docupulse/routes/rooms.py

from flask import Blueprint, render_template, redirect, url_for, flash, request
from flask_login import login_required, current_user
from models import db, Room, User, RoomMemberPermission, RoomFile
from forms import RoomForm
from routes.room_files import user_has_permission

rooms_bp = Blueprint('rooms', __name__, url_prefix='/rooms')

@rooms_bp.route('/')
@login_required
def rooms():
    search = request.args.get('search', '').strip()
    if current_user.is_admin:
        query = Room.query
    else:
        # Get rooms where user is a member and has view permissions
        query = Room.query.join(
            RoomMemberPermission,
            (Room.id == RoomMemberPermission.room_id) & 
            (RoomMemberPermission.user_id == current_user.id) &
            (RoomMemberPermission.can_view == True)
        )
    if search:
        query = query.filter(Room.name.ilike(f'%{search}%'))
    rooms = query.order_by(Room.created_at.desc()).all()
    return render_template('rooms/rooms.html', rooms=rooms, search=search)

@rooms_bp.route('/create', methods=['GET', 'POST'])
@login_required
def create_room():
    form = RoomForm()
    if form.validate_on_submit():
        room = Room(
            name=form.name.data,
            description=form.description.data,
            created_by=current_user.id
        )
        
        # Add creator as a member with full permissions
        room.members.append(current_user)
        creator_permission = RoomMemberPermission(
            room=room,
            user=current_user,
            can_view=True,
            can_upload=True,
            can_delete=True,
            can_share=True
        )
        db.session.add(room)
        db.session.add(creator_permission)
        db.session.commit()
        
        flash('Room created successfully!', 'success')
        return redirect(url_for('rooms.rooms'))
    return render_template('rooms/create_room.html', form=form)

@rooms_bp.route('/<int:room_id>')
@login_required
def room(room_id):
    room = Room.query.get_or_404(room_id)
    # Admins always have access
    if not current_user.is_admin:
        is_member = RoomMemberPermission.query.filter_by(room_id=room_id, user_id=current_user.id).first() is not None
        if not is_member:
            flash('You do not have access to this room.', 'error')
            return redirect(url_for('rooms.rooms'))
    can_download = user_has_permission(room, 'can_download')
    can_upload = user_has_permission(room, 'can_upload')
    can_delete = user_has_permission(room, 'can_delete')
    can_rename = user_has_permission(room, 'can_rename')
    can_move = user_has_permission(room, 'can_move')
    can_share = user_has_permission(room, 'can_share')
    return render_template('rooms/room.html', room=room, can_download=can_download, can_upload=can_upload, can_delete=can_delete, can_rename=can_rename, can_move=can_move, can_share=can_share)

@rooms_bp.route('/<int:room_id>/members')
@login_required
def room_members(room_id):
    room = Room.query.get_or_404(room_id)
    # Admins always have access
    if not current_user.is_admin:
        is_member = RoomMemberPermission.query.filter_by(room_id=room_id, user_id=current_user.id).first() is not None
        if not is_member:
            flash('You do not have access to this room.', 'error')
            return redirect(url_for('rooms.rooms'))
    if not current_user.is_admin:
        flash('Only administrators can manage room members.', 'error')
        return redirect(url_for('rooms.room', room_id=room_id))
    member_permissions = {p.user_id: p for p in room.member_permissions}
    available_users = User.query.filter(~User.id.in_(member_permissions.keys())).all()
    return render_template('rooms/room_members.html', room=room, available_users=available_users, member_permissions=member_permissions)

@rooms_bp.route('/<int:room_id>/members/add', methods=['POST'])
@login_required
def add_member(room_id):
    room = Room.query.get_or_404(room_id)
    # Membership check using RoomMemberPermission
    is_member = RoomMemberPermission.query.filter_by(room_id=room_id, user_id=current_user.id).first() is not None
    if not is_member:
        flash('You do not have access to this room.', 'error')
        return redirect(url_for('rooms.rooms'))
    if not current_user.is_admin:
        flash('Only administrators can manage room members.', 'error')
        return redirect(url_for('rooms.room', room_id=room_id))
    user_id = request.form.get('user_id')
    if not user_id:
        flash('Please select a user to add.', 'error')
        return redirect(url_for('rooms.room_members', room_id=room_id))
    user = User.query.get_or_404(user_id)
    # Check if already a member
    if RoomMemberPermission.query.filter_by(room_id=room_id, user_id=user.id).first():
        flash('User is already a member of this room.', 'error')
    else:
        perm = RoomMemberPermission(room_id=room_id, user_id=user.id, can_view=True)
        db.session.add(perm)
        # Ensure user is added to the room.members relationship
        if user not in room.members:
            room.members.append(user)
        db.session.commit()
        flash(f'{user.username} has been added to the room.', 'success')
    return redirect(url_for('rooms.room_members', room_id=room_id))

@rooms_bp.route('/<int:room_id>/members/<int:user_id>/remove', methods=['POST'])
@login_required
def remove_member(room_id, user_id):
    room = Room.query.get_or_404(room_id)
    # Membership check using RoomMemberPermission
    is_member = RoomMemberPermission.query.filter_by(room_id=room_id, user_id=current_user.id).first() is not None
    if not is_member:
        flash('You do not have access to this room.', 'error')
        return redirect(url_for('rooms.rooms'))
    if not current_user.is_admin:
        flash('Only administrators can manage room members.', 'error')
        return redirect(url_for('rooms.room', room_id=room_id))
    if user_id == room.created_by:
        flash('Cannot remove the room creator.', 'error')
    else:
        perm = RoomMemberPermission.query.filter_by(room_id=room_id, user_id=user_id).first()
        if not perm:
            flash('User is not a member of this room.', 'error')
        else:
            db.session.delete(perm)
            db.session.commit()
            flash('User has been removed from the room.', 'success')
    return redirect(url_for('rooms.room_members', room_id=room_id))

@rooms_bp.route('/<int:room_id>/members/<int:user_id>/permissions', methods=['POST'])
@login_required
def update_member_permissions(room_id, user_id):
    room = Room.query.get_or_404(room_id)
    if not current_user.is_admin:
        flash('Only administrators can update permissions.', 'error')
        return redirect(url_for('rooms.room_members', room_id=room_id))
    perm = RoomMemberPermission.query.filter_by(room_id=room_id, user_id=user_id).first()
    if not perm:
        flash('Member not found.', 'error')
        return redirect(url_for('rooms.room_members', room_id=room_id))
    perm.can_view = bool(request.form.get('can_view'))
    perm.can_download = bool(request.form.get('can_download'))
    perm.can_upload = bool(request.form.get('can_upload'))
    perm.can_delete = bool(request.form.get('can_delete'))
    perm.can_rename = bool(request.form.get('can_rename'))
    perm.can_move = bool(request.form.get('can_move'))
    perm.can_share = bool(request.form.get('can_share'))
    db.session.commit()
    flash('Permissions updated.', 'success')
    return redirect(url_for('rooms.room_members', room_id=room_id))

@rooms_bp.route('/<int:room_id>/edit', methods=['GET', 'POST'])
@login_required
def edit_room(room_id):
    if not current_user.is_admin:
        flash('Only administrators can edit rooms.', 'error')
        return redirect(url_for('rooms.rooms'))
    
    room = Room.query.get_or_404(room_id)
    form = RoomForm()
    
    if form.validate_on_submit():
        room.name = form.name.data
        room.description = form.description.data
        db.session.commit()
        flash('Room updated successfully!', 'success')
        return redirect(url_for('rooms.rooms'))
    
    # Pre-populate form with existing room data
    if request.method == 'GET':
        form.name.data = room.name
        form.description.data = room.description
    
    return render_template('rooms/edit_room.html', form=form, room=room)

@rooms_bp.route('/<int:room_id>/delete', methods=['POST'])
@login_required
def delete_room(room_id):
    if not current_user.is_admin:
        flash('Only administrators can delete rooms.', 'error')
        return redirect(url_for('rooms.rooms'))
    
    room = Room.query.get_or_404(room_id)
    room_name = room.name
    
    try:
        print(f"Attempting to delete room {room_id} ({room_name})")
        
        # Delete the room (cascade will handle the rest)
        db.session.delete(room)
        db.session.commit()
        print("Room deleted successfully")
        
        flash(f'Room "{room_name}" has been deleted.', 'success')
    except Exception as e:
        db.session.rollback()
        flash('An error occurred while deleting the room. Please try again.', 'error')
        print(f"Error deleting room: {str(e)}")
    
    return redirect(url_for('rooms.rooms'))

@rooms_bp.route('/room/<int:room_id>/view/<path:file_path>')
@login_required
def view_file(room_id, file_path):
    room = Room.query.get_or_404(room_id)
    # Check if user has access to the room
    if not current_user.is_admin and current_user not in room.members:
        flash('You do not have access to this room.', 'error')
        return redirect(url_for('rooms.rooms'))
            
    file = RoomFile.query.filter_by(room_id=room_id, path=file_path).first_or_404()
    
    # Continue with file viewing logic...