guardia-itsm/routers/si_change_requests.py

"""
변경 요청 (Change Request) 관리 API.

엔드포인트:
  GET    /api/si/projects/{pid}/crs         — CR 목록
  POST   /api/si/projects/{pid}/crs         — CR 등록
  GET    /api/si/projects/{pid}/crs/{id}    — CR 상세
  PATCH  /api/si/projects/{pid}/crs/{id}    — CR 수정
  PATCH  /api/si/projects/{pid}/crs/{id}/approve  — CR 승인
  PATCH  /api/si/projects/{pid}/crs/{id}/reject   — CR 반려
  PATCH  /api/si/projects/{pid}/crs/{id}/implement — CR 구현 완료
  DELETE /api/si/projects/{pid}/crs/{id}    — CR 삭제

CR 상태 흐름: DRAFT → REVIEW → APPROVED/REJECTED → IMPLEMENTED
"""
from __future__ import annotations

import logging
from datetime import datetime
from typing import List, Optional
from uuid import uuid4

from fastapi import APIRouter, Depends, HTTPException, Query
from sqlalchemy import select, desc
from sqlalchemy.ext.asyncio import AsyncSession

from core.auth import get_current_user
from database import get_db
from models import (
    SiProject, ChangeRequest,
    ChangeRequestCreate, ChangeRequestOut, ChangeRequestUpdate,
    CrStatus,
    User, UserRole,
)

logger = logging.getLogger(__name__)
router = APIRouter(prefix="/api/si/projects", tags=["si-change-requests"])


def _new_cr_id() -> str:
    return f"CR-{datetime.now().strftime('%Y%m%d')}-{str(uuid4())[:5].upper()}"


# ── 목록 ──────────────────────────────────────────────────────────────────────

@router.get("/{project_id}/crs", response_model=List[ChangeRequestOut])
async def list_crs(
    project_id: int,
    cr_type: Optional[str] = Query(None),
    status:  Optional[str] = Query(None),
    db: AsyncSession = Depends(get_db),
    current_user: User = Depends(get_current_user),
):
    await _assert_project(project_id, db)
    q = select(ChangeRequest).where(ChangeRequest.project_id == project_id)
    if cr_type:
        q = q.where(ChangeRequest.cr_type == cr_type)
    if status:
        q = q.where(ChangeRequest.status == status)
    q = q.order_by(desc(ChangeRequest.created_at))
    return (await db.execute(q)).scalars().all()


# ── 생성 ──────────────────────────────────────────────────────────────────────

@router.post("/{project_id}/crs", response_model=ChangeRequestOut, status_code=201)
async def create_cr(
    project_id: int,
    body: ChangeRequestCreate,
    db: AsyncSession = Depends(get_db),
    current_user: User = Depends(get_current_user),
):
    await _assert_project(project_id, db)

    cr = ChangeRequest(
        cr_id           = _new_cr_id(),
        project_id      = project_id,
        cr_type         = body.cr_type,
        title           = body.title,
        description     = body.description,
        reason          = body.reason,
        impact_scope    = body.impact_scope,
        impact_schedule = body.impact_schedule,
        impact_budget   = body.impact_budget,
        requested_by    = body.requested_by or current_user.username,
    )
    db.add(cr)
    await db.commit()
    await db.refresh(cr)
    return cr


# ── 상세 ──────────────────────────────────────────────────────────────────────

@router.get("/{project_id}/crs/{cr_id}", response_model=ChangeRequestOut)
async def get_cr(
    project_id: int, cr_id: int,
    db: AsyncSession = Depends(get_db),
    current_user: User = Depends(get_current_user),
):
    return await _get_cr_or_404(project_id, cr_id, db)


# ── 수정 ──────────────────────────────────────────────────────────────────────

@router.patch("/{project_id}/crs/{cr_id}", response_model=ChangeRequestOut)
async def update_cr(
    project_id: int, cr_id: int,
    body: ChangeRequestUpdate,
    db: AsyncSession = Depends(get_db),
    current_user: User = Depends(get_current_user),
):
    cr = await _get_cr_or_404(project_id, cr_id, db)

    if cr.status not in (CrStatus.DRAFT, CrStatus.REVIEW):
        raise HTTPException(400, f"'{cr.status}' 상태에서는 수정할 수 없습니다")

    for field, val in body.model_dump(exclude_none=True).items():
        setattr(cr, field, val)

    await db.commit()
    await db.refresh(cr)
    return cr


# ── 검토 요청 ─────────────────────────────────────────────────────────────────

@router.patch("/{project_id}/crs/{cr_id}/submit-review", response_model=ChangeRequestOut)
async def submit_cr_for_review(
    project_id: int, cr_id: int,
    db: AsyncSession = Depends(get_db),
    current_user: User = Depends(get_current_user),
):
    cr = await _get_cr_or_404(project_id, cr_id, db)
    if cr.status != CrStatus.DRAFT:
        raise HTTPException(400, "초안 상태에서만 검토 요청할 수 있습니다")
    cr.status = CrStatus.REVIEW
    await db.commit()
    await db.refresh(cr)
    return cr


# ── 승인 ──────────────────────────────────────────────────────────────────────

@router.patch("/{project_id}/crs/{cr_id}/approve", response_model=ChangeRequestOut)
async def approve_cr(
    project_id: int, cr_id: int,
    db: AsyncSession = Depends(get_db),
    current_user: User = Depends(get_current_user),
):
    if current_user.role not in (UserRole.ADMIN, UserRole.PM):
        raise HTTPException(403, "PM 이상 권한 필요")
    cr = await _get_cr_or_404(project_id, cr_id, db)
    if cr.status != CrStatus.REVIEW:
        raise HTTPException(400, "검토 중인 CR만 승인할 수 있습니다")

    cr.status      = CrStatus.APPROVED
    cr.approved_by = current_user.username
    cr.approved_at = datetime.now()

    await db.commit()
    await db.refresh(cr)
    return cr


# ── 반려 ──────────────────────────────────────────────────────────────────────

@router.patch("/{project_id}/crs/{cr_id}/reject", response_model=ChangeRequestOut)
async def reject_cr(
    project_id: int, cr_id: int,
    reason: Optional[str] = Query(None),
    db: AsyncSession = Depends(get_db),
    current_user: User = Depends(get_current_user),
):
    if current_user.role not in (UserRole.ADMIN, UserRole.PM):
        raise HTTPException(403, "PM 이상 권한 필요")
    cr = await _get_cr_or_404(project_id, cr_id, db)
    if cr.status not in (CrStatus.REVIEW, CrStatus.DRAFT):
        raise HTTPException(400, "검토 중이거나 초안 상태 CR만 반려할 수 있습니다")

    cr.status      = CrStatus.REJECTED
    cr.reviewed_by = current_user.username
    if reason:
        cr.reason = (cr.reason or "") + f"\n[반려 사유] {reason}"

    await db.commit()
    await db.refresh(cr)
    return cr


# ── 구현 완료 ─────────────────────────────────────────────────────────────────

@router.patch("/{project_id}/crs/{cr_id}/implement", response_model=ChangeRequestOut)
async def implement_cr(
    project_id: int, cr_id: int,
    db: AsyncSession = Depends(get_db),
    current_user: User = Depends(get_current_user),
):
    cr = await _get_cr_or_404(project_id, cr_id, db)
    if cr.status != CrStatus.APPROVED:
        raise HTTPException(400, "승인된 CR만 구현 완료 처리할 수 있습니다")

    cr.status         = CrStatus.IMPLEMENTED
    cr.implemented_at = datetime.now()

    await db.commit()
    await db.refresh(cr)
    return cr


# ── 삭제 ──────────────────────────────────────────────────────────────────────

@router.delete("/{project_id}/crs/{cr_id}", status_code=204)
async def delete_cr(
    project_id: int, cr_id: int,
    db: AsyncSession = Depends(get_db),
    current_user: User = Depends(get_current_user),
):
    if current_user.role not in (UserRole.ADMIN, UserRole.PM):
        raise HTTPException(403, "PM 이상 권한 필요")
    cr = await _get_cr_or_404(project_id, cr_id, db)
    await db.delete(cr)
    await db.commit()


# ── 내부 헬퍼 ─────────────────────────────────────────────────────────────────

async def _assert_project(project_id: int, db: AsyncSession) -> None:
    if not (await db.execute(
        select(SiProject).where(SiProject.id == project_id)
    )).scalars().first():
        raise HTTPException(404, f"SI 프로젝트 {project_id}를 찾을 수 없습니다")


async def _get_cr_or_404(project_id: int, cr_id: int, db: AsyncSession) -> ChangeRequest:
    cr = (await db.execute(
        select(ChangeRequest).where(
            ChangeRequest.id == cr_id,
            ChangeRequest.project_id == project_id,
        )
    )).scalars().first()
    if not cr:
        raise HTTPException(404, "변경 요청을 찾을 수 없습니다")
    return cr