LeineLab
diff --git a/‎app/api/v1/bankomat.py‎
Lines changed: 10 additions & 10 deletions b/‎app/api/v1/bankomat.py‎
Lines changed: 10 additions & 10 deletions
diff --git a/‎app/api/v1/machines.py‎
Lines changed: 16 additions & 16 deletions b/‎app/api/v1/machines.py‎
Lines changed: 16 additions & 16 deletions
diff --git a/‎app/api/v1/products.py‎
Lines changed: 14 additions & 14 deletions b/‎app/api/v1/products.py‎
Lines changed: 14 additions & 14 deletions
@@ -28,7 +28,7 @@
     TopupRequest,
     TransferRequest,
 )
-from app.schemas.common import MessageResponse, TopupResponse
+from app.schemas.common import HTTP_400, HTTP_402, HTTP_403, HTTP_404, HTTP_409, MessageResponse, TopupResponse
 from app.schemas.transaction import TransactionResponse
 from app.schemas.user import UserPinVerify
 
@@ -229,7 +229,7 @@ def list_targets(
     return db.query(BookingTarget).order_by(BookingTarget.name).all()
 
 
-@router.post("/targets", response_model=BookingTargetResponse, status_code=201)
+@router.post("/targets", response_model=BookingTargetResponse, status_code=201, responses={**HTTP_409})
 def create_target(
     body: BookingTargetCreate,
     admin: dict = Depends(require_admin_user),
@@ -246,7 +246,7 @@ def create_target(
 
 # --- ATM operations ---
 
-@router.post("/topup", response_model=TopupResponse)
+@router.post("/topup", response_model=TopupResponse, responses={**HTTP_400, **HTTP_404})
 def topup_user(
     body: TopupRequest,
     device: Machine = Depends(get_current_device),
@@ -283,7 +283,7 @@ def topup_user(
     return {"detail": f"Topped up {body.amount} {settings.CURRENCY}. New balance: {user.balance} {settings.CURRENCY}", "balance": user.balance}
 
 
-@router.post("/target-topup", response_model=MessageResponse)
+@router.post("/target-topup", response_model=MessageResponse, responses={**HTTP_404})
 def topup_target_only(
     body: TargetTopupRequest,
     device: Machine = Depends(get_current_device),
@@ -326,7 +326,7 @@ def user_transactions(
     )
 
 
-@router.post("/transfer", response_model=MessageResponse)
+@router.post("/transfer", response_model=MessageResponse, responses={**HTTP_400, **HTTP_402, **HTTP_404})
 def transfer(
     body: TransferRequest,
     device: Machine = Depends(get_current_device),
@@ -383,7 +383,7 @@ def transfer(
     return {"detail": f"Transferred {body.amount} {settings.CURRENCY} from {body.from_nfc_id} to {body.to_nfc_id}"}
 
 
-@router.post("/verify-pin", response_model=MessageResponse)
+@router.post("/verify-pin", response_model=MessageResponse, responses={**HTTP_403, **HTTP_404})
 def verify_pin(
     body: UserPinVerify,
     device: Machine = Depends(get_current_device),
@@ -400,7 +400,7 @@ def verify_pin(
     return {"detail": "PIN valid"}
 
 
-@router.post("/payout", response_model=MessageResponse)
+@router.post("/payout", response_model=MessageResponse, responses={**HTTP_400, **HTTP_402, **HTTP_403, **HTTP_404})
 def payout(
     body: PayoutRequest,
     device: Machine = Depends(get_current_device),
@@ -442,7 +442,7 @@ def payout(
 
 # --- PIN management ---
 
-@router.post("/pin", response_model=MessageResponse)
+@router.post("/pin", response_model=MessageResponse, responses={**HTTP_404})
 def set_pin(
     body: SetPinRequest,
     admin: dict = Depends(require_admin_user),
@@ -457,7 +457,7 @@ def set_pin(
     return {"detail": "PIN updated"}
 
 
-@router.get("/statement/{target_slug}", response_class=Response)
+@router.get("/statement/{target_slug}", response_class=Response, responses={**HTTP_400, **HTTP_404})
 def get_statement(
     target_slug: str,
     from_year: int = Query(...),
@@ -522,7 +522,7 @@ def get_statement(
         raise HTTPException(500, f"PDF generation failed: {e}") from e
 
 
-@router.get("/statement-all", response_class=Response)
+@router.get("/statement-all", response_class=Response, responses={**HTTP_400})
 def get_statement_all(
     from_year: int = Query(...),
     from_month: int = Query(...),
 
@@ -28,7 +28,7 @@
     MachineUpdate,
     MachineUserSummary,
 )
-from app.schemas.common import MessageResponse
+from app.schemas.common import HTTP_403, HTTP_404, HTTP_409, MessageResponse
 
 router = APIRouter()
 
@@ -41,7 +41,7 @@ def list_machines(
     return db.query(Machine).order_by(Machine.name).all()
 
 
-@router.post("", response_model=MachineCreateResponse, status_code=201)
+@router.post("", response_model=MachineCreateResponse, status_code=201, responses={**HTTP_409})
 def register_machine(
     body: MachineCreate,
     admin: dict = Depends(require_admin_user),
@@ -84,7 +84,7 @@ def list_my_machines(
     )
 
 
-@router.get("/{slug}", response_model=MachineResponse)
+@router.get("/{slug}", response_model=MachineResponse, responses={**HTTP_404})
 def get_machine(
     slug: str,
     request: Request,
@@ -94,7 +94,7 @@ def get_machine(
     return machine
 
 
-@router.put("/{slug}", response_model=MachineResponse)
+@router.put("/{slug}", response_model=MachineResponse, responses={**HTTP_404, **HTTP_409})
 def update_machine(
     slug: str,
     body: MachineUpdate,
@@ -119,7 +119,7 @@ def update_machine(
     return machine
 
 
-@router.delete("/{slug}", response_model=MessageResponse)
+@router.delete("/{slug}", response_model=MessageResponse, responses={**HTTP_404})
 def deactivate_machine(
     slug: str,
     admin: dict = Depends(require_admin_user),
@@ -133,7 +133,7 @@ def deactivate_machine(
     return {"detail": "Machine deactivated"}
 
 
-@router.post("/{slug}/token", response_model=MachineCreateResponse)
+@router.post("/{slug}/token", response_model=MachineCreateResponse, responses={**HTTP_404})
 def regenerate_token(
     slug: str,
     admin: dict = Depends(require_admin_user),
@@ -152,7 +152,7 @@ def regenerate_token(
 
 # --- Machine admins (by OIDC sub) ---
 
-@router.get("/{slug}/admins", response_model=list[MachineAdminResponse])
+@router.get("/{slug}/admins", response_model=list[MachineAdminResponse], responses={**HTTP_404})
 def list_machine_admins(
     slug: str,
     request: Request,
@@ -171,7 +171,7 @@ def list_machine_admins(
     return result
 
 
-@router.post("/{slug}/admins", response_model=MachineAdminResponse, status_code=201)
+@router.post("/{slug}/admins", response_model=MachineAdminResponse, status_code=201, responses={**HTTP_404, **HTTP_409})
 def add_machine_admin(
     slug: str,
     body: MachineAdminCreate,
@@ -197,7 +197,7 @@ def add_machine_admin(
     return {"machine_id": entry.machine_id, "oidc_sub": entry.oidc_sub, "user_name": linked_user.name if linked_user else None}
 
 
-@router.delete("/{slug}/admins/{oidc_sub}", response_model=MessageResponse)
+@router.delete("/{slug}/admins/{oidc_sub}", response_model=MessageResponse, responses={**HTTP_404})
 def remove_machine_admin(
     slug: str,
     oidc_sub: str,
@@ -221,7 +221,7 @@ def remove_machine_admin(
 
 # --- Session history ---
 
-@router.get("/{slug}/sessions", response_model=list[MachineSessionResponse])
+@router.get("/{slug}/sessions", response_model=list[MachineSessionResponse], responses={**HTTP_404})
 def list_sessions(
     slug: str,
     request: Request,
@@ -273,7 +273,7 @@ def list_sessions(
 
 # --- Users (for authorization dropdown) ---
 
-@router.get("/{slug}/users", response_model=list[MachineUserSummary])
+@router.get("/{slug}/users", response_model=list[MachineUserSummary], responses={**HTTP_404})
 def list_machine_users(
     slug: str,
     request: Request,
@@ -286,7 +286,7 @@ def list_machine_users(
 
 # --- Authorizations ---
 
-@router.get("/{slug}/authorizations", response_model=list[AuthorizationResponse])
+@router.get("/{slug}/authorizations", response_model=list[AuthorizationResponse], responses={**HTTP_404})
 def list_authorizations(
     slug: str,
     request: Request,
@@ -299,7 +299,7 @@ def list_authorizations(
     ]
 
 
-@router.post("/{slug}/authorizations", response_model=AuthorizationResponse, status_code=201)
+@router.post("/{slug}/authorizations", response_model=AuthorizationResponse, status_code=201, responses={**HTTP_404, **HTTP_409})
 def grant_authorization(
     slug: str,
     body: AuthorizationCreate,
@@ -335,7 +335,7 @@ def grant_authorization(
     return auth
 
 
-@router.put("/{slug}/authorizations/{nfc_id}", response_model=AuthorizationResponse)
+@router.put("/{slug}/authorizations/{nfc_id}", response_model=AuthorizationResponse, responses={**HTTP_404})
 def update_authorization(
     slug: str,
     nfc_id: int,
@@ -365,7 +365,7 @@ def update_authorization(
     return auth
 
 
-@router.delete("/{slug}/authorizations/{nfc_id}", response_model=MessageResponse)
+@router.delete("/{slug}/authorizations/{nfc_id}", response_model=MessageResponse, responses={**HTTP_404})
 def revoke_authorization(
     slug: str,
     nfc_id: int,
@@ -388,7 +388,7 @@ def revoke_authorization(
     return {"detail": "Authorization revoked"}
 
 
-@router.get("/{slug}/authorize/{nfc_id}", response_model=AuthorizeUserResponse)
+@router.get("/{slug}/authorize/{nfc_id}", response_model=AuthorizeUserResponse, responses={**HTTP_403, **HTTP_404})
 def check_authorization(
     slug: str,
     nfc_id: int,
 
@@ -18,7 +18,7 @@
 from app.models.product import Product, ProductAlias, ProductAudit, ProductAuditType, ProductCategory
 from app.models.transaction import Transaction, TransactionType
 from app.models.user import User
-from app.schemas.common import MessageResponse
+from app.schemas.common import HTTP_400, HTTP_402, HTTP_404, HTTP_409, MessageResponse
 from app.schemas.product import (
     CategoryCreate,
     ProductAliasCreate,
@@ -80,7 +80,7 @@ def list_categories(db: Session = Depends(get_db)):
     return sorted(from_table | from_products)
 
 
-@router.post("/categories", response_model=str, status_code=201)
+@router.post("/categories", response_model=str, status_code=201, responses={**HTTP_400, **HTTP_409})
 def create_category(
     body: CategoryCreate,
     user: dict = Depends(require_product_manager_user),
@@ -97,7 +97,7 @@ def create_category(
     return name
 
 
-@router.delete("/categories/{name}", response_model=MessageResponse)
+@router.delete("/categories/{name}", response_model=MessageResponse, responses={**HTTP_404, **HTTP_409})
 def delete_category(
     name: str,
     user: dict = Depends(require_product_manager_user),
@@ -114,13 +114,13 @@ def delete_category(
     return {"detail": f"Category '{name}' deleted"}
 
 
-@router.get("/products/{ean}", response_model=ProductDetailResponse)
+@router.get("/products/{ean}", response_model=ProductDetailResponse, responses={**HTTP_404})
 def get_product(ean: str, db: Session = Depends(get_db)):
     product = _resolve_product(ean, db)
     return product
 
 
-@router.post("/products", response_model=ProductResponse, status_code=201)
+@router.post("/products", response_model=ProductResponse, status_code=201, responses={**HTTP_409})
 def create_product(
     body: ProductCreate,
     user: dict = Depends(require_product_manager_user),
@@ -148,7 +148,7 @@ def create_product(
     return product
 
 
-@router.put("/products/{ean}", response_model=ProductResponse)
+@router.put("/products/{ean}", response_model=ProductResponse, responses={**HTTP_404})
 def update_product(
     ean: str,
     body: ProductUpdate,
@@ -192,7 +192,7 @@ def update_product(
     return product
 
 
-@router.post("/products/{ean}/stock", response_model=ProductResponse)
+@router.post("/products/{ean}/stock", response_model=ProductResponse, responses={**HTTP_400, **HTTP_404})
 def adjust_stock(
     ean: str,
     body: ProductStockAdjust,
@@ -218,7 +218,7 @@ def adjust_stock(
     return product
 
 
-@router.post("/products/{ean}/stocktaking", response_model=ProductResponse)
+@router.post("/products/{ean}/stocktaking", response_model=ProductResponse, responses={**HTTP_400, **HTTP_404})
 def stocktaking(
     ean: str,
     body: ProductStocktaking,
@@ -243,7 +243,7 @@ def stocktaking(
     return product
 
 
-@router.get("/products/{ean}/audit", response_model=list[ProductAuditResponse])
+@router.get("/products/{ean}/audit", response_model=list[ProductAuditResponse], responses={**HTTP_404})
 def get_product_audit(
     ean: str,
     user: dict = Depends(require_product_manager_user),
@@ -258,7 +258,7 @@ def get_product_audit(
     )
 
 
-@router.get("/products/{ean}/popularity", response_model=ProductPopularityResponse)
+@router.get("/products/{ean}/popularity", response_model=ProductPopularityResponse, responses={**HTTP_404})
 def product_popularity(
     ean: str,
     days: int = Query(default=7, ge=1, le=365),
@@ -287,13 +287,13 @@ def product_popularity(
 
 # --- Aliases ---
 
-@router.get("/products/{ean}/aliases", response_model=list[ProductAliasResponse])
+@router.get("/products/{ean}/aliases", response_model=list[ProductAliasResponse], responses={**HTTP_404})
 def list_aliases(ean: str, db: Session = Depends(get_db)):
     product = _resolve_product(ean, db)
     return product.aliases
 
 
-@router.post("/products/{ean}/aliases", response_model=ProductAliasResponse, status_code=201)
+@router.post("/products/{ean}/aliases", response_model=ProductAliasResponse, status_code=201, responses={**HTTP_404, **HTTP_409})
 def add_alias(
     ean: str,
     body: ProductAliasCreate,
@@ -312,7 +312,7 @@ def add_alias(
     return alias
 
 
-@router.delete("/products/{ean}/aliases/{alias_ean}", response_model=MessageResponse)
+@router.delete("/products/{ean}/aliases/{alias_ean}", response_model=MessageResponse, responses={**HTTP_404})
 def delete_alias(
     ean: str,
     alias_ean: str,
@@ -334,7 +334,7 @@ def delete_alias(
 
 # --- Purchase (checkout device) ---
 
-@router.post("/products/{ean}/purchase", response_model=PurchaseResponse)
+@router.post("/products/{ean}/purchase", response_model=PurchaseResponse, responses={**HTTP_400, **HTTP_402, **HTTP_404})
 def purchase_product(
     ean: str,
     body: PurchaseBody,