Spaces:

akiko19191
/

randomisedbackend2

Running

App Files Files Community

akiko19191 commited on 15 days ago

Commit

892f25f

verified ·

1 Parent(s): f0b4404

Update app/api.py

Browse files

Files changed (1) hide show

app/api.py +391 -391

app/api.py CHANGED Viewed

@@ -1,392 +1,392 @@
-# your_app/api.py
-from flask import Blueprint, request, jsonify, current_app, redirect
-from bson.objectid import ObjectId
-from datetime import datetime
-from flask_jwt_extended import create_access_token, jwt_required, get_jwt_identity
-from .extensions import bcrypt, mongo
-from .xero_utils import trigger_po_creation, trigger_contact_creation,sync_user_approval_from_xero
-from .email_utils import send_order_confirmation_email, send_registration_email, send_login_notification_email, send_cart_reminder_email
-from .general_utils import get_next_order_serial
-api_bp = Blueprint('api', __name__)
-@api_bp.route('/sync_xero_users', methods=['GET'])
-def sync_xero_users():
-    sync_user_approval_from_xero()
-    return "✅"
-@api_bp.route('/clear')
-def clear_all():
-    mongo.db.users.delete_many({})
-    mongo.db.orders.delete_many({})
-    return "✅"
-@api_bp.route('/register', methods=['POST'])
-def register():
-    data = request.get_json()
-    email = data.get('email')
-    password = data.get('password')
-    company_name = data.get('businessName')
-    if not all([email, password, company_name]):
-        return jsonify({"msg": "Missing required fields: Email, Password, and Business Name"}), 400
-    if mongo.db.users.find_one({'email': email}):
-        return jsonify({"msg": "A user with this email already exists"}), 409
-    hashed_password = bcrypt.generate_password_hash(password).decode('utf-8')
-    user_document = data.copy()
-    user_document['password'] = hashed_password
-    user_document['company_name'] = company_name
-    user_document['is_approved'] = True
-    user_document['is_admin'] = False
-    mongo.db.users.insert_one(user_document)
-    trigger_contact_creation(data)
-    try:
-        send_registration_email(data)
-    except Exception as e:
-        current_app.logger.error(f"Failed to send registration email to {email}: {e}")
-    return jsonify({"msg": "Registration successful! Your application is being processed."}), 201
-# ... (the rest of your api.py file remains unchanged)
-@api_bp.route('/login', methods=['POST'])
-def login():
-    data = request.get_json()
-    email, password = data.get('email'), data.get('password')
-    user = mongo.db.users.find_one({'email': email})
-    if user and user.get('password') and bcrypt.check_password_hash(user['password'], password):
-        if not user.get('is_approved', False): return jsonify({"msg": "Account pending approval"}), 403
-        try:
-            send_login_notification_email(user)
-        except Exception as e:
-            current_app.logger.error(f"Failed to send login notification email to {email}: {e}")
-        access_token = create_access_token(identity=email)
-        return jsonify(access_token=access_token, email=user['email'], companyName=user['businessName'],contactPerson=user.get('contactPerson', '')) , 200
-    return jsonify({"msg": "Bad email or password"}), 401
-@api_bp.route('/profile', methods=['GET'])
-@jwt_required()
-def get_user_profile():
-    user_email = get_jwt_identity()
-    user = mongo.db.users.find_one({'email': user_email})
-    if not user:
-        return jsonify({"msg": "User not found"}), 404
-    profile_data = {
-        'deliveryAddress': user.get('businessAddress', ''),
-        'mobileNumber': user.get('phoneNumber', '')
-    }
-    return jsonify(profile_data), 200
-@api_bp.route('/products', methods=['GET'])
-def get_products():
-    products = [{
-        'id': str(p['_id']), 'name': p.get('name'), 'category': p.get('category'),
-        'unit': p.get('unit'), 'image_url': p.get('image_url', ''), 'price': p.get('price', '')
-    } for p in mongo.db.products.find()]
-    return jsonify(products)
-@api_bp.route('/cart', methods=['GET', 'POST'])
-@jwt_required()
-def handle_cart():
-    user_email = get_jwt_identity()
-    if request.method == 'GET':
-        cart = mongo.db.carts.find_one({'user_email': user_email})
-        if not cart:
-            return jsonify({'items': [], 'deliveryDate': None})
-        populated_items = []
-        if cart.get('items'):
-            product_ids = [ObjectId(item['productId']) for item in cart['items']]
-            if product_ids:
-                products = {str(p['_id']): p for p in mongo.db.products.find({'_id': {'$in': product_ids}})}
-                for item in cart['items']:
-                    details = products.get(item['productId'])
-                    if details:
-                        populated_items.append({
-                            'product': {'id': str(details['_id']), 'name': details.get('name'), 'unit': details.get('unit'), 'image_url': details.get('image_url'), 'price': details.get('price')},
-                            'quantity': item['quantity'],
-                            'mode': item.get('mode', 'pieces')
-                        })
-        return jsonify({
-            'items': populated_items,
-            'deliveryDate': cart.get('deliveryDate')
-        })
-    if request.method == 'POST':
-        data = request.get_json()
-        update_doc = {
-            'user_email': user_email,
-            'updated_at': datetime.utcnow()
-        }
-        if 'items' in data:
-            update_doc['items'] = data['items']
-        if 'deliveryDate' in data:
-            update_doc['deliveryDate'] = data['deliveryDate']
-        mongo.db.carts.update_one(
-            {'user_email': user_email},
-            {'$set': update_doc},
-            upsert=True
-        )
-        return jsonify({"msg": "Cart updated successfully"})
-@api_bp.route('/orders', methods=['GET', 'POST'])
-@jwt_required()
-def handle_orders():
-    user_email = get_jwt_identity()
-    if request.method == 'POST':
-        cart = mongo.db.carts.find_one({'user_email': user_email})
-        if not cart or not cart.get('items'): return jsonify({"msg": "Your cart is empty"}), 400
-        data = request.get_json()
-        if not all([data.get('deliveryDate'), data.get('deliveryAddress'), data.get('mobileNumber')]): return jsonify({"msg": "Missing delivery information"}), 400
-        user = mongo.db.users.find_one({'email': user_email})
-        if not user:
-            return jsonify({"msg": "User not found"}), 404
-        order_doc = {
-            'user_email': user_email, 'items': cart['items'], 'delivery_date': data['deliveryDate'],
-            'delivery_address': data['deliveryAddress'], 'mobile_number': data['mobileNumber'],
-            'additional_info': data.get('additionalInfo'), 'total_amount': data.get('totalAmount'),
-            'status': 'pending', 'created_at': datetime.utcnow()
-        }
-        order_doc['serial_no'] = get_next_order_serial()
-        order_id = mongo.db.orders.insert_one(order_doc).inserted_id
-        order_doc['_id'] = order_id
-        order_details_for_xero = {
-            "order_id": str(order_id), "user_email": user_email, "items": cart['items'],
-            "delivery_address": data['deliveryAddress'], "mobile_number": data['mobileNumber'],"deliverydate":data["deliveryDate"]
-        }
-        trigger_po_creation(order_details_for_xero)
-        try:
-            product_ids = [ObjectId(item['productId']) for item in cart['items']]
-            products_map = {str(p['_id']): p for p in mongo.db.products.find({'_id': {'$in': product_ids}})}
-            order_doc['populated_items'] = [{
-                "name": products_map.get(item['productId'], {}).get('name', 'N/A'),
-                "quantity": item['quantity'],
-                "mode": item.get('mode', 'pieces')
-            } for item in cart['items']]
-            send_order_confirmation_email(order_doc, user)
-        except Exception as e:
-            current_app.logger.error(f"Failed to send confirmation email for order {order_id}: {e}")
-        mongo.db.carts.delete_one({'user_email': user_email})
-        return jsonify({"msg": "Order placed successfully! You will be redirected shortly to the Orders Page!", "orderId": str(order_id)}), 201
-    if request.method == 'GET':
-        user_orders = list(mongo.db.orders.find({'user_email': user_email}).sort('created_at', -1))
-        if not user_orders: return jsonify([])
-        all_product_ids = {ObjectId(item['productId']) for order in user_orders for item in order.get('items', [])}
-        products = {str(p['_id']): p for p in mongo.db.products.find({'_id': {'$in': list(all_product_ids)}})}
-        for order in user_orders:
-            order['items'] = [
-                {
-                    'quantity': item['quantity'],
-                    'mode': item.get('mode', 'pieces'),
-                    'product': {
-                        'id': str(p['_id']),
-                        'name': p.get('name'),
-                        'unit': p.get('unit'),
-                        'image_url': p.get('image_url')
-                    }
-                }
-                for item in order.get('items', []) if (p := products.get(item['productId']))
-            ]
-            order['_id'] = str(order['_id'])
-            order['created_at'] = order['created_at'].isoformat()
-            order['delivery_date'] = order['delivery_date'] if isinstance(order['delivery_date'], str) else order['delivery_date'].isoformat()
-        return jsonify(user_orders)
-@api_bp.route('/orders/<order_id>', methods=['GET'])
-@jwt_required()
-def get_order(order_id):
-    user_email = get_jwt_identity()
-    try:
-        order = mongo.db.orders.find_one({'_id': ObjectId(order_id), 'user_email': user_email})
-        if not order:
-            return jsonify({"msg": "Order not found or access denied"}), 404
-        order['_id'] = str(order['_id'])
-        return jsonify(order), 200
-    except Exception as e:
-        return jsonify({"msg": f"Invalid Order ID format: {e}"}), 400
-@api_bp.route('/orders/<order_id>', methods=['PUT'])
-@jwt_required()
-def update_order(order_id):
-    user_email = get_jwt_identity()
-    order = mongo.db.orders.find_one({'_id': ObjectId(order_id), 'user_email': user_email})
-    if not order:
-        return jsonify({"msg": "Order not found or access denied"}), 404
-    if order.get('status') not in ['pending', 'confirmed']:
-        return jsonify({"msg": f"Order with status '{order.get('status')}' cannot be modified."}), 400
-    cart = mongo.db.carts.find_one({'user_email': user_email})
-    if not cart or not cart.get('items'):
-        return jsonify({"msg": "Cannot update with an empty cart. Please add items."}), 400
-    data = request.get_json()
-    update_doc = {
-        'items': cart['items'],
-        'delivery_date': data['deliveryDate'],
-        'delivery_address': data['deliveryAddress'],
-        'mobile_number': data['mobileNumber'],
-        'additional_info': data.get('additionalInfo'),
-        'total_amount': data.get('totalAmount'),
-        'updated_at': datetime.utcnow()
-    }
-    mongo.db.orders.update_one({'_id': ObjectId(order_id)}, {'$set': update_doc})
-    mongo.db.carts.delete_one({'user_email': user_email})
-    return jsonify({"msg": "Order updated successfully!", "orderId": order_id}), 200
-@api_bp.route('/orders/<order_id>/cancel', methods=['POST'])
-@jwt_required()
-def cancel_order(order_id):
-    user_email = get_jwt_identity()
-    order = mongo.db.orders.find_one({'_id': ObjectId(order_id), 'user_email': user_email})
-    if not order:
-        return jsonify({"msg": "Order not found or access denied"}), 404
-    if order.get('status') in ['delivered', 'cancelled']:
-        return jsonify({"msg": "This order can no longer be cancelled."}), 400
-    mongo.db.orders.update_one(
-        {'_id': ObjectId(order_id)},
-        {'$set': {'status': 'cancelled', 'updated_at': datetime.utcnow()}}
-    )
-    return jsonify({"msg": "Order has been cancelled."}), 200
-@api_bp.route('/sendmail', methods=['GET'])
-def send_cart_reminders():
-    try:
-        carts_with_items = list(mongo.db.carts.find({'items': {'$exists': True, '$ne': []}}))
-        if not carts_with_items:
-            return jsonify({"msg": "No users with pending items in cart."}), 200
-        user_emails = [cart['user_email'] for cart in carts_with_items]
-        all_product_ids = {
-            ObjectId(item['productId'])
-            for cart in carts_with_items
-            for item in cart.get('items', [])
-        }
-        users_cursor = mongo.db.users.find({'email': {'$in': user_emails}})
-        products_cursor = mongo.db.products.find({'_id': {'$in': list(all_product_ids)}})
-        users_map = {user['email']: user for user in users_cursor}
-        products_map = {str(prod['_id']): prod for prod in products_cursor}
-        emails_sent_count = 0
-        for cart in carts_with_items:
-            user = users_map.get(cart['user_email'])
-            if not user:
-                current_app.logger.warning(f"Cart found for non-existent user: {cart['user_email']}")
-                continue
-            populated_items = []
-            for item in cart.get('items', []):
-                product_details = products_map.get(item['productId'])
-                if product_details:
-                    populated_items.append({
-                        'product': {
-                            'id': str(product_details['_id']),
-                            'name': product_details.get('name'),
-                        },
-                        'quantity': item['quantity']
-                    })
-            if populated_items:
-                try:
-                    send_cart_reminder_email(user, populated_items)
-                    emails_sent_count += 1
-                except Exception as e:
-                    current_app.logger.error(f"Failed to send cart reminder to {user['email']}: {e}")
-        return jsonify({"msg": f"Cart reminder process finished. Emails sent to {emails_sent_count} users."}), 200
-    except Exception as e:
-        current_app.logger.error(f"Error in /sendmail endpoint: {e}")
-        return jsonify({"msg": "An internal error occurred while sending reminders."}), 500
-@api_bp.route('/admin/users/approve/<user_id>', methods=['POST'])
-@jwt_required()
-def approve_user(user_id):
-    mongo.db.users.update_one({'_id': ObjectId(user_id)}, {'$set': {'is_approved': True}})
-    return jsonify({"msg": f"User {user_id} approved"})
-# +++ START: NEW ENDPOINT FOR ITEM REQUESTS +++
-@api_bp.route('/request-item', methods=['POST'])
-@jwt_required()
-def request_item():
-    """
-    Allows a logged-in user to request an item that is not in the catalog.
-    The request is saved to the database for admin review.
-    """
-    user_email = get_jwt_identity()
-    data = request.get_json()
-    if not data or not data.get('details'):
-        return jsonify({"msg": "Item details are required."}), 400
-    details = data.get('details').strip()
-    if not details:
-        return jsonify({"msg": "Item details cannot be empty."}), 400
-    try:
-        # Fetch user info for more context in the request
-        user = mongo.db.users.find_one({'email': user_email}, {'company_name': 1})
-        company_name = user.get('company_name', 'N/A') if user else 'N/A'
-        request_doc = {
-            'user_email': user_email,
-            'company_name': company_name,
-            'details': details,
-            'status': 'new',  # Possible statuses: 'new', 'reviewed', 'sourced', 'rejected'
-            'requested_at': datetime.utcnow()
-        }
-        # The collection 'item_requests' will be created if it doesn't exist
-        mongo.db.item_requests.insert_one(request_doc)
-        # Optional: Here you could add a call to an email utility to notify admins
-        # For example: send_item_request_notification(user_email, company_name, details)
-        return jsonify({"msg": "Your item request has been submitted. We will look into it!"}), 201
-    except Exception as e:
-        current_app.logger.error(f"Error processing item request for {user_email}: {e}")
         return jsonify({"msg": "An internal server error occurred."}), 500

+# your_app/api.py
+from flask import Blueprint, request, jsonify, current_app, redirect
+from bson.objectid import ObjectId
+from datetime import datetime
+from flask_jwt_extended import create_access_token, jwt_required, get_jwt_identity
+from .extensions import bcrypt, mongo
+from .xero_utils import trigger_po_creation, trigger_contact_creation,sync_user_approval_from_xero
+from .email_utils import send_order_confirmation_email, send_registration_email, send_login_notification_email, send_cart_reminder_email
+from .general_utils import get_next_order_serial
+api_bp = Blueprint('api', __name__)
+@api_bp.route('/sync_xero_users', methods=['GET'])
+def sync_xero_users():
+    sync_user_approval_from_xero()
+    return "✅"
+@api_bp.route('/clear')
+def clear_all():
+    mongo.db.users.delete_many({})
+    mongo.db.orders.delete_many({})
+    return "✅"
+@api_bp.route('/register', methods=['POST'])
+def register():
+    data = request.get_json()
+    email = data.get('email')
+    password = data.get('password')
+    company_name = data.get('businessName')
+    if not all([email, password, company_name]):
+        return jsonify({"msg": "Missing required fields: Email, Password, and Business Name"}), 400
+    if mongo.db.users.find_one({'email': email}):
+        return jsonify({"msg": "A user with this email already exists"}), 409
+    hashed_password = bcrypt.generate_password_hash(password).decode('utf-8')
+    user_document = data.copy()
+    user_document['password'] = hashed_password
+    user_document['company_name'] = company_name
+    user_document['is_approved'] = False
+    user_document['is_admin'] = False
+    mongo.db.users.insert_one(user_document)
+    trigger_contact_creation(data)
+    try:
+        send_registration_email(data)
+    except Exception as e:
+        current_app.logger.error(f"Failed to send registration email to {email}: {e}")
+    return jsonify({"msg": "Registration successful! Your application is being processed."}), 201
+# ... (the rest of your api.py file remains unchanged)
+@api_bp.route('/login', methods=['POST'])
+def login():
+    data = request.get_json()
+    email, password = data.get('email'), data.get('password')
+    user = mongo.db.users.find_one({'email': email})
+    if user and user.get('password') and bcrypt.check_password_hash(user['password'], password):
+        if not user.get('is_approved', False): return jsonify({"msg": "Account pending approval"}), 403
+        try:
+            send_login_notification_email(user)
+        except Exception as e:
+            current_app.logger.error(f"Failed to send login notification email to {email}: {e}")
+        access_token = create_access_token(identity=email)
+        return jsonify(access_token=access_token, email=user['email'], companyName=user['businessName'],contactPerson=user.get('contactPerson', '')) , 200
+    return jsonify({"msg": "Bad email or password"}), 401
+@api_bp.route('/profile', methods=['GET'])
+@jwt_required()
+def get_user_profile():
+    user_email = get_jwt_identity()
+    user = mongo.db.users.find_one({'email': user_email})
+    if not user:
+        return jsonify({"msg": "User not found"}), 404
+    profile_data = {
+        'deliveryAddress': user.get('businessAddress', ''),
+        'mobileNumber': user.get('phoneNumber', '')
+    }
+    return jsonify(profile_data), 200
+@api_bp.route('/products', methods=['GET'])
+def get_products():
+    products = [{
+        'id': str(p['_id']), 'name': p.get('name'), 'category': p.get('category'),
+        'unit': p.get('unit'), 'image_url': p.get('image_url', ''), 'price': p.get('price', '')
+    } for p in mongo.db.products.find()]
+    return jsonify(products)
+@api_bp.route('/cart', methods=['GET', 'POST'])
+@jwt_required()
+def handle_cart():
+    user_email = get_jwt_identity()
+    if request.method == 'GET':
+        cart = mongo.db.carts.find_one({'user_email': user_email})
+        if not cart:
+            return jsonify({'items': [], 'deliveryDate': None})
+        populated_items = []
+        if cart.get('items'):
+            product_ids = [ObjectId(item['productId']) for item in cart['items']]
+            if product_ids:
+                products = {str(p['_id']): p for p in mongo.db.products.find({'_id': {'$in': product_ids}})}
+                for item in cart['items']:
+                    details = products.get(item['productId'])
+                    if details:
+                        populated_items.append({
+                            'product': {'id': str(details['_id']), 'name': details.get('name'), 'unit': details.get('unit'), 'image_url': details.get('image_url'), 'price': details.get('price')},
+                            'quantity': item['quantity'],
+                            'mode': item.get('mode', 'pieces')
+                        })
+        return jsonify({
+            'items': populated_items,
+            'deliveryDate': cart.get('deliveryDate')
+        })
+    if request.method == 'POST':
+        data = request.get_json()
+        update_doc = {
+            'user_email': user_email,
+            'updated_at': datetime.utcnow()
+        }
+        if 'items' in data:
+            update_doc['items'] = data['items']
+        if 'deliveryDate' in data:
+            update_doc['deliveryDate'] = data['deliveryDate']
+        mongo.db.carts.update_one(
+            {'user_email': user_email},
+            {'$set': update_doc},
+            upsert=True
+        )
+        return jsonify({"msg": "Cart updated successfully"})
+@api_bp.route('/orders', methods=['GET', 'POST'])
+@jwt_required()
+def handle_orders():
+    user_email = get_jwt_identity()
+    if request.method == 'POST':
+        cart = mongo.db.carts.find_one({'user_email': user_email})
+        if not cart or not cart.get('items'): return jsonify({"msg": "Your cart is empty"}), 400
+        data = request.get_json()
+        if not all([data.get('deliveryDate'), data.get('deliveryAddress'), data.get('mobileNumber')]): return jsonify({"msg": "Missing delivery information"}), 400
+        user = mongo.db.users.find_one({'email': user_email})
+        if not user:
+            return jsonify({"msg": "User not found"}), 404
+        order_doc = {
+            'user_email': user_email, 'items': cart['items'], 'delivery_date': data['deliveryDate'],
+            'delivery_address': data['deliveryAddress'], 'mobile_number': data['mobileNumber'],
+            'additional_info': data.get('additionalInfo'), 'total_amount': data.get('totalAmount'),
+            'status': 'pending', 'created_at': datetime.utcnow()
+        }
+        order_doc['serial_no'] = get_next_order_serial()
+        order_id = mongo.db.orders.insert_one(order_doc).inserted_id
+        order_doc['_id'] = order_id
+        order_details_for_xero = {
+            "order_id": str(order_id), "user_email": user_email, "items": cart['items'],
+            "delivery_address": data['deliveryAddress'], "mobile_number": data['mobileNumber'],"deliverydate":data["deliveryDate"]
+        }
+        trigger_po_creation(order_details_for_xero)
+        try:
+            product_ids = [ObjectId(item['productId']) for item in cart['items']]
+            products_map = {str(p['_id']): p for p in mongo.db.products.find({'_id': {'$in': product_ids}})}
+            order_doc['populated_items'] = [{
+                "name": products_map.get(item['productId'], {}).get('name', 'N/A'),
+                "quantity": item['quantity'],
+                "mode": item.get('mode', 'pieces')
+            } for item in cart['items']]
+            send_order_confirmation_email(order_doc, user)
+        except Exception as e:
+            current_app.logger.error(f"Failed to send confirmation email for order {order_id}: {e}")
+        mongo.db.carts.delete_one({'user_email': user_email})
+        return jsonify({"msg": "Order placed successfully! You will be redirected shortly to the Orders Page!", "orderId": str(order_id)}), 201
+    if request.method == 'GET':
+        user_orders = list(mongo.db.orders.find({'user_email': user_email}).sort('created_at', -1))
+        if not user_orders: return jsonify([])
+        all_product_ids = {ObjectId(item['productId']) for order in user_orders for item in order.get('items', [])}
+        products = {str(p['_id']): p for p in mongo.db.products.find({'_id': {'$in': list(all_product_ids)}})}
+        for order in user_orders:
+            order['items'] = [
+                {
+                    'quantity': item['quantity'],
+                    'mode': item.get('mode', 'pieces'),
+                    'product': {
+                        'id': str(p['_id']),
+                        'name': p.get('name'),
+                        'unit': p.get('unit'),
+                        'image_url': p.get('image_url')
+                    }
+                }
+                for item in order.get('items', []) if (p := products.get(item['productId']))
+            ]
+            order['_id'] = str(order['_id'])
+            order['created_at'] = order['created_at'].isoformat()
+            order['delivery_date'] = order['delivery_date'] if isinstance(order['delivery_date'], str) else order['delivery_date'].isoformat()
+        return jsonify(user_orders)
+@api_bp.route('/orders/<order_id>', methods=['GET'])
+@jwt_required()
+def get_order(order_id):
+    user_email = get_jwt_identity()
+    try:
+        order = mongo.db.orders.find_one({'_id': ObjectId(order_id), 'user_email': user_email})
+        if not order:
+            return jsonify({"msg": "Order not found or access denied"}), 404
+        order['_id'] = str(order['_id'])
+        return jsonify(order), 200
+    except Exception as e:
+        return jsonify({"msg": f"Invalid Order ID format: {e}"}), 400
+@api_bp.route('/orders/<order_id>', methods=['PUT'])
+@jwt_required()
+def update_order(order_id):
+    user_email = get_jwt_identity()
+    order = mongo.db.orders.find_one({'_id': ObjectId(order_id), 'user_email': user_email})
+    if not order:
+        return jsonify({"msg": "Order not found or access denied"}), 404
+    if order.get('status') not in ['pending', 'confirmed']:
+        return jsonify({"msg": f"Order with status '{order.get('status')}' cannot be modified."}), 400
+    cart = mongo.db.carts.find_one({'user_email': user_email})
+    if not cart or not cart.get('items'):
+        return jsonify({"msg": "Cannot update with an empty cart. Please add items."}), 400
+    data = request.get_json()
+    update_doc = {
+        'items': cart['items'],
+        'delivery_date': data['deliveryDate'],
+        'delivery_address': data['deliveryAddress'],
+        'mobile_number': data['mobileNumber'],
+        'additional_info': data.get('additionalInfo'),
+        'total_amount': data.get('totalAmount'),
+        'updated_at': datetime.utcnow()
+    }
+    mongo.db.orders.update_one({'_id': ObjectId(order_id)}, {'$set': update_doc})
+    mongo.db.carts.delete_one({'user_email': user_email})
+    return jsonify({"msg": "Order updated successfully!", "orderId": order_id}), 200
+@api_bp.route('/orders/<order_id>/cancel', methods=['POST'])
+@jwt_required()
+def cancel_order(order_id):
+    user_email = get_jwt_identity()
+    order = mongo.db.orders.find_one({'_id': ObjectId(order_id), 'user_email': user_email})
+    if not order:
+        return jsonify({"msg": "Order not found or access denied"}), 404
+    if order.get('status') in ['delivered', 'cancelled']:
+        return jsonify({"msg": "This order can no longer be cancelled."}), 400
+    mongo.db.orders.update_one(
+        {'_id': ObjectId(order_id)},
+        {'$set': {'status': 'cancelled', 'updated_at': datetime.utcnow()}}
+    )
+    return jsonify({"msg": "Order has been cancelled."}), 200
+@api_bp.route('/sendmail', methods=['GET'])
+def send_cart_reminders():
+    try:
+        carts_with_items = list(mongo.db.carts.find({'items': {'$exists': True, '$ne': []}}))
+        if not carts_with_items:
+            return jsonify({"msg": "No users with pending items in cart."}), 200
+        user_emails = [cart['user_email'] for cart in carts_with_items]
+        all_product_ids = {
+            ObjectId(item['productId'])
+            for cart in carts_with_items
+            for item in cart.get('items', [])
+        }
+        users_cursor = mongo.db.users.find({'email': {'$in': user_emails}})
+        products_cursor = mongo.db.products.find({'_id': {'$in': list(all_product_ids)}})
+        users_map = {user['email']: user for user in users_cursor}
+        products_map = {str(prod['_id']): prod for prod in products_cursor}
+        emails_sent_count = 0
+        for cart in carts_with_items:
+            user = users_map.get(cart['user_email'])
+            if not user:
+                current_app.logger.warning(f"Cart found for non-existent user: {cart['user_email']}")
+                continue
+            populated_items = []
+            for item in cart.get('items', []):
+                product_details = products_map.get(item['productId'])
+                if product_details:
+                    populated_items.append({
+                        'product': {
+                            'id': str(product_details['_id']),
+                            'name': product_details.get('name'),
+                        },
+                        'quantity': item['quantity']
+                    })
+            if populated_items:
+                try:
+                    send_cart_reminder_email(user, populated_items)
+                    emails_sent_count += 1
+                except Exception as e:
+                    current_app.logger.error(f"Failed to send cart reminder to {user['email']}: {e}")
+        return jsonify({"msg": f"Cart reminder process finished. Emails sent to {emails_sent_count} users."}), 200
+    except Exception as e:
+        current_app.logger.error(f"Error in /sendmail endpoint: {e}")
+        return jsonify({"msg": "An internal error occurred while sending reminders."}), 500
+@api_bp.route('/admin/users/approve/<user_id>', methods=['POST'])
+@jwt_required()
+def approve_user(user_id):
+    mongo.db.users.update_one({'_id': ObjectId(user_id)}, {'$set': {'is_approved': True}})
+    return jsonify({"msg": f"User {user_id} approved"})
+# +++ START: NEW ENDPOINT FOR ITEM REQUESTS +++
+@api_bp.route('/request-item', methods=['POST'])
+@jwt_required()
+def request_item():
+    """
+    Allows a logged-in user to request an item that is not in the catalog.
+    The request is saved to the database for admin review.
+    """
+    user_email = get_jwt_identity()
+    data = request.get_json()
+    if not data or not data.get('details'):
+        return jsonify({"msg": "Item details are required."}), 400
+    details = data.get('details').strip()
+    if not details:
+        return jsonify({"msg": "Item details cannot be empty."}), 400
+    try:
+        # Fetch user info for more context in the request
+        user = mongo.db.users.find_one({'email': user_email}, {'company_name': 1})
+        company_name = user.get('company_name', 'N/A') if user else 'N/A'
+        request_doc = {
+            'user_email': user_email,
+            'company_name': company_name,
+            'details': details,
+            'status': 'new',  # Possible statuses: 'new', 'reviewed', 'sourced', 'rejected'
+            'requested_at': datetime.utcnow()
+        }
+        # The collection 'item_requests' will be created if it doesn't exist
+        mongo.db.item_requests.insert_one(request_doc)
+        # Optional: Here you could add a call to an email utility to notify admins
+        # For example: send_item_request_notification(user_email, company_name, details)
+        return jsonify({"msg": "Your item request has been submitted. We will look into it!"}), 201
+    except Exception as e:
+        current_app.logger.error(f"Error processing item request for {user_email}: {e}")
         return jsonify({"msg": "An internal server error occurred."}), 500