4a91814bfc
Phase 1 Step 4 of PHASE1_RUNBOOK.md, first worked example. Demonstrates
the router -> service delegation pattern for all 18 oversized route
files still above the 500 LOC hard cap.
compliance/api/audit_routes.py (637 LOC) is decomposed into:
compliance/api/audit_routes.py (198) — thin handlers
compliance/services/audit_session_service.py (259) — session lifecycle
compliance/services/audit_signoff_service.py (319) — checklist + sign-off
compliance/api/_http_errors.py ( 43) — reusable error translator
Handlers shrink to 3-6 lines each:
@router.post("/sessions", response_model=AuditSessionResponse)
async def create_audit_session(
request: CreateAuditSessionRequest,
service: AuditSessionService = Depends(get_audit_session_service),
):
with translate_domain_errors():
return service.create(request)
Services are HTTP-agnostic: they raise NotFoundError / ConflictError /
ValidationError from compliance.domain, and the route layer translates
those to HTTPException(404/409/400) via the translate_domain_errors()
context manager in compliance.api._http_errors. The error translator is
reusable by every future Step 4 refactor.
Services take a sqlalchemy Session in the constructor and are wired via
Depends factories (get_audit_session_service / get_audit_signoff_service).
No globals, no module-level state.
Behavior is byte-identical at the HTTP boundary:
- Same paths, methods, status codes, response models
- Same error messages (domain error __str__ preserved)
- Same auto-start-on-first-signoff, same statistics calculation,
same signature hash format, same PDF streaming response
Verified:
- 173/173 pytest compliance/tests/ tests/contracts/ pass
- OpenAPI 360 paths / 484 operations unchanged
- audit_routes.py under soft 300 target
- Both new service files under soft 300 / hard 500
Note: compliance/tests/test_audit_routes.py contains placeholder tests
that do not actually import or call the handler functions — they only
assert on request-data shape. Real behavioral coverage relies on the
contract test. A follow-up commit should add TestClient-based
integration tests for the audit endpoints. Flagged in PHASE1_RUNBOOK.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
199 lines
6.4 KiB
Python
199 lines
6.4 KiB
Python
"""
|
|
FastAPI routes for Audit Sessions & Sign-off functionality.
|
|
|
|
Sprint 3 Phase 3: Auditor-Verbesserungen
|
|
|
|
Endpoints:
|
|
- /audit/sessions: Manage audit sessions
|
|
- /audit/checklist: Audit checklist with sign-off
|
|
|
|
Phase 1 Step 4 refactor: handlers are thin and delegate to
|
|
``AuditSessionService`` / ``AuditSignOffService``. Domain errors raised by
|
|
the services are translated to HTTPException via
|
|
``translate_domain_errors``.
|
|
"""
|
|
|
|
import logging
|
|
from typing import List, Optional
|
|
|
|
from fastapi import APIRouter, Depends, Query
|
|
from sqlalchemy.orm import Session
|
|
|
|
from classroom_engine.database import get_db
|
|
from compliance.api._http_errors import translate_domain_errors
|
|
from compliance.schemas.audit_session import (
|
|
AuditChecklistResponse,
|
|
AuditSessionDetailResponse,
|
|
AuditSessionResponse,
|
|
AuditSessionSummary,
|
|
CreateAuditSessionRequest,
|
|
SignOffRequest,
|
|
SignOffResponse,
|
|
)
|
|
from compliance.services.audit_session_service import AuditSessionService
|
|
from compliance.services.audit_signoff_service import AuditSignOffService
|
|
|
|
logger = logging.getLogger(__name__)
|
|
router = APIRouter(prefix="/audit", tags=["compliance-audit"])
|
|
|
|
|
|
# ----------------------------------------------------------------------
|
|
# Dependency-injection factories
|
|
# ----------------------------------------------------------------------
|
|
|
|
def get_audit_session_service(db: Session = Depends(get_db)) -> AuditSessionService:
|
|
return AuditSessionService(db)
|
|
|
|
|
|
def get_audit_signoff_service(db: Session = Depends(get_db)) -> AuditSignOffService:
|
|
return AuditSignOffService(db)
|
|
|
|
|
|
# ============================================================================
|
|
# Audit Sessions
|
|
# ============================================================================
|
|
|
|
@router.post("/sessions", response_model=AuditSessionResponse)
|
|
async def create_audit_session(
|
|
request: CreateAuditSessionRequest,
|
|
service: AuditSessionService = Depends(get_audit_session_service),
|
|
):
|
|
"""Create a new audit session for structured compliance reviews."""
|
|
with translate_domain_errors():
|
|
return service.create(request)
|
|
|
|
|
|
@router.get("/sessions", response_model=List[AuditSessionSummary])
|
|
async def list_audit_sessions(
|
|
status: Optional[str] = None,
|
|
service: AuditSessionService = Depends(get_audit_session_service),
|
|
):
|
|
"""List all audit sessions, optionally filtered by status."""
|
|
with translate_domain_errors():
|
|
return service.list(status)
|
|
|
|
|
|
@router.get("/sessions/{session_id}", response_model=AuditSessionDetailResponse)
|
|
async def get_audit_session(
|
|
session_id: str,
|
|
service: AuditSessionService = Depends(get_audit_session_service),
|
|
):
|
|
"""Get detailed information about a specific audit session."""
|
|
with translate_domain_errors():
|
|
return service.get(session_id)
|
|
|
|
|
|
@router.put("/sessions/{session_id}/start")
|
|
async def start_audit_session(
|
|
session_id: str,
|
|
service: AuditSessionService = Depends(get_audit_session_service),
|
|
):
|
|
"""Start an audit session (draft -> in_progress)."""
|
|
with translate_domain_errors():
|
|
return service.start(session_id)
|
|
|
|
|
|
@router.put("/sessions/{session_id}/complete")
|
|
async def complete_audit_session(
|
|
session_id: str,
|
|
service: AuditSessionService = Depends(get_audit_session_service),
|
|
):
|
|
"""Complete an audit session (in_progress -> completed)."""
|
|
with translate_domain_errors():
|
|
return service.complete(session_id)
|
|
|
|
|
|
@router.put("/sessions/{session_id}/archive")
|
|
async def archive_audit_session(
|
|
session_id: str,
|
|
service: AuditSessionService = Depends(get_audit_session_service),
|
|
):
|
|
"""Archive a completed audit session."""
|
|
with translate_domain_errors():
|
|
return service.archive(session_id)
|
|
|
|
|
|
@router.delete("/sessions/{session_id}")
|
|
async def delete_audit_session(
|
|
session_id: str,
|
|
service: AuditSessionService = Depends(get_audit_session_service),
|
|
):
|
|
"""Delete a draft or archived audit session and all its sign-offs."""
|
|
with translate_domain_errors():
|
|
return service.delete(session_id)
|
|
|
|
|
|
# ============================================================================
|
|
# Audit Checklist & Sign-off
|
|
# ============================================================================
|
|
|
|
@router.get("/checklist/{session_id}", response_model=AuditChecklistResponse)
|
|
async def get_audit_checklist(
|
|
session_id: str,
|
|
page: int = Query(1, ge=1),
|
|
page_size: int = Query(50, ge=1, le=200),
|
|
status_filter: Optional[str] = None,
|
|
regulation_filter: Optional[str] = None,
|
|
search: Optional[str] = None,
|
|
service: AuditSignOffService = Depends(get_audit_signoff_service),
|
|
):
|
|
"""Get the paginated audit checklist for a session."""
|
|
with translate_domain_errors():
|
|
return service.get_checklist(
|
|
session_id=session_id,
|
|
page=page,
|
|
page_size=page_size,
|
|
status_filter=status_filter,
|
|
regulation_filter=regulation_filter,
|
|
search=search,
|
|
)
|
|
|
|
|
|
@router.put(
|
|
"/checklist/{session_id}/items/{requirement_id}/sign-off",
|
|
response_model=SignOffResponse,
|
|
)
|
|
async def sign_off_item(
|
|
session_id: str,
|
|
requirement_id: str,
|
|
request: SignOffRequest,
|
|
service: AuditSignOffService = Depends(get_audit_signoff_service),
|
|
):
|
|
"""Sign off on a specific requirement in an audit session."""
|
|
with translate_domain_errors():
|
|
return service.sign_off(session_id, requirement_id, request)
|
|
|
|
|
|
@router.get(
|
|
"/checklist/{session_id}/items/{requirement_id}",
|
|
response_model=SignOffResponse,
|
|
)
|
|
async def get_sign_off(
|
|
session_id: str,
|
|
requirement_id: str,
|
|
service: AuditSignOffService = Depends(get_audit_signoff_service),
|
|
):
|
|
"""Get the current sign-off status for a specific requirement."""
|
|
with translate_domain_errors():
|
|
return service.get_sign_off(session_id, requirement_id)
|
|
|
|
|
|
# ============================================================================
|
|
# PDF Report Generation
|
|
# ============================================================================
|
|
|
|
@router.get("/sessions/{session_id}/report/pdf")
|
|
async def generate_audit_pdf_report(
|
|
session_id: str,
|
|
language: str = Query("de", pattern="^(de|en)$"),
|
|
include_signatures: bool = Query(True),
|
|
service: AuditSessionService = Depends(get_audit_session_service),
|
|
):
|
|
"""Generate a PDF report for an audit session."""
|
|
with translate_domain_errors():
|
|
return service.generate_pdf(
|
|
session_id=session_id,
|
|
language=language,
|
|
include_signatures=include_signatures,
|
|
)
|