32 lines
1.1 KiB
Python
32 lines
1.1 KiB
Python
from fastapi import APIRouter, Depends, Form, Request, HTTPException
|
|
from sqlalchemy.orm import Session
|
|
from sqlalchemy import text
|
|
|
|
from ..db import get_session
|
|
from ..models import TimeEntry
|
|
|
|
router = APIRouter(prefix="/timesheet", tags=["Timesheet API"])
|
|
|
|
@router.post("/delete-entry")
|
|
def delete_entry(
|
|
request: Request,
|
|
entry_id: int = Form(...),
|
|
timesheet_id: int = Form(...),
|
|
db: Session = Depends(get_session),
|
|
):
|
|
# Require edit/admin permission (mirror your other viewers)
|
|
if not (request.session.get("is_admin") or request.session.get("can_edit")):
|
|
raise HTTPException(status_code=403, detail="Edit access required")
|
|
|
|
te = db.query(TimeEntry).get(entry_id)
|
|
if not te or int(te.timesheet_id) != int(timesheet_id):
|
|
raise HTTPException(status_code=404, detail="Time entry not found for this time period")
|
|
|
|
# Remove import-batch linkage first (safe if none exist)
|
|
db.execute(text("DELETE FROM import_batch_items WHERE time_entry_id = :eid"), {"eid": entry_id})
|
|
|
|
# Delete the time entry
|
|
db.delete(te)
|
|
db.commit()
|
|
|
|
return {"ok": True} |