feat: personal notes on bill detail pages

- bill_notes table (migration 0014): user_id, bill_id, content, pinned, created_at, updated_at; unique constraint (user_id, bill_id) - BillNote SQLAlchemy model with back-refs on User and Bill - GET/PUT/DELETE /api/notes/{bill_id} — auth-required, one note per (user, bill) - NotesPanel component: collapsible, auto-resize textarea, pin toggle, save + delete; shows last-saved date and pin indicator in collapsed header - Pinned notes render above BriefPanel; unpinned render below DraftLetterPanel - Guests see nothing (token guard in component + query disabled) Co-Authored-By: Jack Levy
2026-03-01 22:14:52 -05:00
parent 128c8e9257
commit 62a217cb22
13 changed files with 393 additions and 30 deletions
--- a/backend/app/api/notes.py
+++ b/backend/app/api/notes.py
@@ -0,0 +1,89 @@
+"""
+Bill Notes API — private per-user notes on individual bills.
+One note per (user, bill). PUT upserts, DELETE removes.
+"""
+from fastapi import APIRouter, Depends, HTTPException
+from sqlalchemy import select
+from sqlalchemy.ext.asyncio import AsyncSession
+
+from app.core.dependencies import get_current_user
+from app.database import get_db
+from app.models.bill import Bill
+from app.models.note import BillNote
+from app.models.user import User
+from app.schemas.schemas import BillNoteSchema, BillNoteUpsert
+
+router = APIRouter()
+
+
+@router.get("/{bill_id}", response_model=BillNoteSchema)
+async def get_note(
+    bill_id: str,
+    current_user: User = Depends(get_current_user),
+    db: AsyncSession = Depends(get_db),
+):
+    result = await db.execute(
+        select(BillNote).where(
+            BillNote.user_id == current_user.id,
+            BillNote.bill_id == bill_id,
+        )
+    )
+    note = result.scalar_one_or_none()
+    if not note:
+        raise HTTPException(status_code=404, detail="No note for this bill")
+    return note
+
+
+@router.put("/{bill_id}", response_model=BillNoteSchema)
+async def upsert_note(
+    bill_id: str,
+    body: BillNoteUpsert,
+    current_user: User = Depends(get_current_user),
+    db: AsyncSession = Depends(get_db),
+):
+    bill = await db.get(Bill, bill_id)
+    if not bill:
+        raise HTTPException(status_code=404, detail="Bill not found")
+
+    result = await db.execute(
+        select(BillNote).where(
+            BillNote.user_id == current_user.id,
+            BillNote.bill_id == bill_id,
+        )
+    )
+    note = result.scalar_one_or_none()
+
+    if note:
+        note.content = body.content
+        note.pinned = body.pinned
+    else:
+        note = BillNote(
+            user_id=current_user.id,
+            bill_id=bill_id,
+            content=body.content,
+            pinned=body.pinned,
+        )
+        db.add(note)
+
+    await db.commit()
+    await db.refresh(note)
+    return note
+
+
+@router.delete("/{bill_id}", status_code=204)
+async def delete_note(
+    bill_id: str,
+    current_user: User = Depends(get_current_user),
+    db: AsyncSession = Depends(get_db),
+):
+    result = await db.execute(
+        select(BillNote).where(
+            BillNote.user_id == current_user.id,
+            BillNote.bill_id == bill_id,
+        )
+    )
+    note = result.scalar_one_or_none()
+    if not note:
+        raise HTTPException(status_code=404, detail="No note for this bill")
+    await db.delete(note)
+    await db.commit()