introduces user.manually_trigger_sheet and implements quotas for sheets

src/endpoints/sheet.py

@@ -6,7 +6,7 @@ from sqlalchemy import exc
 from sqlalchemy.orm import Session
 
 from db.user_state import UserState
-from web.security import token_api_key_auth, get_user_auth, get_user_state
+from web.security import token_api_key_auth, get_user_state
 from db import schemas, crud
 from db.database import get_db_dependency
 from worker.main import create_sheet_task
@@ -24,35 +24,35 @@ def create_sheet(
     if not user.in_group(sheet.group_id):
         raise HTTPException(status_code=403, detail="User does not have access to this group.")
 
-    if not user.has_quota_monthly_sheets():
-        raise HTTPException(status_code=429, detail="User has reached their sheet quota.")
-    
-    if not user.is_sheet_frequency_allowed(sheet.frequency):
-        raise HTTPException(status_code=422, detail=f"Invalid frequency: {sheet.frequency}. Must be one of {user.sheet_frequency}")
+    if not user.has_quota_monthly_sheets(sheet.group_id):
+        raise HTTPException(status_code=429, detail="User has reached their sheet quota for this group.")
+
+    if not user.is_sheet_frequency_allowed(sheet.group_id, sheet.frequency):
+        raise HTTPException(status_code=422, detail="Invalid frequency selected for this group.")
 
     try:
         return crud.create_sheet(db, sheet.id, sheet.name, user.email, sheet.group_id, sheet.frequency)
     except exc.IntegrityError as e:
-        raise HTTPException(status_code=400, detail="Sheet with this ID already exists.") from e
+        raise HTTPException(status_code=400, detail="Sheet with this ID is already being archived.") from e
 
 
 @sheet_router.get("/mine", status_code=200, summary="Get the authenticated user's Google Sheets.")
 def get_user_sheets(
-    email=Depends(get_user_auth),
+    user: UserState = Depends(get_user_state),
     db: Session = Depends(get_db_dependency)
 ) -> list[schemas.SheetResponse]:
-    return crud.get_user_sheets(db, email)
+    return crud.get_user_sheets(db, user.email)
 
 
 @sheet_router.delete("/{id}", summary="Delete a Google Sheet by ID.")
 def delete_sheet(
     id: str,
-    email=Depends(get_user_auth),
+    user: UserState = Depends(get_user_state),
     db: Session = Depends(get_db_dependency),
 ) -> schemas.TaskDelete:
     return JSONResponse({
         "id": id,
-        "deleted": crud.delete_sheet(db, id, email)
+        "deleted": crud.delete_sheet(db, id, user.email)
     })
 
 
@@ -62,10 +62,6 @@ def archive_user_sheet(
     user: UserState = Depends(get_user_state),
     db: Session = Depends(get_db_dependency),
 ) -> schemas.Task:
-    
-    #TODO: are we enabling manual triggers?
-    # if not user.can_manually_trigger():
-    #     raise HTTPException(status_code=429, detail="User cannot manually trigger archiving tasks.")
 
     sheet = crud.get_user_sheet(db, user.email, sheet_id=id)
     if not sheet:
@@ -75,6 +71,9 @@ def archive_user_sheet(
     if not user.in_group(sheet.group_id):
         raise HTTPException(status_code=403, detail="User does not have access to this group.")
 
+    if not user.can_manually_trigger(sheet.group_id):
+        raise HTTPException(status_code=429, detail="User cannot manually trigger sheet archiving in this group.")
+
     task = create_sheet_task.delay(schemas.SubmitSheet(sheet_id=id, author_id=user.email, group=sheet.group_id).model_dump_json())
 
     return JSONResponse({"id": task.id}, status_code=201)
@@ -82,7 +81,7 @@ def archive_user_sheet(
 
 @sheet_router.post("/archive", status_code=201, summary="Trigger an archiving task for any GSheet with an API token.", response_description="task_id for the archiving task.")
 def archive_sheet(
-    sheet: schemas.SubmitSheet,  # TODO: replace with simpler model
+    sheet: schemas.SubmitSheet,
     auth=Depends(token_api_key_auth)
 ) -> schemas.Task:
     sheet.author_id = sheet.author_id or "api-endpoint"