Spaces:

0xarchit
/

UrbanLens

Sleeping

App Files Files Community

UrbanLens / Backend /api /routes /admin.py

0xarchit

Initial Hugging Face Space - Backend deployment

42d88ae 3 months ago

raw

history blame contribute delete

36.2 kB

	from typing import Optional, List
	from uuid import UUID
	from datetime import datetime, timedelta
	from fastapi import APIRouter, Depends, HTTPException, status, Query
	from pydantic import BaseModel, EmailStr
	from sqlalchemy import select, func, or_, desc, asc
	from sqlalchemy.ext.asyncio import AsyncSession
	from sqlalchemy.orm import selectinload, aliased
	import bcrypt
	import jwt

	from Backend.database.connection import get_db
	from Backend.database.models import Department, Member, Issue, Escalation, Classification, IssueEvent, IssueImage
	from Backend.core.config import settings
	from Backend.core.logging import get_logger
	from Backend.core.schemas import IssueResponse, IssueState
	from Backend.utils.storage import get_upload_url

	logger = get_logger(__name__)
	router = APIRouter()

	SECRET_KEY = settings.supabase_jwt_secret
	ALGORITHM = "HS256"
	ACCESS_TOKEN_EXPIRE_HOURS = 24


	def hash_password(password: str) -> str:
	return bcrypt.hashpw(password.encode(), bcrypt.gensalt()).decode()


	def verify_password(password: str, password_hash: str) -> bool:
	return bcrypt.checkpw(password.encode(), password_hash.encode())


	def create_access_token(member_id: UUID, role: str) -> str:
	expire = datetime.utcnow() + timedelta(hours=ACCESS_TOKEN_EXPIRE_HOURS)
	payload = {
	"sub": str(member_id),
	"role": role,
	"exp": expire,
	"iat": datetime.utcnow(),
	}
	return jwt.encode(payload, SECRET_KEY, algorithm=ALGORITHM)


	class LoginRequest(BaseModel):
	email: str
	password: str
	expected_role: Optional[str] = None


	class LoginResponse(BaseModel):
	access_token: str
	token_type: str = "bearer"
	user: dict



	from fastapi.security import OAuth2PasswordBearer
	from jwt import PyJWTError

	oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/admin/login")

	async def get_current_user(token: str = Depends(oauth2_scheme), db: AsyncSession = Depends(get_db)):
	try:
	payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
	member_id: str = payload.get("sub")
	if member_id is None:
	raise HTTPException(status_code=401, detail="Invalid authentication credentials")
	except PyJWTError:
	raise HTTPException(status_code=401, detail="Invalid authentication credentials")

	member = await db.get(Member, UUID(member_id))
	if member is None:
	raise HTTPException(status_code=401, detail="User not found")
	return member

	async def get_current_active_user(current_user: Member = Depends(get_current_user)):
	if not current_user.is_active:
	raise HTTPException(status_code=400, detail="Inactive user")
	return current_user

	async def get_current_admin(current_user: Member = Depends(get_current_active_user)):
	if current_user.role != "admin":
	raise HTTPException(status_code=403, detail="Not authorized")
	return current_user


	@router.post("/login", response_model=LoginResponse)
	async def staff_login(
	data: LoginRequest,
	db: AsyncSession = Depends(get_db),
	):
	member = await db.execute(
	select(Member).where(Member.email == data.email, Member.is_active == True)
	)
	member = member.scalar_one_or_none()

	if not member or not member.password_hash:
	raise HTTPException(status_code=401, detail="Invalid email or password")

	if not verify_password(data.password, member.password_hash):
	raise HTTPException(status_code=401, detail="Invalid email or password")

	if data.expected_role:
	if data.expected_role == "admin" and member.role != "admin":
	raise HTTPException(status_code=403, detail="Access denied. You are not an admin.")
	if data.expected_role == "worker" and member.role == "admin":
	raise HTTPException(status_code=403, detail="Admins should login as Admin, not Worker.")

	access_token = create_access_token(member.id, member.role)

	return LoginResponse(
	access_token=access_token,
	user={
	"id": str(member.id),
	"name": member.name,
	"email": member.email,
	"role": member.role,
	"department_id": str(member.department_id) if member.department_id else None,
	},
	)


	class DepartmentCreate(BaseModel):
	name: str
	code: str
	description: Optional[str] = None
	categories: Optional[str] = None
	default_sla_hours: int = 48
	escalation_email: Optional[str] = None


	class DepartmentUpdate(BaseModel):
	name: Optional[str] = None
	description: Optional[str] = None
	categories: Optional[str] = None
	default_sla_hours: Optional[int] = None
	escalation_email: Optional[str] = None
	is_active: Optional[bool] = None


	class DepartmentResponse(BaseModel):
	id: UUID
	name: str
	code: str
	description: Optional[str]
	categories: Optional[str]
	default_sla_hours: int
	escalation_email: Optional[str]
	is_active: bool
	member_count: int = 0

	class Config:
	from_attributes = True


	class MemberInvite(BaseModel):
	department_id: UUID
	name: str
	email: str
	phone: Optional[str] = None
	role: str = "officer"
	city: Optional[str] = None
	locality: Optional[str] = None
	max_workload: int = 10
	send_invite: bool = True


	class MemberCreate(BaseModel):
	department_id: UUID
	name: str
	email: str
	phone: Optional[str] = None
	role: str = "worker"
	city: Optional[str] = None
	locality: Optional[str] = None
	max_workload: int = 10
	password: str


	class MemberUpdate(BaseModel):
	name: Optional[str] = None
	email: Optional[str] = None
	phone: Optional[str] = None
	role: Optional[str] = None
	city: Optional[str] = None
	locality: Optional[str] = None
	max_workload: Optional[int] = None
	is_active: Optional[bool] = None
	password: Optional[str] = None


	class MemberResponse(BaseModel):
	id: UUID
	department_id: Optional[UUID]
	name: str
	email: str
	phone: Optional[str]
	role: str
	city: Optional[str]
	locality: Optional[str]
	is_active: bool
	current_workload: int
	max_workload: int
	invite_status: Optional[str] = None

	class Config:
	from_attributes = True





	@router.post("/departments", response_model=DepartmentResponse, status_code=status.HTTP_201_CREATED)
	async def create_department(
	data: DepartmentCreate,
	db: AsyncSession = Depends(get_db),
	current_user: Member = Depends(get_current_admin),
	):

	existing = await db.execute(select(Department).where(Department.code == data.code))
	if existing.scalar_one_or_none():
	raise HTTPException(status_code=400, detail="Department code already exists")

	department = Department(
	name=data.name,
	code=data.code.upper(),
	description=data.description,
	categories=data.categories,
	default_sla_hours=data.default_sla_hours,
	escalation_email=data.escalation_email,
	)
	db.add(department)
	await db.flush()
	await db.refresh(department)

	return DepartmentResponse(
	id=department.id,
	name=department.name,
	code=department.code,
	description=department.description,
	categories=department.categories,
	default_sla_hours=department.default_sla_hours,
	escalation_email=department.escalation_email,
	is_active=department.is_active,
	member_count=0,
	)


	@router.get("/departments", response_model=list[DepartmentResponse])
	async def list_departments(
	db: AsyncSession = Depends(get_db),
	current_user: Member = Depends(get_current_active_user),
	):
	query = select(Department).order_by(Department.name)
	result = await db.execute(query)
	departments = result.scalars().all()

	response = []
	for dept in departments:
	member_count = await db.execute(
	select(func.count(Member.id)).where(Member.department_id == dept.id)
	)
	count = member_count.scalar() or 0

	response.append(DepartmentResponse(
	id=dept.id,
	name=dept.name,
	code=dept.code,
	description=dept.description,
	categories=dept.categories,
	default_sla_hours=dept.default_sla_hours,
	escalation_email=dept.escalation_email,
	is_active=dept.is_active,
	member_count=count,
	))

	return response


	@router.get("/departments/{department_id}", response_model=DepartmentResponse)
	async def get_department(
	department_id: UUID,
	db: AsyncSession = Depends(get_db),
	current_user: Member = Depends(get_current_active_user),
	):
	department = await db.get(Department, department_id)
	if not department:
	raise HTTPException(status_code=404, detail="Department not found")

	member_count = await db.execute(
	select(func.count(Member.id)).where(Member.department_id == department.id)
	)
	count = member_count.scalar() or 0

	return DepartmentResponse(
	id=department.id,
	name=department.name,
	code=department.code,
	description=department.description,
	categories=department.categories,
	default_sla_hours=department.default_sla_hours,
	escalation_email=department.escalation_email,
	is_active=department.is_active,
	member_count=count,
	)


	@router.patch("/departments/{department_id}", response_model=DepartmentResponse)
	async def update_department(
	department_id: UUID,
	data: DepartmentUpdate,
	db: AsyncSession = Depends(get_db),
	current_user: Member = Depends(get_current_admin),
	):
	department = await db.get(Department, department_id)
	if not department:
	raise HTTPException(status_code=404, detail="Department not found")

	update_data = data.model_dump(exclude_unset=True)
	for key, value in update_data.items():
	setattr(department, key, value)

	await db.flush()

	member_count = await db.execute(
	select(func.count(Member.id)).where(Member.department_id == department.id)
	)
	count = member_count.scalar() or 0

	return DepartmentResponse(
	id=department.id,
	name=department.name,
	code=department.code,
	description=department.description,
	categories=department.categories,
	default_sla_hours=department.default_sla_hours,
	escalation_email=department.escalation_email,
	is_active=department.is_active,
	member_count=count,
	)


	@router.delete("/departments/{department_id}", status_code=status.HTTP_204_NO_CONTENT)
	async def delete_department(
	department_id: UUID,
	db: AsyncSession = Depends(get_db),
	current_user: Member = Depends(get_current_admin),
	):
	department = await db.get(Department, department_id)
	if not department:
	raise HTTPException(status_code=404, detail="Department not found")

	await db.delete(department)
	await db.flush()


	@router.post("/members/invite", status_code=status.HTTP_201_CREATED)
	async def invite_member(
	data: MemberInvite,
	db: AsyncSession = Depends(get_db),
	current_user: Member = Depends(get_current_admin),
	):
	department = await db.get(Department, data.department_id)
	if not department:
	raise HTTPException(status_code=404, detail="Department not found")

	existing = await db.execute(select(Member).where(Member.email == data.email))
	if existing.scalar_one_or_none():
	raise HTTPException(status_code=400, detail="Email already exists")

	invite_result = None
	if data.send_invite:
	invite_result = await supabase_auth.invite_user(
	email=data.email,
	redirect_to=f"{settings.frontend_url}/auth/callback"
	)

	member = Member(
	department_id=data.department_id,
	name=data.name,
	email=data.email,
	phone=data.phone,
	role=data.role,
	city=data.city,
	locality=data.locality,
	max_workload=data.max_workload,
	)
	db.add(member)
	await db.flush()
	await db.refresh(member)

	return {
	"member": MemberResponse(
	id=member.id,
	department_id=member.department_id,
	name=member.name,
	email=member.email,
	phone=member.phone,
	role=member.role,
	city=member.city,
	locality=member.locality,
	is_active=member.is_active,
	current_workload=member.current_workload,
	max_workload=member.max_workload,
	invite_status="sent" if invite_result and invite_result.get("success") else "not_sent",
	),
	"invite": invite_result,
	"message": f"Member created. {'Invite email sent!' if invite_result and invite_result.get('success') else 'No invite sent.'}",
	}





	@router.post("/members", response_model=MemberResponse, status_code=status.HTTP_201_CREATED)
	async def create_member(
	data: MemberCreate,
	db: AsyncSession = Depends(get_db),
	current_user: Member = Depends(get_current_admin),
	):

	department = await db.get(Department, data.department_id)
	if not department:
	raise HTTPException(status_code=404, detail="Department not found")

	existing = await db.execute(select(Member).where(Member.email == data.email))
	if existing.scalar_one_or_none():
	raise HTTPException(status_code=400, detail="Email already exists")

	member = Member(
	department_id=data.department_id,
	name=data.name,
	email=data.email,
	phone=data.phone,
	role=data.role,
	city=data.city,
	locality=data.locality,
	max_workload=data.max_workload,
	password_hash=hash_password(data.password),
	)
	db.add(member)
	await db.flush()
	await db.refresh(member)


	return MemberResponse(
	id=member.id,
	department_id=member.department_id,
	name=member.name,
	email=member.email,
	phone=member.phone,
	role=member.role,
	city=member.city,
	locality=member.locality,
	is_active=member.is_active,
	current_workload=member.current_workload,
	max_workload=member.max_workload,
	)


	@router.post("/members/{member_id}/send-invite")
	async def send_member_invite(
	member_id: UUID,
	db: AsyncSession = Depends(get_db),
	current_user: Member = Depends(get_current_admin),
	):
	member = await db.get(Member, member_id)
	if not member:
	raise HTTPException(status_code=404, detail="Member not found")

	if not settings.frontend_url:
	raise HTTPException(status_code=500, detail="FRONTEND_URL not configured")

	result = await supabase_auth.invite_user(
	email=member.email,
	redirect_to=f"{settings.frontend_url}/auth/callback"
	)

	if result.get("success"):
	return {
	"success": True,
	"message": f"Invite sent to {member.email}",
	"member_id": str(member.id),
	}
	else:
	raise HTTPException(
	status_code=400,
	detail=result.get("message", "Failed to send invite")
	)


	@router.post("/members/{member_id}/magic-link")
	async def send_magic_link(
	member_id: UUID,
	db: AsyncSession = Depends(get_db),
	current_user: Member = Depends(get_current_admin),
	):
	member = await db.get(Member, member_id)
	if not member:
	raise HTTPException(status_code=404, detail="Member not found")

	if not settings.frontend_url:
	raise HTTPException(status_code=500, detail="FRONTEND_URL not configured")

	result = await supabase_auth.send_magic_link(
	email=member.email,
	redirect_to=f"{settings.frontend_url}/auth/callback"
	)

	if result.get("success"):
	return {
	"success": True,
	"message": f"Magic link sent to {member.email}",
	}
	else:
	raise HTTPException(
	status_code=400,
	detail=result.get("message", "Failed to send magic link")
	)


	@router.get("/members", response_model=list[MemberResponse])
	async def list_members(
	department_id: Optional[UUID] = None,
	db: AsyncSession = Depends(get_db),
	current_user: Member = Depends(get_current_active_user),
	):
	query = select(Member).order_by(Member.name)
	if department_id:
	query = query.where(Member.department_id == department_id)

	result = await db.execute(query)
	members = result.scalars().all()

	return [
	MemberResponse(
	id=m.id,
	department_id=m.department_id,
	name=m.name,
	email=m.email,
	phone=m.phone,
	role=m.role,
	city=m.city,
	locality=m.locality,
	is_active=m.is_active,
	current_workload=m.current_workload,
	max_workload=m.max_workload,
	)
	for m in members
	]


	@router.get("/members/{member_id}", response_model=MemberResponse)
	async def get_member(
	member_id: UUID,
	db: AsyncSession = Depends(get_db),
	current_user: Member = Depends(get_current_active_user),
	):
	member = await db.get(Member, member_id)
	if not member:
	raise HTTPException(status_code=404, detail="Member not found")

	return MemberResponse(
	id=member.id,
	department_id=member.department_id,
	name=member.name,
	email=member.email,
	phone=member.phone,
	role=member.role,
	city=member.city,
	locality=member.locality,
	is_active=member.is_active,
	current_workload=member.current_workload,
	max_workload=member.max_workload,
	)


	@router.patch("/members/{member_id}", response_model=MemberResponse)
	async def update_member(
	member_id: UUID,
	data: MemberUpdate,
	db: AsyncSession = Depends(get_db),
	current_user: Member = Depends(get_current_admin),
	):
	member = await db.get(Member, member_id)
	if not member:
	raise HTTPException(status_code=404, detail="Member not found")

	update_data = data.model_dump(exclude_unset=True)
	for key, value in update_data.items():
	setattr(member, key, value)

	await db.flush()

	return MemberResponse(
	id=member.id,
	department_id=member.department_id,
	name=member.name,
	email=member.email,
	phone=member.phone,
	role=member.role,
	city=member.city,
	locality=member.locality,
	is_active=member.is_active,
	current_workload=member.current_workload,
	max_workload=member.max_workload,
	)


	@router.delete("/members/{member_id}", status_code=status.HTTP_204_NO_CONTENT)
	async def delete_member(
	member_id: UUID,
	db: AsyncSession = Depends(get_db),
	current_user: Member = Depends(get_current_admin),
	):
	member = await db.get(Member, member_id)
	if not member:
	raise HTTPException(status_code=404, detail="Member not found")

	await db.delete(member)
	await db.flush()


	@router.get("/stats")
	async def get_admin_stats(
	db: AsyncSession = Depends(get_db),
	current_user: Member = Depends(get_current_active_user),
	):
	from Backend.database.models import Issue, Classification
	from datetime import datetime, timedelta

	dept_count = await db.execute(select(func.count(Department.id)))
	member_count = await db.execute(select(func.count(Member.id)))
	issue_count = await db.execute(select(func.count(Issue.id)))
	pending_count = await db.execute(
	select(func.count(Issue.id)).where(Issue.state.in_(["reported", "validated", "assigned"]))
	)
	resolved_count = await db.execute(
	select(func.count(Issue.id)).where(Issue.state.in_(["resolved", "closed", "verified"]))
	)
	verification_count = await db.execute(
	select(func.count(Issue.id)).where(Issue.state == "pending_verification")
	)

	category_query = (
	select(
	Classification.primary_category,
	func.count(Classification.id).label("count")
	)
	.group_by(Classification.primary_category)
	.order_by(func.count(Classification.id).desc())
	.limit(6)
	)
	category_result = await db.execute(category_query)
	categories = category_result.all()
	issues_by_category = [{"name": cat or "Unknown", "value": cnt} for cat, cnt in categories]

	today = datetime.utcnow().date()
	day_names = ["Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun"]
	issues_activity = []

	for i in range(6, -1, -1):
	day = today - timedelta(days=i)
	day_start = datetime.combine(day, datetime.min.time())
	day_end = datetime.combine(day, datetime.max.time())

	reported_q = await db.execute(
	select(func.count(Issue.id)).where(
	Issue.created_at >= day_start,
	Issue.created_at <= day_end
	)
	)
	resolved_q = await db.execute(
	select(func.count(Issue.id)).where(
	Issue.resolved_at >= day_start,
	Issue.resolved_at <= day_end
	)
	)

	issues_activity.append({
	"name": day_names[day.weekday()],
	"reported": reported_q.scalar() or 0,
	"resolved": resolved_q.scalar() or 0
	})

	return {
	"departments": dept_count.scalar() or 0,
	"members": member_count.scalar() or 0,
	"total_issues": issue_count.scalar() or 0,
	"pending_issues": pending_count.scalar() or 0,
	"resolved_issues": resolved_count.scalar() or 0,
	"verification_needed": verification_count.scalar() or 0,
	"issues_by_category": issues_by_category,
	"issues_activity": issues_activity,
	}


	@router.get("/stats/heatmap")
	async def get_issue_heatmap(
	db: AsyncSession = Depends(get_db),
	current_user: Member = Depends(get_current_active_user),
	):
	"""
	Returns city-aggregated issue counts for heatmap visualization.
	"""
	query = (
	select(
	Issue.city,
	func.count(Issue.id).label("count"),
	func.avg(Issue.priority).label("priority_avg")
	)
	.where(Issue.state.notin_(["closed", "resolved", "verified"]))
	.where(Issue.city.isnot(None))
	.group_by(Issue.city)
	.order_by(func.count(Issue.id).desc())
	)
	result = await db.execute(query)
	rows = result.all()

	heatmap_data = []
	for city, count, priority_avg in rows:
	heatmap_data.append({
	"city": city or "Unknown",
	"count": count,
	"priority_avg": round(float(priority_avg or 3), 1)
	})

	return heatmap_data


	@router.get("/stats/escalations", response_model=list[dict])
	async def get_escalation_alerts(
	db: AsyncSession = Depends(get_db),
	current_user: Member = Depends(get_current_active_user),
	):
	"""
	Returns a list of currently escalated issues with details.
	"""
	query = (
	select(Issue, Escalation)
	.join(Escalation, Issue.id == Escalation.issue_id)
	.where(Issue.state == "escalated")
	.order_by(Escalation.created_at.desc())
	)
	result = await db.execute(query)
	rows = result.all()

	alerts = []
	for issue, esc in rows:
	alerts.append({
	"issue_id": issue.id,
	"category": issue.classification.primary_category if issue.classification else "Unknown",
	"priority": issue.priority,
	"escalated_at": esc.created_at,
	"level": esc.to_level,
	"reason": esc.reason,
	"city": issue.city,
	"locality": issue.locality
	})


	class ManualReviewRequest(BaseModel):
	status: str
	reason: Optional[str] = None



	class AdminIssueListItem(BaseModel):
	id: UUID
	description: Optional[str]
	state: str
	priority: Optional[int]
	city: Optional[str]
	created_at: datetime
	updated_at: datetime
	department: Optional[str]
	assigned_to: Optional[str]
	category: Optional[str]
	sla_deadline: Optional[datetime]
	thumbnail: Optional[str]

	class Config:
	from_attributes = True

	def issue_to_response(issue: Issue) -> IssueResponse:
	image_urls = []
	annotated_urls = []
	for img in issue.images:
	image_urls.append(get_upload_url(img.file_path))
	if img.annotated_path:
	annotated_urls.append(get_upload_url(img.annotated_path))

	proof_image_url = None
	if issue.proof_image_path:
	proof_image_url = get_upload_url(issue.proof_image_path)

	return IssueResponse(
	id=issue.id,
	description=issue.description,
	latitude=issue.latitude,
	longitude=issue.longitude,
	state=IssueState(issue.state),
	priority=issue.priority,
	category=issue.classification.primary_category if issue.classification else None,
	confidence=issue.classification.primary_confidence if issue.classification else None,
	image_urls=image_urls,
	annotated_urls=annotated_urls,
	proof_image_url=proof_image_url,
	validation_source=issue.validation_source,
	is_duplicate=issue.is_duplicate,
	parent_issue_id=issue.parent_issue_id,
	city=issue.city,
	locality=issue.locality,
	full_address=issue.full_address,
	sla_hours=issue.sla_hours,
	sla_deadline=issue.sla_deadline,
	created_at=issue.created_at,
	updated_at=issue.updated_at,
	)

	@router.get("/issues", response_model=dict)
	async def list_admin_issues(
	page: int = Query(1, ge=1),
	limit: int = Query(20, ge=1, le=100),
	status: Optional[str] = None,
	priority: Optional[int] = None,
	department_id: Optional[UUID] = None,
	worker_id: Optional[UUID] = None,
	search: Optional[str] = None,
	sort_by: str = "created_at",
	sort_order: str = "desc",
	db: AsyncSession = Depends(get_db),
	current_user: Member = Depends(get_current_active_user),
	):
	query = (
	select(Issue)
	.options(
	selectinload(Issue.department),
	selectinload(Issue.assigned_member),
	selectinload(Issue.classification),
	selectinload(Issue.images)
	)
	)


	if status:
	statuses = status.split(",")
	query = query.where(Issue.state.in_(statuses))

	if priority is not None:
	query = query.where(Issue.priority == priority)

	if department_id:
	query = query.where(Issue.department_id == department_id)

	if worker_id:
	query = query.where(Issue.assigned_member_id == worker_id)

	if search:
	search_filter = or_(
	Issue.description.ilike(f"%{search}%"),
	Issue.city.ilike(f"%{search}%"),
	Issue.locality.ilike(f"%{search}%"),
	Issue.id.cast(String).ilike(f"%{search}%")
	)
	query = query.where(search_filter)


	sort_column = getattr(Issue, sort_by, Issue.created_at)
	if sort_order == "asc":
	query = query.order_by(asc(sort_column))
	else:
	query = query.order_by(desc(sort_column))


	total_query = select(func.count()).select_from(query.subquery())
	total_result = await db.execute(total_query)
	total = total_result.scalar_one()

	query = query.offset((page - 1) * limit).limit(limit)
	result = await db.execute(query)
	issues = result.scalars().all()




	items = []
	for issue in issues:
	thumb = None
	if issue.images and len(issue.images) > 0:
	thumb = get_upload_url(issue.images[0].file_path)

	items.append(AdminIssueListItem(
	id=issue.id,
	description=issue.description,
	state=issue.state,
	priority=issue.priority,
	city=issue.city,
	created_at=issue.created_at,
	updated_at=issue.updated_at,
	department=issue.department.name if issue.department else None,
	assigned_to=issue.assigned_member.name if issue.assigned_member else None,
	category=issue.classification.primary_category if issue.classification else None,
	sla_deadline=issue.sla_deadline,
	thumbnail=thumb
	))

	return {
	"items": items,
	"total": total,
	"page": page,
	"limit": limit,
	"pages": (total + limit - 1) // limit
	}

	@router.get("/issues/{issue_id}/details")
	async def get_admin_issue_details(
	issue_id: UUID,
	db: AsyncSession = Depends(get_db),
	current_user: Member = Depends(get_current_active_user),
	):
	query = (
	select(Issue)
	.options(
	selectinload(Issue.department),
	selectinload(Issue.classification),
	selectinload(Issue.images),
	selectinload(Issue.events),
	selectinload(Issue.duplicates)
	)
	.where(Issue.id == issue_id)
	)
	result = await db.execute(query)
	issue = result.scalar_one_or_none()

	if not issue:
	raise HTTPException(status_code=404, detail="Issue not found")


	worker = None
	if issue.assigned_member_id:
	worker = await db.get(Member, issue.assigned_member_id)

	return {
	"issue": issue_to_response(issue),
	"department": {
	"id": issue.department.id,
	"name": issue.department.name
	} if issue.department else None,
	"worker": {
	"id": worker.id,
	"name": worker.name,
	"email": worker.email,
	"workload": worker.current_workload
	} if worker else None,
	"events": [
	{
	"id": e.id,
	"type": e.event_type,
	"agent": e.agent_name,
	"data": e.event_data,
	"created_at": e.created_at
	} for e in sorted(issue.events, key=lambda x: x.created_at, reverse=True)
	],
	"duplicates": [
	{
	"id": d.id,
	"created_at": d.created_at,
	"status": d.state
	} for d in issue.duplicates
	]
	}

	@router.get("/workers/performance")
	async def get_worker_performance(
	department_id: Optional[UUID] = None,
	db: AsyncSession = Depends(get_db),
	current_user: Member = Depends(get_current_active_user),
	):

	q = select(Member).where(Member.role == "worker")
	if department_id:
	q = q.where(Member.department_id == department_id)

	res = await db.execute(q)
	workers = res.scalars().all()

	performance_data = []

	for w in workers:


	resolved_count = await db.execute(
	select(func.count(Issue.id)).where(
	Issue.assigned_member_id == w.id,
	Issue.state.in_(["resolved", "closed"])
	)
	)
	resolved = resolved_count.scalar() or 0





	performance_data.append({
	"id": w.id,
	"name": w.name,
	"active": w.is_active,
	"current_load": w.current_workload,
	"max_load": w.max_workload,
	"resolved_total": resolved,
	"efficiency": round(resolved / (max(1, (datetime.utcnow() - w.created_at).days / 7)), 1)
	})

	return performance_data

	@router.patch("/issues/{issue_id}", response_model=IssueResponse)
	async def update_issue_details(
	issue_id: UUID,
	data: dict,
	db: AsyncSession = Depends(get_db),
	current_user: Member = Depends(get_current_admin),
	):
	issue = await db.get(Issue, issue_id)
	if not issue:
	raise HTTPException(status_code=404, detail="Issue not found")

	if "priority" in data:
	issue.priority = data["priority"]


	if "assigned_member_id" in data:
	new_worker_id = data["assigned_member_id"]
	if new_worker_id:
	worker = await db.get(Member, UUID(new_worker_id))
	if not worker:
	raise HTTPException(status_code=400, detail="Worker not found")
	issue.assigned_member_id = worker.id
	issue.state = "assigned"
	worker.current_workload += 1


	else:
	issue.assigned_member_id = None

	await db.commit()
	await db.refresh(issue)




	return issue_to_response(issue)

	class ResolutionReviewRequest(BaseModel):
	action: str
	comment: Optional[str] = None

	@router.post("/issues/{issue_id}/approve_resolution")
	async def approve_resolution(
	issue_id: UUID,
	data: ResolutionReviewRequest,
	db: AsyncSession = Depends(get_db),
	current_user: Member = Depends(get_current_admin),
	):
	issue = await db.get(Issue, issue_id)
	if not issue:
	raise HTTPException(status_code=404, detail="Issue not found")

	if issue.state != "pending_verification":
	raise HTTPException(status_code=400, detail="Issue is not pending verification.")

	if data.action == "approve":
	issue.state = "resolved"
	issue.completed_at = datetime.utcnow()
	if data.comment:
	issue.resolution_notes = (issue.resolution_notes or "") + f"\nAdmin Note: {data.comment}"


	if issue.assigned_member_id:
	worker = await db.get(Member, issue.assigned_member_id)
	if worker and worker.current_workload > 0:
	worker.current_workload -= 1

	await db.commit()
	return {"message": "Issue resolution approved and marked as resolved."}

	elif data.action == "reject":
	issue.state = "in_progress"

	if data.comment:
	issue.resolution_notes = (issue.resolution_notes or "") + f"\n[REJECTED]: {data.comment}"



	await db.commit()
	return {"message": "Issue resolution rejected. Sent back to worker."}

	else:
	raise HTTPException(status_code=400, detail="Invalid action.")

	@router.post("/issues/{issue_id}/review")
	async def review_issue(
	issue_id: UUID,
	data: ManualReviewRequest,
	db: AsyncSession = Depends(get_db),
	current_user: Member = Depends(get_current_admin),
	):
	"""
	Manually review an issue.
	- If REJECTED: Mark as rejected.
	- If APPROVED: Mark as assigned and auto-assign to a worker.
	"""
	issue = await db.get(Issue, issue_id)
	if not issue:
	raise HTTPException(status_code=404, detail="Issue not found")

	if data.status == "rejected":
	issue.state = "rejected"
	issue.resolution_notes = data.reason or "Rejected during manual review."
	await db.commit()
	return {"message": "Issue rejected successfully"}

	elif data.status == "approved":



	query = select(Member).where(Member.role == "worker", Member.is_active == True).order_by(Member.current_workload.asc())


	if issue.department_id:
	query = query.where(Member.department_id == issue.department_id)

	result = await db.execute(query)
	Workers = result.scalars().all()

	selected_worker = None

	if not Workers:


	issue.state = "verified"
	issue.resolution_notes = "Verified but no workers available for auto-assignment."
	else:
	selected_worker = Workers[0]
	issue.assigned_member_id = selected_worker.id
	issue.state = "assigned"
	selected_worker.current_workload += 1
	db.add(selected_worker)

	await db.commit()

	return {
	"message": f"Issue approved. {'Assigned to ' + selected_worker.name if selected_worker else 'No worker available, queued as verified.'}",
	"assigned_to": str(selected_worker.id) if selected_worker else None
	}

	else:
	raise HTTPException(status_code=400, detail="Invalid status. Use 'approved' or 'rejected'.")