ranking forms (#47)

## Notion ticket link
[llsc-74-ranking
forms](https://www.notion.so/uwblueprintexecs/Ranking-Forms-20510f3fb1dc80fd8cfacfd8af1ce2df?source=copy_link)


<!-- Give a quick summary of the implementation details, provide design
justifications if necessary -->
## Implementation description
This PR completes the ranking forms on both the frontend and backend. It
also includes a migration to update the ranking_preferences schema so
that we can store experiences/treatments rather than just qualities, and
so that we can also keep track of whether the scope of the preference
selected is for the volunteer or the volunteer's loved one (which is
needed for cases where the user is a caregiver requesting a caregiver
volunteer). This should hopefully make getting the ranking preferences
easier for the matching part.

A bunch of frontend improvements as well. The main one is the new
protected page component which allows us to restrict certain types of
users from viewing certain pages (so that volunteers can't access the
participant intake or ranking form and participants can't access the
volunteer intake form, etc.).

To complete the forms, we still need to do the secondary application
form for volunteers. I think the backend has been started in another
branch but I don't think we've started the frontend yet.

We also need the logic for controlling what should be shown to users
when they login for both participants and volunteers (eg. should it be
the intake form, intake thank you note, ranking form, ranking thank you
note, or dashboard). This can probably go in a separate PR later? We'll
probably need some new endpoints for allowing admins to move users
between stages and potentially schema changes (haven't thought about
this in much detail yet).

I think some minor styling improvements can be made to better match the
figma designs, as well as making sure our forms look good on mobile as
well.

<!-- What should the reviewer do to verify your changes? Describe
expected results and include screenshots when appropriate -->
## Steps to test
1.


<!-- Draw attention to the substantial parts of your PR or anything
you'd like a second opinion on -->
## What should reviewers focus on?
* 


## Checklist
- [ ] My PR name is descriptive and in imperative tense
- [ ] My commit messages are descriptive and in imperative tense. My
commits are atomic and trivial commits are squashed or fixup'd into
non-trivial commits
- [ ] I have run the appropriate linter(s)
- [ ] I have requested a review from the PL, as well as other devs who
have background knowledge on this PR or who will be building on top of
this PR

---------

Co-authored-by: YashK2005 <[email protected]>

Author: matia-lee

.github/workflows/backend-ci.yml

@@ -16,7 +16,7 @@ jobs:
   test:
     runs-on: ubuntu-latest
     env:
-      POSTGRES_DATABASE_URL: postgresql://testuser:testpassword@localhost:5432/llsc_test
+        POSTGRES_TEST_DATABASE_URL: postgresql://testuser:testpassword@localhost:5432/llsc_test
 
     strategy:
       matrix:
@@ -65,13 +65,14 @@ jobs:
     - name: Set up environment variables
       working-directory: ./backend
       run: |
-        echo "POSTGRES_DATABASE_URL=postgresql://testuser:testpassword@localhost:5432/llsc_test" >> .env
+        echo "POSTGRES_TEST_DATABASE_URL=postgresql://testuser:testpassword@localhost:5432/llsc_test" >> .env
         echo "SECRET_KEY=test-secret-key-for-ci" >> .env
         echo "ENVIRONMENT=test" >> .env
         
     - name: Run database migrations
       working-directory: ./backend
       run: |
+        export POSTGRES_DATABASE_URL="$POSTGRES_TEST_DATABASE_URL"
         pdm run alembic upgrade heads
         
     - name: Run linting
@@ -118,7 +119,7 @@ jobs:
     runs-on: ubuntu-latest
     needs: test
     env:
-      POSTGRES_DATABASE_URL: postgresql://testuser:testpassword@localhost:5432/llsc_test
+      POSTGRES_TEST_DATABASE_URL: postgresql://testuser:testpassword@localhost:5432/llsc_test
 
     services:
       postgres:
@@ -155,7 +156,7 @@ jobs:
     - name: Set up environment variables
       working-directory: ./backend
       run: |
-        echo "POSTGRES_DATABASE_URL=postgresql://testuser:testpassword@localhost:5432/llsc_test" >> .env
+        echo "POSTGRES_TEST_DATABASE_URL=postgresql://testuser:testpassword@localhost:5432/llsc_test" >> .env
         echo "SECRET_KEY=test-secret-key-for-ci" >> .env
         echo "ENVIRONMENT=test" >> .env
         echo "TEST_SCRIPT_BACKEND_URL=http://localhost:8000" >> .env
@@ -165,6 +166,7 @@ jobs:
     - name: Run database migrations
       working-directory: ./backend
       run: |
+        export POSTGRES_DATABASE_URL="$POSTGRES_TEST_DATABASE_URL"
         pdm run alembic upgrade heads
         
     - name: Start backend server

backend/app/models/RankingPreference.py

@@ -1,4 +1,4 @@
-from sqlalchemy import Column, ForeignKey, Integer
+from sqlalchemy import CheckConstraint, Column, Enum, ForeignKey, Integer
 from sqlalchemy.dialects.postgresql import UUID
 from sqlalchemy.orm import relationship
 
@@ -9,9 +9,38 @@ class RankingPreference(Base):
     __tablename__ = "ranking_preferences"
 
     user_id = Column(UUID(as_uuid=True), ForeignKey("users.id"), primary_key=True)
-    quality_id = Column(Integer, ForeignKey("qualities.id"), primary_key=True)
-    rank = Column(Integer, nullable=False)  # 1 = most important
+    # patient or caregiver (the counterpart the participant is ranking for)
+    target_role = Column(Enum("patient", "caregiver", name="target_role"), primary_key=True)
 
-    # Relationships
+    # kind of item: quality, treatment, or experience
+    kind = Column(Enum("quality", "treatment", "experience", name="ranking_kind"))
+
+    # one of these will be set based on kind
+    quality_id = Column(Integer, nullable=True)
+    treatment_id = Column(Integer, nullable=True)
+    experience_id = Column(Integer, nullable=True)
+
+    # scope: self or loved_one; always required (including qualities)
+    scope = Column(Enum("self", "loved_one", name="ranking_scope"), nullable=False)
+
+    # rank: 1 is highest
+    rank = Column(Integer, nullable=False, primary_key=True)
+
+    # relationships
     user = relationship("User")
-    quality = relationship("Quality")
+
+    __table_args__ = (
+        # enforce exclusive columns by kind
+        CheckConstraint(
+            "(kind <> 'quality') OR (quality_id IS NOT NULL AND treatment_id IS NULL AND experience_id IS NULL)",
+            name="ck_ranking_pref_quality_fields",
+        ),
+        CheckConstraint(
+            "(kind <> 'treatment') OR (treatment_id IS NOT NULL AND quality_id IS NULL AND experience_id IS NULL)",
+            name="ck_ranking_pref_treatment_fields",
+        ),
+        CheckConstraint(
+            "(kind <> 'experience') OR (experience_id IS NOT NULL AND quality_id IS NULL AND treatment_id IS NULL)",
+            name="ck_ranking_pref_experience_fields",
+        ),
+    )

backend/app/routes/__init__.py

@@ -1,3 +1,13 @@
-from . import auth, availability, intake, match, send_email, suggested_times, test, user
+from . import auth, availability, intake, match, ranking, send_email, suggested_times, test, user
 
-__all__ = ["auth", "availability", "intake", "match", "send_email", "suggested_times", "test", "user"]
+__all__ = [
+    "auth",
+    "availability",
+    "intake",
+    "match",
+    "ranking",
+    "send_email",
+    "suggested_times",
+    "test",
+    "user",
+]

backend/app/routes/auth.py

@@ -1,10 +1,13 @@
 from fastapi import APIRouter, Depends, HTTPException, Request, Response
 from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
+from sqlalchemy.orm import Session
 
+from ..models.User import User
 from ..schemas.auth import AuthResponse, LoginRequest, RefreshRequest, Token
 from ..schemas.user import UserCreateRequest, UserCreateResponse, UserRole
 from ..services.implementations.auth_service import AuthService
 from ..services.implementations.user_service import UserService
+from ..utilities.db_utils import get_db
 from ..utilities.service_utils import get_auth_service, get_user_service
 
 router = APIRouter(prefix="/auth", tags=["auth"])
@@ -96,3 +99,37 @@ async def verify_email(email: str, auth_service: AuthService = Depends(get_auth_
         # Log unexpected errors
         print(f"Unexpected error during email verification for {email}: {str(e)}")
         return Response(status_code=500)
+
+
+@router.get("/me", response_model=UserCreateResponse)
+async def get_current_user(
+    request: Request,
+    credentials: HTTPAuthorizationCredentials = Depends(security),
+    db: Session = Depends(get_db),
+):
+    """Get current authenticated user information including role"""
+    try:
+        # Get user auth_id from request state (set by auth middleware)
+        user_auth_id = request.state.user_id
+        if not user_auth_id:
+            raise HTTPException(status_code=401, detail="Authentication required")
+
+        # Query user from database
+        user = db.query(User).filter(User.auth_id == user_auth_id).first()
+        if not user:
+            raise HTTPException(status_code=404, detail="User not found")
+
+        return UserCreateResponse(
+            id=user.id,
+            first_name=user.first_name,
+            last_name=user.last_name,
+            email=user.email,
+            role_id=user.role_id,
+            auth_id=user.auth_id,
+            approved=user.approved,
+        )
+    except HTTPException:
+        raise
+    except Exception as e:
+        print(f"Error getting current user: {str(e)}")
+        raise HTTPException(status_code=500, detail="Internal server error")

backend/app/routes/ranking.py

@@ -0,0 +1,101 @@
+from typing import List
+
+from fastapi import APIRouter, Depends, HTTPException, Query, Request
+from pydantic import BaseModel, Field
+from sqlalchemy.orm import Session
+
+from app.middleware.auth import has_roles
+from app.schemas.user import UserRole
+from app.services.implementations.ranking_service import RankingService
+from app.utilities.db_utils import get_db
+
+
+class StaticQualityOption(BaseModel):
+    quality_id: int
+    slug: str
+    label: str
+    allowed_scopes: List[str] | None = Field(default=None, description="Optional whitelisted scopes for this quality")
+
+
+class DynamicOption(BaseModel):
+    kind: str  # 'treatment' | 'experience'
+    id: int
+    name: str
+    scope: str  # 'self' | 'loved_one'
+
+
+class RankingOptionsResponse(BaseModel):
+    static_qualities: List[StaticQualityOption]
+    dynamic_options: List[DynamicOption]
+
+
+router = APIRouter(prefix="/ranking", tags=["ranking"])
+
+
+@router.get("/options", response_model=RankingOptionsResponse)
+async def get_ranking_options(
+    request: Request,
+    target: str = Query(..., pattern="^(patient|caregiver)$"),
+    db: Session = Depends(get_db),
+    authorized: bool = has_roles([UserRole.PARTICIPANT, UserRole.ADMIN]),
+) -> RankingOptionsResponse:
+    try:
+        service = RankingService(db)
+        user_auth_id = request.state.user_id
+        options = service.get_options(user_auth_id=user_auth_id, target=target)
+        return RankingOptionsResponse(**options)
+    except HTTPException:
+        raise
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=str(e))
+
+
+class PreferenceItem(BaseModel):
+    kind: str  # 'quality' | 'treatment' | 'experience'
+    id: int
+    scope: str  # 'self' | 'loved_one'
+    rank: int
+
+
+@router.put("/preferences", status_code=204)
+async def put_ranking_preferences(
+    request: Request,
+    target: str = Query(..., pattern="^(patient|caregiver)$"),
+    items: List[PreferenceItem] = [],
+    db: Session = Depends(get_db),
+    authorized: bool = has_roles([UserRole.PARTICIPANT, UserRole.ADMIN]),
+) -> None:
+    try:
+        service = RankingService(db)
+        user_auth_id = request.state.user_id
+        # Convert Pydantic models to dicts
+        payload = [i.model_dump() for i in items]
+        service.save_preferences(user_auth_id=user_auth_id, target=target, items=payload)
+        return None
+    except HTTPException:
+        raise
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=str(e))
+
+
+class CaseResponse(BaseModel):
+    case: str
+    has_blood_cancer: str | None = None
+    caring_for_someone: str | None = None
+
+
+@router.get("/case", response_model=CaseResponse)
+async def get_participant_case(
+    request: Request,
+    db: Session = Depends(get_db),
+    authorized: bool = has_roles([UserRole.PARTICIPANT, UserRole.ADMIN]),
+) -> CaseResponse:
+    try:
+        service = RankingService(db)
+        user_auth_id = request.state.user_id
+        result = service.get_case(user_auth_id)
+        return CaseResponse(**result)
+    except HTTPException:
+        raise
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=str(e))

backend/app/server.py

@@ -8,7 +8,7 @@
 
 from . import models
 from .middleware.auth_middleware import AuthMiddleware
-from .routes import auth, availability, intake, match, send_email, suggested_times, test, user
+from .routes import auth, availability, intake, match, ranking, send_email, suggested_times, test, user
 from .utilities.constants import LOGGER_NAME
 from .utilities.firebase_init import initialize_firebase
 from .utilities.ses.ses_init import ensure_ses_templates
@@ -68,6 +68,7 @@ async def lifespan(_: FastAPI):
 app.include_router(suggested_times.router)
 app.include_router(match.router)
 app.include_router(intake.router)
+app.include_router(ranking.router)
 app.include_router(send_email.router)
 app.include_router(test.router)