autogen/python/packages/autogen-studio/autogenstudio/web/routes/gallery.py

63 lines
2.4 KiB
Python

# api/routes/gallery.py
from fastapi import APIRouter, Depends, HTTPException
from ...database import DatabaseManager
from ...datamodel import Gallery, GalleryConfig, Response, Run, Session
from ..deps import get_db
router = APIRouter()
@router.post("/")
async def create_gallery_entry(
gallery_data: GalleryConfig, user_id: str, db: DatabaseManager = Depends(get_db)
) -> Response:
# First validate that user owns all runs
for run in gallery_data.runs:
run_result = db.get(Run, filters={"id": run.id})
if not run_result.status or not run_result.data:
raise HTTPException(status_code=404, detail=f"Run {run.id} not found")
# Get associated session to check ownership
session_result = db.get(Session, filters={"id": run_result.data[0].session_id})
if not session_result.status or not session_result.data or session_result.data[0].user_id != user_id:
raise HTTPException(status_code=403, detail=f"Not authorized to add run {run.id} to gallery")
# Create gallery entry
gallery = Gallery(user_id=user_id, config=gallery_data)
result = db.upsert(gallery)
return result
@router.get("/{gallery_id}")
async def get_gallery_entry(gallery_id: int, user_id: str, db: DatabaseManager = Depends(get_db)) -> Response:
result = db.get(Gallery, filters={"id": gallery_id})
if not result.status or not result.data:
raise HTTPException(status_code=404, detail="Gallery entry not found")
gallery = result.data[0]
if gallery.config["visibility"] != "public" and gallery.user_id != user_id:
raise HTTPException(status_code=403, detail="Not authorized to view this gallery entry")
return result
@router.get("/")
async def list_gallery_entries(user_id: str, db: DatabaseManager = Depends(get_db)) -> Response:
result = db.get(Gallery, filters={"user_id": user_id})
return result
@router.delete("/{gallery_id}")
async def delete_gallery_entry(gallery_id: int, user_id: str, db: DatabaseManager = Depends(get_db)) -> Response:
# Check ownership first
result = db.get(Gallery, filters={"id": gallery_id})
if not result.status or not result.data:
raise HTTPException(status_code=404, detail="Gallery entry not found")
if result.data[0].user_id != user_id:
raise HTTPException(status_code=403, detail="Not authorized to delete this gallery entry")
# Delete if authorized
return db.delete(Gallery, filters={"id": gallery_id})