.

2025-10-24 14:54:44 -05:00
parent cb06217ef7
commit 6a58e19b10
16 changed files with 1172 additions and 138 deletions
--- a/qwen/python/merchants_of_hope/api/v1/jobs.py
+++ b/qwen/python/merchants_of_hope/api/v1/jobs.py
@@ -1,7 +1,7 @@
 """
 Jobs API routes
 """
-from fastapi import APIRouter, Depends, HTTPException, status
+from fastapi import APIRouter, Depends, HTTPException, status, Request
 from typing import List
 from pydantic import BaseModel
 from sqlalchemy.orm import Session
@@ -49,18 +49,29 @@ class JobResponse(BaseModel):
        from_attributes = True

@router.get("/", response_model=List[JobResponse])
-async def get_jobs(skip: int = 0, limit: int = 100, is_active: bool = True, db: Session = Depends(SessionLocal)):
-    """Get all jobs"""
-    query = db.query(JobPosting)
+async def get_jobs(skip: int = 0, limit: int = 100, is_active: bool = True, db: Session = Depends(SessionLocal), request: Request = None):
+    """Get all jobs for the current tenant"""
+    tenant_id = getattr(request.state, 'tenant_id', None)
+    if not tenant_id and settings.MULTI_TENANT_ENABLED:
+        raise HTTPException(status_code=400, detail="Tenant ID is required")
+    
+    query = db.query(JobPosting).filter(JobPosting.tenant_id == tenant_id)
    if is_active is not None:
        query = query.filter(JobPosting.is_active == is_active)
    jobs = query.offset(skip).limit(limit).all()
    return jobs

@router.get("/{job_id}", response_model=JobResponse)
-async def get_job(job_id: int, db: Session = Depends(SessionLocal)):
+async def get_job(job_id: int, db: Session = Depends(SessionLocal), request: Request = None):
    """Get a specific job"""
-    job = db.query(JobPosting).filter(JobPosting.id == job_id).first()
+    tenant_id = getattr(request.state, 'tenant_id', None)
+    if not tenant_id and settings.MULTI_TENANT_ENABLED:
+        raise HTTPException(status_code=400, detail="Tenant ID is required")
+    
+    job = db.query(JobPosting).filter(
+        JobPosting.id == job_id,
+        JobPosting.tenant_id == tenant_id  # Ensure job belongs to current tenant
+    ).first()
    if not job:
        raise HTTPException(status_code=404, detail="Job not found")
    if not job.is_active:
@@ -68,10 +79,17 @@ async def get_job(job_id: int, db: Session = Depends(SessionLocal)):
    return job

@router.post("/", response_model=JobResponse)
-async def create_job(job: JobCreate, db: Session = Depends(SessionLocal), user_id: int = 1):  # In real app, get from auth context
+async def create_job(job: JobCreate, db: Session = Depends(SessionLocal), request: Request = None, user_id: int = 1):  # In real app, get from auth context
    """Create a new job posting"""
+    tenant_id = getattr(request.state, 'tenant_id', None)
+    if not tenant_id and settings.MULTI_TENANT_ENABLED:
+        raise HTTPException(status_code=400, detail="Tenant ID is required")
+    
    # Verify user exists and has permission to create job postings
-    user = db.query(User).filter(User.id == user_id).first()
+    user = db.query(User).filter(
+        User.id == user_id,
+        User.tenant_id == tenant_id  # Ensure user belongs to current tenant
+    ).first()
    if not user or user.role not in ["job_provider", "admin"]:
        raise HTTPException(
            status_code=status.HTTP_403_FORBIDDEN,
@@ -86,7 +104,7 @@ async def create_job(job: JobCreate, db: Session = Depends(SessionLocal), user_i
        salary_min=job.salary_min,
        salary_max=job.salary_max,
        is_remote=job.is_remote,
-        tenant_id=user.tenant_id,  # Use user's tenant
+        tenant_id=tenant_id,  # Use current tenant
        created_by_user_id=user_id
    )
    db.add(db_job)
@@ -95,9 +113,16 @@ async def create_job(job: JobCreate, db: Session = Depends(SessionLocal), user_i
    return db_job

@router.put("/{job_id}", response_model=JobResponse)
-async def update_job(job_id: int, job_update: JobUpdate, db: Session = Depends(SessionLocal)):
+async def update_job(job_id: int, job_update: JobUpdate, db: Session = Depends(SessionLocal), request: Request = None):
    """Update a job posting"""
-    db_job = db.query(JobPosting).filter(JobPosting.id == job_id).first()
+    tenant_id = getattr(request.state, 'tenant_id', None)
+    if not tenant_id and settings.MULTI_TENANT_ENABLED:
+        raise HTTPException(status_code=400, detail="Tenant ID is required")
+    
+    db_job = db.query(JobPosting).filter(
+        JobPosting.id == job_id,
+        JobPosting.tenant_id == tenant_id  # Ensure job belongs to current tenant
+    ).first()
    if not db_job:
        raise HTTPException(status_code=404, detail="Job not found")
    
@@ -110,9 +135,16 @@ async def update_job(job_id: int, job_update: JobUpdate, db: Session = Depends(S
    return db_job

@router.delete("/{job_id}")
-async def delete_job(job_id: int, db: Session = Depends(SessionLocal)):
+async def delete_job(job_id: int, db: Session = Depends(SessionLocal), request: Request = None):
    """Delete a job posting (soft delete by setting is_active to False)"""
-    db_job = db.query(JobPosting).filter(JobPosting.id == job_id).first()
+    tenant_id = getattr(request.state, 'tenant_id', None)
+    if not tenant_id and settings.MULTI_TENANT_ENABLED:
+        raise HTTPException(status_code=400, detail="Tenant ID is required")
+    
+    db_job = db.query(JobPosting).filter(
+        JobPosting.id == job_id,
+        JobPosting.tenant_id == tenant_id  # Ensure job belongs to current tenant
+    ).first()
    if not db_job:
        raise HTTPException(status_code=404, detail="Job not found")