Add team specific product list

PhiRho · PhiRho · commit 0500eaee05c2 · 2025-06-02T09:38:11.000+02:00
This listing allows admins to see which products a team is subscribed
to.
diff --git a/app/api/products.py b/app/api/products.py
@@ -1,10 +1,10 @@
 from fastapi import APIRouter, Depends, HTTPException, status
 from sqlalchemy.orm import Session
-from typing import List
+from typing import List, Optional
 from datetime import datetime, UTC
 
 from app.db.database import get_db
-from app.db.models import DBProduct, DBTeamProduct
+from app.db.models import DBProduct, DBTeamProduct, DBTeam
 from app.core.security import check_system_admin, get_current_user_from_auth, get_role_min_team_admin
 from app.schemas.models import Product, ProductCreate, ProductUpdate
 
@@ -55,11 +55,38 @@ async def create_product(
 @router.get("", response_model=List[Product], dependencies=[Depends(get_role_min_team_admin)])
 @router.get("/", response_model=List[Product], dependencies=[Depends(get_role_min_team_admin)])
 async def list_products(
-    db: Session = Depends(get_db)
+    team_id: Optional[int] = None,
+    db: Session = Depends(get_db),
+    current_user = Depends(get_current_user_from_auth)
 ):
     """
     List all products. Only accessible by team admin users or higher privileges.
+    If team_id is provided, only returns products associated with that team.
+    Team admins can only view products for their own team.
     """
+    # If team_id is provided, verify the user has access to that team
+    if team_id is not None:
+        # First check if the team exists
+        team = db.query(DBTeam).filter(DBTeam.id == team_id).first()
+        if not team:
+            raise HTTPException(
+                status_code=status.HTTP_404_NOT_FOUND,
+                detail="Team not found"
+            )
+
+        # System admins can view any team's products
+        if not current_user.is_admin:
+            # Team admins can only view their own team's products
+            if current_user.team_id != team_id:
+                raise HTTPException(
+                    status_code=status.HTTP_403_FORBIDDEN,
+                    detail="You can only view products for your own team"
+                )
+
+        # Get products associated with the team
+        return db.query(DBProduct).join(DBTeamProduct).filter(DBTeamProduct.team_id == team_id).all()
+
+    # If no team_id provided, return all products
     return db.query(DBProduct).all()
 
 @router.get("/{product_id}", response_model=Product, dependencies=[Depends(get_role_min_team_admin)])
diff --git a/frontend/src/app/admin/teams/page.tsx b/frontend/src/app/admin/teams/page.tsx
@@ -55,6 +55,22 @@ interface TeamUser {
   role: string;
 }
 
+interface Product {
+  id: string;
+  name: string;
+  user_count: number;
+  keys_per_user: number;
+  total_key_count: number;
+  service_key_count: number;
+  max_budget_per_key: number;
+  rpm_per_key: number;
+  vector_db_count: number;
+  vector_db_storage: number;
+  renewal_period_days: number;
+  active: boolean;
+  created_at: string;
+}
+
 interface Team {
   id: string;
   name: string;
@@ -65,6 +81,7 @@ interface Team {
   created_at: string;
   updated_at: string;
   users?: TeamUser[];
+  products?: Product[];
 }
 
 interface User {
@@ -120,6 +137,17 @@ export default function TeamsPage() {
     enabled: !!expandedTeamId,
   });
 
+  // Get products for expanded team
+  const { data: teamProducts = [], isLoading: isLoadingTeamProducts } = useQuery<Product[]>({
+    queryKey: ['team-products', expandedTeamId],
+    queryFn: async () => {
+      if (!expandedTeamId) return [];
+      const response = await get(`/products?team_id=${expandedTeamId}`);
+      return response.json();
+    },
+    enabled: !!expandedTeamId,
+  });
+
   // Search users query
   const searchUsersMutation = useMutation({
     mutationFn: async (query: string) => {
@@ -540,6 +568,7 @@ export default function TeamsPage() {
                                     <TabsList>
                                       <TabsTrigger value="details">Team Details</TabsTrigger>
                                       <TabsTrigger value="users">Users</TabsTrigger>
+                                      <TabsTrigger value="products">Products</TabsTrigger>
                                     </TabsList>
                                     <TabsContent value="details" className="mt-4">
                                       <Card>
@@ -659,6 +688,60 @@ export default function TeamsPage() {
                                         </div>
                                       )}
                                     </TabsContent>
+                                    <TabsContent value="products" className="mt-4">
+                                      <div className="space-y-4">
+                                        {isLoadingTeamProducts ? (
+                                          <div className="flex justify-center items-center py-8">
+                                            <Loader2 className="h-8 w-8 animate-spin" />
+                                          </div>
+                                        ) : teamProducts.length > 0 ? (
+                                          <div className="rounded-md border">
+                                            <Table>
+                                              <TableHeader>
+                                                <TableRow>
+                                                  <TableHead>Name</TableHead>
+                                                  <TableHead>User Count</TableHead>
+                                                  <TableHead>Keys/User</TableHead>
+                                                  <TableHead>Total Keys</TableHead>
+                                                  <TableHead>Service Keys</TableHead>
+                                                  <TableHead>Budget/Key</TableHead>
+                                                  <TableHead>RPM/Key</TableHead>
+                                                  <TableHead>Vector DBs</TableHead>
+                                                  <TableHead>Storage (GiB)</TableHead>
+                                                  <TableHead>Renewal (Days)</TableHead>
+                                                  <TableHead>Status</TableHead>
+                                                </TableRow>
+                                              </TableHeader>
+                                              <TableBody>
+                                                {teamProducts.map((product) => (
+                                                  <TableRow key={product.id}>
+                                                    <TableCell>{product.name}</TableCell>
+                                                    <TableCell>{product.user_count}</TableCell>
+                                                    <TableCell>{product.keys_per_user}</TableCell>
+                                                    <TableCell>{product.total_key_count}</TableCell>
+                                                    <TableCell>{product.service_key_count}</TableCell>
+                                                    <TableCell>${product.max_budget_per_key.toFixed(2)}</TableCell>
+                                                    <TableCell>{product.rpm_per_key}</TableCell>
+                                                    <TableCell>{product.vector_db_count}</TableCell>
+                                                    <TableCell>{product.vector_db_storage}</TableCell>
+                                                    <TableCell>{product.renewal_period_days}</TableCell>
+                                                    <TableCell>
+                                                      <Badge variant={product.active ? "default" : "destructive"}>
+                                                        {product.active ? "Active" : "Inactive"}
+                                                      </Badge>
+                                                    </TableCell>
+                                                  </TableRow>
+                                                ))}
+                                              </TableBody>
+                                            </Table>
+                                          </div>
+                                        ) : (
+                                          <div className="text-center py-8 border rounded-md">
+                                            <p className="text-muted-foreground">No products associated with this team.</p>
+                                          </div>
+                                        )}
+                                      </div>
+                                    </TabsContent>
                                   </Tabs>
                                 </div>
                               ) : (
diff --git a/frontend/src/app/team-admin/pricing/page.tsx b/frontend/src/app/team-admin/pricing/page.tsx
@@ -15,7 +15,7 @@ declare module 'react' {
 
 declare module 'react/jsx-runtime' {
   interface Element {
-    'stripe-pricing-table': any;
+    'stripe-pricing-table': HTMLElement;
   }
 }
 
@@ -74,7 +74,7 @@ export default function PricingPage() {
       </div>
       <Script src="https://js.stripe.com/v3/pricing-table.js" strategy="afterInteractive" />
       {clientSecret && (
-        // @ts-ignore
+        // @ts-expect-error - Stripe pricing table is a custom element
         <stripe-pricing-table
           pricing-table-id="prctbl_1RRqUhPszKsC9PNiI6av2bXK"
           publishable-key="pk_test_51RRqG1PszKsC9PNicexnqtXn94fTB1MQXbGxApaEojDe81ZtouhTXDzN8Jgg44DBiHvMjGA5aQSvTZ1Q4N4uLl9i00rhEbJpHm"
diff --git a/tests/test_products.py b/tests/test_products.py
@@ -409,4 +409,102 @@ def test_delete_product_with_team_association(client, admin_token, db, test_team
 
     # Verify the product still exists
     existing_product = db.query(DBProduct).filter(DBProduct.id == test_product.id).first()
-    assert existing_product is not None
+    assert existing_product is not None
+
+def test_list_products_by_team_as_system_admin(client, admin_token, db, test_team, test_product):
+    """
+    Test that a system admin can list products for any team.
+
+    GIVEN: The authenticated user is a system admin
+    WHEN: They request products for a specific team
+    THEN: A 200 - OK is returned with the team's products
+    """
+    # Associate the product with the team
+    team_product = DBTeamProduct(
+        team_id=test_team.id,
+        product_id=test_product.id
+    )
+    db.add(team_product)
+    db.commit()
+
+    response = client.get(
+        f"/products/?team_id={test_team.id}",
+        headers={"Authorization": f"Bearer {admin_token}"}
+    )
+    assert response.status_code == 200
+    data = response.json()
+    assert len(data) == 1
+    assert data[0]["id"] == test_product.id
+    assert data[0]["name"] == test_product.name
+
+def test_list_products_by_team_as_team_admin(client, team_admin_token, db, test_team, test_product):
+    """
+    Test that a team admin can list products for their own team.
+
+    GIVEN: The authenticated user is a team admin
+    WHEN: They request products for their own team
+    THEN: A 200 - OK is returned with their team's products
+    """
+    # Associate the product with the team
+    team_product = DBTeamProduct(
+        team_id=test_team.id,
+        product_id=test_product.id
+    )
+    db.add(team_product)
+    db.commit()
+
+    response = client.get(
+        f"/products/?team_id={test_team.id}",
+        headers={"Authorization": f"Bearer {team_admin_token}"}
+    )
+    assert response.status_code == 200
+    data = response.json()
+    assert len(data) == 1
+    assert data[0]["id"] == test_product.id
+    assert data[0]["name"] == test_product.name
+
+def test_list_products_by_other_team_as_team_admin(client, team_admin_token, db, test_team, test_product):
+    """
+    Test that a team admin cannot list products for another team.
+
+    GIVEN: The authenticated user is a team admin
+    WHEN: They request products for another team
+    THEN: A 403 - Forbidden is returned
+    """
+    # Create another team
+    other_team = DBTeam(
+        name="Other Team",
+        admin_email="other@example.com"
+    )
+    db.add(other_team)
+    db.commit()
+
+    # Associate the product with the other team
+    team_product = DBTeamProduct(
+        team_id=other_team.id,
+        product_id=test_product.id
+    )
+    db.add(team_product)
+    db.commit()
+
+    response = client.get(
+        f"/products/?team_id={other_team.id}",
+        headers={"Authorization": f"Bearer {team_admin_token}"}
+    )
+    assert response.status_code == 403
+    assert "own team" in response.json()["detail"].lower()
+
+def test_list_products_by_nonexistent_team(client, admin_token, db):
+    """
+    Test that listing products for a nonexistent team returns 404.
+
+    GIVEN: The authenticated user is a system admin
+    WHEN: They request products for a nonexistent team
+    THEN: A 404 - Not Found is returned
+    """
+    response = client.get(
+        "/products/?team_id=999999",
+        headers={"Authorization": f"Bearer {admin_token}"}
+    )
+    assert response.status_code == 404
+    assert "Team not found" in response.json()["detail"]
