""" Klausur-Service BYOEH Routes Endpoints for Bring-Your-Own-Expectation-Horizon (BYOEH). """ import os import uuid import json from datetime import datetime, timezone, timedelta from typing import Optional from fastapi import APIRouter, HTTPException, Request, UploadFile, File, Form, BackgroundTasks from models.enums import EHStatus from models.eh import ( Erwartungshorizont, EHRightsConfirmation, EHKeyShare, EHKlausurLink, EHShareInvitation, ) from models.requests import ( EHMetadata, EHUploadMetadata, EHRAGQuery, EHIndexRequest, EHShareRequest, EHLinkKlausurRequest, EHInviteRequest, EHAcceptInviteRequest, ) from services.auth_service import get_current_user from services.eh_service import log_eh_audit from config import EH_UPLOAD_DIR, OPENAI_API_KEY, ENVIRONMENT, RIGHTS_CONFIRMATION_TEXT import storage # BYOEH imports from qdrant_service import ( get_collection_info, delete_eh_vectors, search_eh, index_eh_chunks ) from eh_pipeline import ( decrypt_text, verify_key_hash, process_eh_for_indexing, generate_single_embedding, EncryptionError, EmbeddingError ) router = APIRouter() # ============================================= # EH UPLOAD & LIST # ============================================= @router.post("/api/v1/eh/upload") async def upload_erwartungshorizont( file: UploadFile = File(...), metadata_json: str = Form(...), request: Request = None, background_tasks: BackgroundTasks = None ): """ Upload an encrypted Erwartungshorizont. The file MUST be client-side encrypted. Server stores only the encrypted blob + key hash (never the passphrase). """ user = get_current_user(request) tenant_id = user.get("tenant_id") or user.get("school_id") or user["user_id"] try: data = EHUploadMetadata(**json.loads(metadata_json)) except Exception as e: raise HTTPException(status_code=400, detail=f"Invalid metadata: {str(e)}") if not data.rights_confirmed: raise HTTPException(status_code=400, detail="Rights confirmation required") eh_id = str(uuid.uuid4()) # Create tenant-isolated directory upload_dir = f"{EH_UPLOAD_DIR}/{tenant_id}/{eh_id}" os.makedirs(upload_dir, exist_ok=True) # Save encrypted file encrypted_path = f"{upload_dir}/encrypted.bin" content = await file.read() with open(encrypted_path, "wb") as f: f.write(content) # Save salt separately with open(f"{upload_dir}/salt.txt", "w") as f: f.write(data.salt) # Create EH record eh = Erwartungshorizont( id=eh_id, tenant_id=tenant_id, teacher_id=user["user_id"], title=data.metadata.title, subject=data.metadata.subject, niveau=data.metadata.niveau, year=data.metadata.year, aufgaben_nummer=data.metadata.aufgaben_nummer, encryption_key_hash=data.encryption_key_hash, salt=data.salt, encrypted_file_path=encrypted_path, file_size_bytes=len(content), original_filename=data.original_filename, rights_confirmed=True, rights_confirmed_at=datetime.now(timezone.utc), status=EHStatus.PENDING_RIGHTS, chunk_count=0, indexed_at=None, error_message=None, training_allowed=False, # ALWAYS FALSE - critical for compliance created_at=datetime.now(timezone.utc), deleted_at=None ) storage.eh_db[eh_id] = eh # Store rights confirmation rights_confirmation = EHRightsConfirmation( id=str(uuid.uuid4()), eh_id=eh_id, teacher_id=user["user_id"], confirmation_type="upload", confirmation_text=RIGHTS_CONFIRMATION_TEXT, ip_address=request.client.host if request.client else None, user_agent=request.headers.get("user-agent"), confirmed_at=datetime.now(timezone.utc) ) storage.eh_rights_db[rights_confirmation.id] = rights_confirmation # Audit log log_eh_audit( tenant_id=tenant_id, user_id=user["user_id"], action="upload", eh_id=eh_id, details={ "subject": data.metadata.subject, "year": data.metadata.year, "file_size": len(content) }, ip_address=request.client.host if request.client else None, user_agent=request.headers.get("user-agent") ) return eh.to_dict() @router.get("/api/v1/eh") async def list_erwartungshorizonte( request: Request, subject: Optional[str] = None, year: Optional[int] = None ): """List all Erwartungshorizonte for the current teacher.""" user = get_current_user(request) tenant_id = user.get("tenant_id") or user.get("school_id") or user["user_id"] results = [] for eh in storage.eh_db.values(): if eh.tenant_id == tenant_id and eh.deleted_at is None: if subject and eh.subject != subject: continue if year and eh.year != year: continue results.append(eh.to_dict()) return results # ============================================= # SPECIFIC EH ROUTES (must come before {eh_id} catch-all) # ============================================= @router.get("/api/v1/eh/audit-log") async def get_eh_audit_log( request: Request, eh_id: Optional[str] = None, limit: int = 100 ): """Get BYOEH audit log entries.""" user = get_current_user(request) tenant_id = user.get("tenant_id") or user.get("school_id") or user["user_id"] # Filter by tenant entries = [e for e in storage.eh_audit_db if e.tenant_id == tenant_id] # Filter by EH if specified if eh_id: entries = [e for e in entries if e.eh_id == eh_id] # Sort and limit entries = sorted(entries, key=lambda e: e.created_at, reverse=True)[:limit] return [e.to_dict() for e in entries] @router.get("/api/v1/eh/rights-text") async def get_rights_confirmation_text(): """Get the rights confirmation text for display in UI.""" return { "text": RIGHTS_CONFIRMATION_TEXT, "version": "v1.0" } @router.get("/api/v1/eh/qdrant-status") async def get_qdrant_status(request: Request): """Get Qdrant collection status (admin only).""" user = get_current_user(request) if user.get("role") != "admin" and ENVIRONMENT != "development": raise HTTPException(status_code=403, detail="Admin access required") return await get_collection_info() @router.get("/api/v1/eh/shared-with-me") async def list_shared_eh(request: Request): """List all EH shared with the current user.""" user = get_current_user(request) user_id = user["user_id"] shared_ehs = [] for eh_id, shares in storage.eh_key_shares_db.items(): for share in shares: if share.user_id == user_id and share.active: if eh_id in storage.eh_db: eh = storage.eh_db[eh_id] shared_ehs.append({ "eh": eh.to_dict(), "share": share.to_dict() }) return shared_ehs # ============================================= # GENERIC EH ROUTES # ============================================= @router.get("/api/v1/eh/{eh_id}") async def get_erwartungshorizont(eh_id: str, request: Request): """Get a specific Erwartungshorizont by ID.""" user = get_current_user(request) if eh_id not in storage.eh_db: raise HTTPException(status_code=404, detail="Erwartungshorizont not found") eh = storage.eh_db[eh_id] if eh.teacher_id != user["user_id"] and user.get("role") != "admin": raise HTTPException(status_code=403, detail="Access denied") if eh.deleted_at is not None: raise HTTPException(status_code=404, detail="Erwartungshorizont was deleted") return eh.to_dict() @router.delete("/api/v1/eh/{eh_id}") async def delete_erwartungshorizont(eh_id: str, request: Request): """Soft-delete an Erwartungshorizont and remove vectors from Qdrant.""" user = get_current_user(request) if eh_id not in storage.eh_db: raise HTTPException(status_code=404, detail="Erwartungshorizont not found") eh = storage.eh_db[eh_id] if eh.teacher_id != user["user_id"] and user.get("role") != "admin": raise HTTPException(status_code=403, detail="Access denied") # Soft delete eh.deleted_at = datetime.now(timezone.utc) # Delete vectors from Qdrant try: deleted_count = await delete_eh_vectors(eh_id) print(f"Deleted {deleted_count} vectors for EH {eh_id}") except Exception as e: print(f"Warning: Failed to delete vectors: {e}") # Audit log log_eh_audit( tenant_id=eh.tenant_id, user_id=user["user_id"], action="delete", eh_id=eh_id, ip_address=request.client.host if request.client else None, user_agent=request.headers.get("user-agent") ) return {"status": "deleted", "id": eh_id} @router.post("/api/v1/eh/{eh_id}/index") async def index_erwartungshorizont( eh_id: str, data: EHIndexRequest, request: Request ): """ Index an Erwartungshorizont for RAG queries. Requires the passphrase to decrypt, chunk, embed, and re-encrypt chunks. The passphrase is only used transiently and never stored. """ user = get_current_user(request) if eh_id not in storage.eh_db: raise HTTPException(status_code=404, detail="Erwartungshorizont not found") eh = storage.eh_db[eh_id] if eh.teacher_id != user["user_id"] and user.get("role") != "admin": raise HTTPException(status_code=403, detail="Access denied") # Verify passphrase matches key hash if not verify_key_hash(data.passphrase, eh.salt, eh.encryption_key_hash): raise HTTPException(status_code=401, detail="Invalid passphrase") eh.status = EHStatus.PROCESSING try: # Read encrypted file with open(eh.encrypted_file_path, "rb") as f: encrypted_content = f.read() # Decrypt the file decrypted_text = decrypt_text( encrypted_content.decode('utf-8'), data.passphrase, eh.salt ) # Process for indexing chunk_count, chunks_data = await process_eh_for_indexing( eh_id=eh_id, tenant_id=eh.tenant_id, subject=eh.subject, text_content=decrypted_text, passphrase=data.passphrase, salt_hex=eh.salt ) # Index in Qdrant await index_eh_chunks( eh_id=eh_id, tenant_id=eh.tenant_id, subject=eh.subject, chunks=chunks_data ) # Update EH record eh.status = EHStatus.INDEXED eh.chunk_count = chunk_count eh.indexed_at = datetime.now(timezone.utc) # Audit log log_eh_audit( tenant_id=eh.tenant_id, user_id=user["user_id"], action="indexed", eh_id=eh_id, details={"chunk_count": chunk_count} ) return { "status": "indexed", "id": eh_id, "chunk_count": chunk_count } except EncryptionError as e: eh.status = EHStatus.ERROR eh.error_message = str(e) raise HTTPException(status_code=400, detail=f"Decryption failed: {str(e)}") except EmbeddingError as e: eh.status = EHStatus.ERROR eh.error_message = str(e) raise HTTPException(status_code=500, detail=f"Embedding generation failed: {str(e)}") except Exception as e: eh.status = EHStatus.ERROR eh.error_message = str(e) raise HTTPException(status_code=500, detail=f"Indexing failed: {str(e)}") @router.post("/api/v1/eh/rag-query") async def rag_query_eh(data: EHRAGQuery, request: Request): """ RAG query against teacher's Erwartungshorizonte. 1. Semantic search in Qdrant (tenant-isolated) 2. Decrypt relevant chunks on-the-fly 3. Return context for LLM usage """ user = get_current_user(request) tenant_id = user.get("tenant_id") or user.get("school_id") or user["user_id"] if not OPENAI_API_KEY: raise HTTPException(status_code=500, detail="OpenAI API key not configured") try: # Generate embedding for query query_embedding = await generate_single_embedding(data.query_text) # Search in Qdrant (tenant-isolated) results = await search_eh( query_embedding=query_embedding, tenant_id=tenant_id, subject=data.subject, limit=data.limit ) # Decrypt matching chunks decrypted_chunks = [] for r in results: eh = storage.eh_db.get(r["eh_id"]) if eh and r.get("encrypted_content"): try: decrypted = decrypt_text( r["encrypted_content"], data.passphrase, eh.salt ) decrypted_chunks.append({ "text": decrypted, "eh_id": r["eh_id"], "eh_title": eh.title, "chunk_index": r["chunk_index"], "score": r["score"] }) except EncryptionError: # Skip chunks that can't be decrypted (wrong passphrase for different EH) pass # Audit log log_eh_audit( tenant_id=tenant_id, user_id=user["user_id"], action="rag_query", details={ "query_length": len(data.query_text), "results_count": len(results), "decrypted_count": len(decrypted_chunks) }, ip_address=request.client.host if request.client else None, user_agent=request.headers.get("user-agent") ) return { "context": "\n\n---\n\n".join([c["text"] for c in decrypted_chunks]), "sources": decrypted_chunks, "query": data.query_text } except EmbeddingError as e: raise HTTPException(status_code=500, detail=f"Query embedding failed: {str(e)}") except Exception as e: raise HTTPException(status_code=500, detail=f"RAG query failed: {str(e)}") # ============================================= # BYOEH KEY SHARING # ============================================= @router.post("/api/v1/eh/{eh_id}/share") async def share_erwartungshorizont( eh_id: str, share_request: EHShareRequest, request: Request ): """ Share an Erwartungshorizont with another examiner. The first examiner shares their EH by providing an encrypted passphrase that the recipient can use. """ user = get_current_user(request) tenant_id = user.get("tenant_id") or user.get("school_id") or user["user_id"] # Check EH exists and belongs to user if eh_id not in storage.eh_db: raise HTTPException(status_code=404, detail="Erwartungshorizont not found") eh = storage.eh_db[eh_id] if eh.teacher_id != user["user_id"]: raise HTTPException(status_code=403, detail="Only the owner can share this EH") # Validate role valid_roles = ['second_examiner', 'third_examiner', 'supervisor', 'department_head'] if share_request.role not in valid_roles: raise HTTPException(status_code=400, detail=f"Invalid role. Must be one of: {valid_roles}") # Create key share entry share_id = str(uuid.uuid4()) key_share = EHKeyShare( id=share_id, eh_id=eh_id, user_id=share_request.user_id, encrypted_passphrase=share_request.encrypted_passphrase, passphrase_hint=share_request.passphrase_hint or "", granted_by=user["user_id"], granted_at=datetime.now(timezone.utc), role=share_request.role, klausur_id=share_request.klausur_id, active=True ) # Store in memory if eh_id not in storage.eh_key_shares_db: storage.eh_key_shares_db[eh_id] = [] storage.eh_key_shares_db[eh_id].append(key_share) # Audit log log_eh_audit( tenant_id=tenant_id, user_id=user["user_id"], action="share", eh_id=eh_id, details={ "shared_with": share_request.user_id, "role": share_request.role, "klausur_id": share_request.klausur_id } ) return { "status": "shared", "share_id": share_id, "eh_id": eh_id, "shared_with": share_request.user_id, "role": share_request.role } @router.get("/api/v1/eh/{eh_id}/shares") async def list_eh_shares(eh_id: str, request: Request): """List all users who have access to an EH.""" user = get_current_user(request) # Check EH exists and belongs to user if eh_id not in storage.eh_db: raise HTTPException(status_code=404, detail="Erwartungshorizont not found") eh = storage.eh_db[eh_id] if eh.teacher_id != user["user_id"]: raise HTTPException(status_code=403, detail="Only the owner can view shares") shares = storage.eh_key_shares_db.get(eh_id, []) return [share.to_dict() for share in shares if share.active] @router.delete("/api/v1/eh/{eh_id}/shares/{share_id}") async def revoke_eh_share(eh_id: str, share_id: str, request: Request): """Revoke a shared EH access.""" user = get_current_user(request) tenant_id = user.get("tenant_id") or user.get("school_id") or user["user_id"] # Check EH exists and belongs to user if eh_id not in storage.eh_db: raise HTTPException(status_code=404, detail="Erwartungshorizont not found") eh = storage.eh_db[eh_id] if eh.teacher_id != user["user_id"]: raise HTTPException(status_code=403, detail="Only the owner can revoke shares") # Find and deactivate share shares = storage.eh_key_shares_db.get(eh_id, []) for share in shares: if share.id == share_id: share.active = False log_eh_audit( tenant_id=tenant_id, user_id=user["user_id"], action="revoke_share", eh_id=eh_id, details={"revoked_user": share.user_id, "share_id": share_id} ) return {"status": "revoked", "share_id": share_id} raise HTTPException(status_code=404, detail="Share not found") # ============================================= # KLAUSUR LINKING # ============================================= @router.post("/api/v1/eh/{eh_id}/link-klausur") async def link_eh_to_klausur( eh_id: str, link_request: EHLinkKlausurRequest, request: Request ): """ Link an Erwartungshorizont to a Klausur. This creates an association between the EH and a specific Klausur. """ user = get_current_user(request) tenant_id = user.get("tenant_id") or user.get("school_id") or user["user_id"] # Check EH exists and user has access if eh_id not in storage.eh_db: raise HTTPException(status_code=404, detail="Erwartungshorizont not found") eh = storage.eh_db[eh_id] user_has_access = ( eh.teacher_id == user["user_id"] or any( share.user_id == user["user_id"] and share.active for share in storage.eh_key_shares_db.get(eh_id, []) ) ) if not user_has_access: raise HTTPException(status_code=403, detail="No access to this EH") # Check Klausur exists klausur_id = link_request.klausur_id if klausur_id not in storage.klausuren_db: raise HTTPException(status_code=404, detail="Klausur not found") # Create link link_id = str(uuid.uuid4()) link = EHKlausurLink( id=link_id, eh_id=eh_id, klausur_id=klausur_id, linked_by=user["user_id"], linked_at=datetime.now(timezone.utc) ) if klausur_id not in storage.eh_klausur_links_db: storage.eh_klausur_links_db[klausur_id] = [] storage.eh_klausur_links_db[klausur_id].append(link) # Audit log log_eh_audit( tenant_id=tenant_id, user_id=user["user_id"], action="link_klausur", eh_id=eh_id, details={"klausur_id": klausur_id} ) return { "status": "linked", "link_id": link_id, "eh_id": eh_id, "klausur_id": klausur_id } @router.get("/api/v1/klausuren/{klausur_id}/linked-eh") async def get_linked_eh(klausur_id: str, request: Request): """Get all EH linked to a specific Klausur.""" user = get_current_user(request) user_id = user["user_id"] # Check Klausur exists if klausur_id not in storage.klausuren_db: raise HTTPException(status_code=404, detail="Klausur not found") # Get all links for this Klausur links = storage.eh_klausur_links_db.get(klausur_id, []) linked_ehs = [] for link in links: if link.eh_id in storage.eh_db: eh = storage.eh_db[link.eh_id] # Check if user has access to this EH is_owner = eh.teacher_id == user_id is_shared = any( share.user_id == user_id and share.active for share in storage.eh_key_shares_db.get(link.eh_id, []) ) if is_owner or is_shared: # Find user's share info if shared share_info = None if is_shared: for share in storage.eh_key_shares_db.get(link.eh_id, []): if share.user_id == user_id and share.active: share_info = share.to_dict() break linked_ehs.append({ "eh": eh.to_dict(), "link": link.to_dict(), "is_owner": is_owner, "share": share_info }) return linked_ehs @router.delete("/api/v1/eh/{eh_id}/link-klausur/{klausur_id}") async def unlink_eh_from_klausur(eh_id: str, klausur_id: str, request: Request): """Remove the link between an EH and a Klausur.""" user = get_current_user(request) tenant_id = user.get("tenant_id") or user.get("school_id") or user["user_id"] # Check EH exists and user has access if eh_id not in storage.eh_db: raise HTTPException(status_code=404, detail="Erwartungshorizont not found") eh = storage.eh_db[eh_id] if eh.teacher_id != user["user_id"]: raise HTTPException(status_code=403, detail="Only the owner can unlink") # Find and remove link links = storage.eh_klausur_links_db.get(klausur_id, []) for i, link in enumerate(links): if link.eh_id == eh_id: del links[i] log_eh_audit( tenant_id=tenant_id, user_id=user["user_id"], action="unlink_klausur", eh_id=eh_id, details={"klausur_id": klausur_id} ) return {"status": "unlinked", "eh_id": eh_id, "klausur_id": klausur_id} raise HTTPException(status_code=404, detail="Link not found") # ============================================= # INVITATION FLOW # ============================================= @router.post("/api/v1/eh/{eh_id}/invite") async def invite_to_eh( eh_id: str, invite_request: EHInviteRequest, request: Request ): """ Invite another user to access an Erwartungshorizont. This creates a pending invitation that the recipient must accept. """ user = get_current_user(request) tenant_id = user.get("tenant_id") or user.get("school_id") or user["user_id"] # Check EH exists and belongs to user if eh_id not in storage.eh_db: raise HTTPException(status_code=404, detail="Erwartungshorizont not found") eh = storage.eh_db[eh_id] if eh.teacher_id != user["user_id"]: raise HTTPException(status_code=403, detail="Only the owner can invite others") # Validate role valid_roles = ['second_examiner', 'third_examiner', 'supervisor', 'department_head', 'fachvorsitz'] if invite_request.role not in valid_roles: raise HTTPException(status_code=400, detail=f"Invalid role. Must be one of: {valid_roles}") # Check for existing pending invitation to same user for inv in storage.eh_invitations_db.values(): if (inv.eh_id == eh_id and inv.invitee_email == invite_request.invitee_email and inv.status == 'pending'): raise HTTPException( status_code=409, detail="Pending invitation already exists for this user" ) # Create invitation invitation_id = str(uuid.uuid4()) now = datetime.now(timezone.utc) expires_at = now + timedelta(days=invite_request.expires_in_days) invitation = EHShareInvitation( id=invitation_id, eh_id=eh_id, inviter_id=user["user_id"], invitee_id=invite_request.invitee_id or "", invitee_email=invite_request.invitee_email, role=invite_request.role, klausur_id=invite_request.klausur_id, message=invite_request.message, status='pending', expires_at=expires_at, created_at=now, accepted_at=None, declined_at=None ) storage.eh_invitations_db[invitation_id] = invitation # Audit log log_eh_audit( tenant_id=tenant_id, user_id=user["user_id"], action="invite", eh_id=eh_id, details={ "invitation_id": invitation_id, "invitee_email": invite_request.invitee_email, "role": invite_request.role, "expires_at": expires_at.isoformat() } ) return { "status": "invited", "invitation_id": invitation_id, "eh_id": eh_id, "invitee_email": invite_request.invitee_email, "role": invite_request.role, "expires_at": expires_at.isoformat(), "eh_title": eh.title } @router.get("/api/v1/eh/invitations/pending") async def list_pending_invitations(request: Request): """List all pending invitations for the current user.""" user = get_current_user(request) user_email = user.get("email", "") user_id = user["user_id"] now = datetime.now(timezone.utc) pending = [] for inv in storage.eh_invitations_db.values(): # Match by email or user_id if (inv.invitee_email == user_email or inv.invitee_id == user_id): if inv.status == 'pending' and inv.expires_at > now: # Get EH info eh_info = None if inv.eh_id in storage.eh_db: eh = storage.eh_db[inv.eh_id] eh_info = { "id": eh.id, "title": eh.title, "subject": eh.subject, "niveau": eh.niveau, "year": eh.year } pending.append({ "invitation": inv.to_dict(), "eh": eh_info }) return pending @router.get("/api/v1/eh/invitations/sent") async def list_sent_invitations(request: Request): """List all invitations sent by the current user.""" user = get_current_user(request) user_id = user["user_id"] sent = [] for inv in storage.eh_invitations_db.values(): if inv.inviter_id == user_id: # Get EH info eh_info = None if inv.eh_id in storage.eh_db: eh = storage.eh_db[inv.eh_id] eh_info = { "id": eh.id, "title": eh.title, "subject": eh.subject } sent.append({ "invitation": inv.to_dict(), "eh": eh_info }) return sent @router.post("/api/v1/eh/invitations/{invitation_id}/accept") async def accept_eh_invitation( invitation_id: str, accept_request: EHAcceptInviteRequest, request: Request ): """Accept an invitation and receive access to the EH.""" user = get_current_user(request) tenant_id = user.get("tenant_id") or user.get("school_id") or user["user_id"] user_email = user.get("email", "") user_id = user["user_id"] now = datetime.now(timezone.utc) # Find invitation if invitation_id not in storage.eh_invitations_db: raise HTTPException(status_code=404, detail="Invitation not found") invitation = storage.eh_invitations_db[invitation_id] # Verify recipient if invitation.invitee_email != user_email and invitation.invitee_id != user_id: raise HTTPException(status_code=403, detail="This invitation is not for you") # Check status if invitation.status != 'pending': raise HTTPException( status_code=400, detail=f"Invitation is {invitation.status}, cannot accept" ) # Check expiration if invitation.expires_at < now: invitation.status = 'expired' raise HTTPException(status_code=400, detail="Invitation has expired") # Create key share share_id = str(uuid.uuid4()) key_share = EHKeyShare( id=share_id, eh_id=invitation.eh_id, user_id=user_id, encrypted_passphrase=accept_request.encrypted_passphrase, passphrase_hint="", granted_by=invitation.inviter_id, granted_at=now, role=invitation.role, klausur_id=invitation.klausur_id, active=True ) # Store key share if invitation.eh_id not in storage.eh_key_shares_db: storage.eh_key_shares_db[invitation.eh_id] = [] storage.eh_key_shares_db[invitation.eh_id].append(key_share) # Update invitation status invitation.status = 'accepted' invitation.accepted_at = now invitation.invitee_id = user_id # Update with actual user ID # Audit log log_eh_audit( tenant_id=tenant_id, user_id=user_id, action="accept_invite", eh_id=invitation.eh_id, details={ "invitation_id": invitation_id, "share_id": share_id, "role": invitation.role } ) return { "status": "accepted", "share_id": share_id, "eh_id": invitation.eh_id, "role": invitation.role, "klausur_id": invitation.klausur_id } @router.post("/api/v1/eh/invitations/{invitation_id}/decline") async def decline_eh_invitation(invitation_id: str, request: Request): """Decline an invitation.""" user = get_current_user(request) tenant_id = user.get("tenant_id") or user.get("school_id") or user["user_id"] user_email = user.get("email", "") user_id = user["user_id"] now = datetime.now(timezone.utc) # Find invitation if invitation_id not in storage.eh_invitations_db: raise HTTPException(status_code=404, detail="Invitation not found") invitation = storage.eh_invitations_db[invitation_id] # Verify recipient if invitation.invitee_email != user_email and invitation.invitee_id != user_id: raise HTTPException(status_code=403, detail="This invitation is not for you") # Check status if invitation.status != 'pending': raise HTTPException( status_code=400, detail=f"Invitation is {invitation.status}, cannot decline" ) # Update status invitation.status = 'declined' invitation.declined_at = now # Audit log log_eh_audit( tenant_id=tenant_id, user_id=user_id, action="decline_invite", eh_id=invitation.eh_id, details={"invitation_id": invitation_id} ) return { "status": "declined", "invitation_id": invitation_id, "eh_id": invitation.eh_id } @router.delete("/api/v1/eh/invitations/{invitation_id}") async def revoke_eh_invitation(invitation_id: str, request: Request): """Revoke a pending invitation (by the inviter).""" user = get_current_user(request) tenant_id = user.get("tenant_id") or user.get("school_id") or user["user_id"] user_id = user["user_id"] # Find invitation if invitation_id not in storage.eh_invitations_db: raise HTTPException(status_code=404, detail="Invitation not found") invitation = storage.eh_invitations_db[invitation_id] # Verify inviter if invitation.inviter_id != user_id: raise HTTPException(status_code=403, detail="Only the inviter can revoke") # Check status if invitation.status != 'pending': raise HTTPException( status_code=400, detail=f"Invitation is {invitation.status}, cannot revoke" ) # Update status invitation.status = 'revoked' # Audit log log_eh_audit( tenant_id=tenant_id, user_id=user_id, action="revoke_invite", eh_id=invitation.eh_id, details={ "invitation_id": invitation_id, "invitee_email": invitation.invitee_email } ) return { "status": "revoked", "invitation_id": invitation_id, "eh_id": invitation.eh_id } @router.get("/api/v1/eh/{eh_id}/access-chain") async def get_eh_access_chain(eh_id: str, request: Request): """ Get the complete access chain for an EH. Shows the correction chain: EK -> ZK -> DK -> FVL with their current access status. """ user = get_current_user(request) # Check EH exists if eh_id not in storage.eh_db: raise HTTPException(status_code=404, detail="Erwartungshorizont not found") eh = storage.eh_db[eh_id] # Check access - owner or shared user is_owner = eh.teacher_id == user["user_id"] is_shared = any( share.user_id == user["user_id"] and share.active for share in storage.eh_key_shares_db.get(eh_id, []) ) if not is_owner and not is_shared: raise HTTPException(status_code=403, detail="No access to this EH") # Build access chain chain = { "eh_id": eh_id, "eh_title": eh.title, "owner": { "user_id": eh.teacher_id, "role": "erstkorrektor" }, "active_shares": [], "pending_invitations": [], "revoked_shares": [] } # Active shares for share in storage.eh_key_shares_db.get(eh_id, []): share_dict = share.to_dict() if share.active: chain["active_shares"].append(share_dict) else: chain["revoked_shares"].append(share_dict) # Pending invitations (only for owner) if is_owner: for inv in storage.eh_invitations_db.values(): if inv.eh_id == eh_id and inv.status == 'pending': chain["pending_invitations"].append(inv.to_dict()) return chain