openvpn-endpoint-server/server/app/web/tenants.py

"""Tenant management web routes (Super Admin only)."""

from fastapi import APIRouter, Request, Depends, Form
from fastapi.responses import HTMLResponse, RedirectResponse
from sqlalchemy.orm import Session
from ..database import get_db
from ..models.user import User
from ..models.tenant import Tenant
from .deps import require_super_admin_web, flash, get_flashed_messages

router = APIRouter()


@router.get("/tenants", response_class=HTMLResponse)
async def list_tenants(
    request: Request,
    db: Session = Depends(get_db),
    current_user: User = Depends(require_super_admin_web)
):
    """List all tenants."""
    tenants = db.query(Tenant).all()

    return request.app.state.templates.TemplateResponse(
        "tenants/list.html",
        {
            "request": request,
            "current_user": current_user,
            "tenants": tenants,
            "flash_messages": get_flashed_messages(request)
        }
    )


@router.get("/tenants/new", response_class=HTMLResponse)
async def new_tenant_form(
    request: Request,
    db: Session = Depends(get_db),
    current_user: User = Depends(require_super_admin_web)
):
    """New tenant form."""
    return request.app.state.templates.TemplateResponse(
        "tenants/form.html",
        {
            "request": request,
            "current_user": current_user,
            "tenant": None,
            "flash_messages": get_flashed_messages(request)
        }
    )


@router.post("/tenants/new")
async def create_tenant(
    request: Request,
    name: str = Form(...),
    description: str = Form(None),
    db: Session = Depends(get_db),
    current_user: User = Depends(require_super_admin_web)
):
    """Create new tenant."""
    # Check if name exists
    existing = db.query(Tenant).filter(Tenant.name == name).first()
    if existing:
        flash(request, "Mandantenname bereits vergeben", "danger")
        return RedirectResponse(url="/tenants/new", status_code=303)

    tenant = Tenant(
        name=name,
        description=description or None
    )

    db.add(tenant)
    db.commit()

    flash(request, f"Mandant '{name}' erstellt", "success")
    return RedirectResponse(url="/tenants", status_code=303)


@router.get("/tenants/{tenant_id}/edit", response_class=HTMLResponse)
async def edit_tenant_form(
    request: Request,
    tenant_id: int,
    db: Session = Depends(get_db),
    current_user: User = Depends(require_super_admin_web)
):
    """Edit tenant form."""
    tenant = db.query(Tenant).filter(Tenant.id == tenant_id).first()
    if not tenant:
        flash(request, "Mandant nicht gefunden", "danger")
        return RedirectResponse(url="/tenants", status_code=303)

    return request.app.state.templates.TemplateResponse(
        "tenants/form.html",
        {
            "request": request,
            "current_user": current_user,
            "tenant": tenant,
            "flash_messages": get_flashed_messages(request)
        }
    )


@router.post("/tenants/{tenant_id}/edit")
async def update_tenant(
    request: Request,
    tenant_id: int,
    name: str = Form(...),
    description: str = Form(None),
    is_active: bool = Form(True),
    db: Session = Depends(get_db),
    current_user: User = Depends(require_super_admin_web)
):
    """Update tenant."""
    tenant = db.query(Tenant).filter(Tenant.id == tenant_id).first()
    if not tenant:
        flash(request, "Mandant nicht gefunden", "danger")
        return RedirectResponse(url="/tenants", status_code=303)

    tenant.name = name
    tenant.description = description or None
    tenant.is_active = is_active

    db.commit()

    flash(request, "Mandant aktualisiert", "success")
    return RedirectResponse(url="/tenants", status_code=303)


@router.post("/tenants/{tenant_id}/delete")
async def delete_tenant(
    request: Request,
    tenant_id: int,
    db: Session = Depends(get_db),
    current_user: User = Depends(require_super_admin_web)
):
    """Delete tenant."""
    tenant = db.query(Tenant).filter(Tenant.id == tenant_id).first()
    if not tenant:
        flash(request, "Mandant nicht gefunden", "danger")
        return RedirectResponse(url="/tenants", status_code=303)

    # Check if tenant has users or gateways
    if tenant.users or tenant.gateways:
        flash(request, "Mandant hat noch Benutzer oder Gateways. Bitte zuerst löschen.", "danger")
        return RedirectResponse(url="/tenants", status_code=303)

    db.delete(tenant)
    db.commit()

    flash(request, f"Mandant '{tenant.name}' gelöscht", "warning")
    return RedirectResponse(url="/tenants", status_code=303)