse:
"""Convert Trigger model to TriggerResponse."""
return TriggerResponse(
id=trigger.id,
project_id=trigger.project_id,
name=trigger.name,
description=trigger.description,
trigger_type=trigger.trigger_type,
conditions=trigger.conditions,
actions=trigger.actions if isinstance(trigger.actions, list) else [trigger.actions],
is_active=trigger.is_active,
created_by=trigger.created_by,
created_at=trigger.created_at,
updated_at=trigger.updated_at,
creator=TriggerUserInfo(
id=trigger.creator.id,
name=trigger.creator.name,
email=trigger.creator.email,
) if trigger.creator else None,
)
@router.post("/api/projects/{project_id}/triggers", response_model=TriggerResponse, status_code=status.HTTP_201_CREATED)
async def create_trigger(
project_id: str,
trigger_data: TriggerCreate,
db: Session = Depends(get_db),
current_user: User = Depends(get_current_user),
):
"""Create a new trigger for a project."""
project = db.query(Project).filter(Project.id == project_id).first()
if not project:
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail="Project not found",
)
if not check_project_edit_access(current_user, project):
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Permission denied - only project owner can manage triggers",
)
# Validate trigger type
if trigger_data.trigger_type not in ["field_change", "schedule"]:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="Invalid trigger type. Must be 'field_change' or 'schedule'",
)
# Validate conditions based on trigger type
if trigger_data.trigger_type == "field_change":
# Validate field_change conditions
if not trigger_data.conditions.field:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="Field is required for field_change triggers",
)
if trigger_data.conditions.field not in ["status_id", "assignee_id", "priority"]:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="Invalid condition field. Must be 'status_id', 'assignee_id', or 'priority'",
)
if not trigger_data.conditions.operator:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="Operator is required for field_change triggers",
)
if trigger_data.conditions.operator not in ["equals", "not_equals", "changed_to", "changed_from"]:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="Invalid operator. Must be 'equals', 'not_equals', 'changed_to', or 'changed_from'",
)
elif trigger_data.trigger_type == "schedule":
# Validate schedule conditions
has_cron = trigger_data.conditions.cron_expression is not None
has_deadline = trigger_data.conditions.deadline_reminder_days is not None
if not has_cron and not has_deadline:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="Schedule triggers require either cron_expression or deadline_reminder_days",
)
# Validate cron expression if provided
if has_cron:
is_valid, error_msg = TriggerSchedulerService.parse_cron_expression(
trigger_data.conditions.cron_expression
)
if not is_valid:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=error_msg or "Invalid cron expression",
)
# Create trigger
trigger = Trigger(
id=str(uuid.uuid4()),
project_id=project_id,
name=trigger_data.name,
description=trigger_data.description,
trigger_type=trigger_data.trigger_type,
conditions=trigger_data.conditions.model_dump(),
actions=[a.model_dump() for a in trigger_data.actions],
is_active=trigger_data.is_active,
created_by=current_user.id,
)
db.add(trigger)
db.commit()
db.refresh(trigger)
return trigger_to_response(trigger)
@router.get("/api/projects/{project_id}/triggers", response_model=TriggerListResponse)
async def list_triggers(
project_id: str,
is_active: Optional[bool] = None,
db: Session = Depends(get_db),
current_user: User = Depends(get_current_user),
):
"""List all triggers for a project."""
project = db.query(Project).filter(Project.id == project_id).first()
if not project:
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail="Project not found",
)
if not check_project_access(current_user, project):
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Access denied",
)
query = db.query(Trigger).filter(Trigger.project_id == project_id)
if is_active is not None:
query = query.filter(Trigger.is_active == is_active)
triggers = query.order_by(Trigger.created_at.desc()).all()
return TriggerListResponse(
triggers=[trigger_to_response(t) for t in triggers],
total=len(triggers),
)
@router.get("/api/triggers/{trigger_id}", response_model=TriggerResponse)
async def get_trigger(
trigger_id: str,
db: Session = Depends(get_db),
current_user: User = Depends(get_current_user),
):
"""Get a specific trigger by ID."""
trigger = db.query(Trigger).filter(Trigger.id == trigger_id).first()
if not trigger:
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail="Trigger not found",
)
project = trigger.project
if not check_project_access(current_user, project):
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Access denied",
)
return trigger_to_response(trigger)
@router.put("/api/triggers/{trigger_id}", response_model=TriggerResponse)
async def update_trigger(
trigger_id: str,
trigger_data: TriggerUpdate,
db: Session = Depends(get_db),
current_user: User = Depends(get_current_user),
):
"""Update a trigger."""
trigger = db.query(Trigger).filter(Trigger.id == trigger_id).first()
if not trigger:
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail="Trigger not found",
)
project = trigger.project
if not check_project_edit_access(current_user, project):
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Permission denied",
)
# Update fields if provided
if trigger_data.name is not None:
trigger.name = trigger_data.name
if trigger_data.description is not None:
trigger.description = trigger_data.description
if trigger_data.conditions is not None:
# Validate conditions based on trigger type
if trigger.trigger_type == "field_change":
if trigger_data.conditions.field and trigger_data.conditions.field not in ["status_id", "assignee_id", "priority"]:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="Invalid condition field",
)
elif trigger.trigger_type == "schedule":
# Validate cron expression if provided
if trigger_data.conditions.cron_expression is not None:
is_valid, error_msg = TriggerSchedulerService.parse_cron_expression(
trigger_data.conditions.cron_expression
)
if not is_valid:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=error_msg or "Invalid cron expression",
)
trigger.conditions = trigger_data.conditions.model_dump(exclude_none=True)
if trigger_data.actions is not None:
trigger.actions = [a.model_dump() for a in trigger_data.actions]
if trigger_data.is_active is not None:
trigger.is_active = trigger_data.is_active
db.commit()
db.refresh(trigger)
return trigger_to_response(trigger)
@router.delete("/api/triggers/{trigger_id}", status_code=status.HTTP_204_NO_CONTENT)
async def delete_trigger(
trigger_id: str,
db: Session = Depends(get_db),
current_user: User = Depends(get_current_user),
):
"""Delete a trigger."""
trigger = db.query(Trigger).filter(Trigger.id == trigger_id).first()
if not trigger:
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail="Trigger not found",
)
project = trigger.project
if not check_project_edit_access(current_user, project):
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Permission denied",
)
db.delete(trigger)
db.commit()
@router.get("/api/triggers/{trigger_id}/logs", response_model=TriggerLogListResponse)
async def list_trigger_logs(
trigger_id: str,
limit: int = 50,
offset: int = 0,
db: Session = Depends(get_db),
current_user: User = Depends(get_current_user),
):
"""Get execution logs for a trigger."""
trigger = db.query(Trigger).filter(Trigger.id == trigger_id).first()
if not trigger:
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail="Trigger not found",
)
project = trigger.project
if not check_project_access(current_user, project):
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Access denied",
)
total = db.query(TriggerLog).filter(TriggerLog.trigger_id == trigger_id).count()
logs = db.query(TriggerLog).filter(
TriggerLog.trigger_id == trigger_id,
).order_by(TriggerLog.executed_at.desc()).offset(offset).limit(limit).all()
return TriggerLogListResponse(
logs=[
TriggerLogResponse(
id=log.id,
trigger_id=log.trigger_id,
task_id=log.task_id,
executed_at=log.executed_at,
status=log.status,
details=log.details,
error_message=log.error_message,
) for log in logs
],
total=total,
)
Reference in New Issue View Git Blame Copy Permalink