feat: Implement project management with new models, repositories, and API endpoints, and enhance character management with project association and DTOs.

api/endpoints/assets_router.py

@@ -19,6 +19,7 @@ import logging
 logger = logging.getLogger(__name__)
 
 from api.endpoints.auth import get_current_user
+from api.dependency import get_project_id
 
 router = APIRouter(prefix="/api/assets", tags=["Assets"])
 
@@ -68,11 +69,19 @@ async def delete_asset(
 
 
 @router.get("", dependencies=[Depends(get_current_user)])
-async def get_assets(request: Request, dao: DAO = Depends(get_dao), type: Optional[str] = None, limit: int = 10, offset: int = 0) -> AssetsResponse:
+async def get_assets(request: Request, dao: DAO = Depends(get_dao), type: Optional[str] = None, limit: int = 10, offset: int = 0, current_user: dict = Depends(get_current_user), project_id: Optional[str] = Depends(get_project_id)) -> AssetsResponse:
     logger.info(f"get_assets called. Limit: {limit}, Offset: {offset}")
-    assets = await dao.assets.get_assets(type, limit, offset)
+    
+    user_id_filter = str(current_user["_id"])
+    if project_id:
+        project = await dao.projects.get_project(project_id)
+        if not project or str(current_user["_id"]) not in project.members:
+             raise HTTPException(status_code=403, detail="Project access denied")
+        user_id_filter = None
+
+    assets = await dao.assets.get_assets(type, limit, offset, created_by=user_id_filter, project_id=project_id)
     # assets = await dao.assets.get_assets() # This line seemed redundant/conflicting in original code
-    total_count = await dao.assets.get_asset_count()
+    total_count = await dao.assets.get_asset_count(created_by=user_id_filter, project_id=project_id)
 
     # Manually map to DTO to trigger computed fields validation if necessary, 
     # but primarily to ensure valid Pydantic models for the response list.
@@ -84,11 +93,13 @@ async def get_assets(request: Request, dao: DAO = Depends(get_dao), type: Option
 
 
 
-@router.post("/upload", response_model=AssetResponse, status_code=status.HTTP_201_CREATED, dependencies=[Depends(get_current_user)])
+@router.post("/upload", response_model=AssetResponse, status_code=status.HTTP_201_CREATED)
 async def upload_asset(
     file: UploadFile = File(...),
     linked_char_id: Optional[str] = Form(None),
     dao: DAO = Depends(get_dao),
+    current_user: dict = Depends(get_current_user),
+    project_id: Optional[str] = Depends(get_project_id)
 ):
     logger.info(f"upload_asset called. Filename: {file.filename}, ContentType: {file.content_type}, LinkedCharId: {linked_char_id}")
     if not file.content_type:
@@ -96,6 +107,11 @@ async def upload_asset(
 
     if not file.content_type.startswith("image/"):
         raise HTTPException(status_code=400, detail=f"Unsupported content type: {file.content_type}")
+        
+    if project_id:
+        project = await dao.projects.get_project(project_id)
+        if not project or str(current_user["_id"]) not in project.members:
+             raise HTTPException(status_code=403, detail="Project access denied")
 
     data = await file.read()
     if not data:
@@ -111,7 +127,9 @@ async def upload_asset(
         content_type=AssetContentType.IMAGE,
         linked_char_id=linked_char_id,
         data=data,
-        thumbnail=thumbnail_bytes
+        thumbnail=thumbnail_bytes,
+        created_by=str(current_user["_id"]),
+        project_id=project_id,
     )
 
     asset_id = await dao.assets.create_asset(asset)