279 lines
9.8 KiB
TypeScript
279 lines
9.8 KiB
TypeScript
import { Router } from "@oak/oak";
|
|
import { db } from "../config/database.ts";
|
|
import { authenticateToken, authorize, getCurrentUser } from "../middleware/auth.ts";
|
|
import { sanitizeInput } from "../middleware/security.ts";
|
|
import type { WorkAllocation, CreateWorkAllocationRequest, ContractorRate } from "../types/index.ts";
|
|
|
|
const router = new Router();
|
|
|
|
// Get all work allocations
|
|
router.get("/", authenticateToken, async (ctx) => {
|
|
try {
|
|
const currentUser = getCurrentUser(ctx);
|
|
const params = ctx.request.url.searchParams;
|
|
const employeeId = params.get("employeeId");
|
|
const status = params.get("status");
|
|
const departmentId = params.get("departmentId");
|
|
|
|
let query = `
|
|
SELECT wa.*,
|
|
e.name as employee_name, e.username as employee_username,
|
|
s.name as supervisor_name,
|
|
c.name as contractor_name,
|
|
sd.name as sub_department_name,
|
|
d.name as department_name
|
|
FROM work_allocations wa
|
|
JOIN users e ON wa.employee_id = e.id
|
|
JOIN users s ON wa.supervisor_id = s.id
|
|
JOIN users c ON wa.contractor_id = c.id
|
|
LEFT JOIN sub_departments sd ON wa.sub_department_id = sd.id
|
|
LEFT JOIN departments d ON e.department_id = d.id
|
|
WHERE 1=1
|
|
`;
|
|
const queryParams: unknown[] = [];
|
|
|
|
// Role-based filtering
|
|
if (currentUser.role === "Supervisor") {
|
|
query += " AND wa.supervisor_id = ?";
|
|
queryParams.push(currentUser.id);
|
|
} else if (currentUser.role === "Employee") {
|
|
query += " AND wa.employee_id = ?";
|
|
queryParams.push(currentUser.id);
|
|
} else if (currentUser.role === "Contractor") {
|
|
query += " AND wa.contractor_id = ?";
|
|
queryParams.push(currentUser.id);
|
|
}
|
|
|
|
if (employeeId) {
|
|
query += " AND wa.employee_id = ?";
|
|
queryParams.push(employeeId);
|
|
}
|
|
|
|
if (status) {
|
|
query += " AND wa.status = ?";
|
|
queryParams.push(status);
|
|
}
|
|
|
|
if (departmentId) {
|
|
query += " AND e.department_id = ?";
|
|
queryParams.push(departmentId);
|
|
}
|
|
|
|
query += " ORDER BY wa.assigned_date DESC, wa.created_at DESC";
|
|
|
|
const allocations = await db.query<WorkAllocation[]>(query, queryParams);
|
|
ctx.response.body = allocations;
|
|
} catch (error) {
|
|
console.error("Get work allocations error:", error);
|
|
ctx.response.status = 500;
|
|
ctx.response.body = { error: "Internal server error" };
|
|
}
|
|
});
|
|
|
|
// Get work allocation by ID
|
|
router.get("/:id", authenticateToken, async (ctx) => {
|
|
try {
|
|
const allocationId = ctx.params.id;
|
|
|
|
const allocations = await db.query<WorkAllocation[]>(
|
|
`SELECT wa.*,
|
|
e.name as employee_name, e.username as employee_username,
|
|
s.name as supervisor_name,
|
|
c.name as contractor_name,
|
|
sd.name as sub_department_name,
|
|
d.name as department_name
|
|
FROM work_allocations wa
|
|
JOIN users e ON wa.employee_id = e.id
|
|
JOIN users s ON wa.supervisor_id = s.id
|
|
JOIN users c ON wa.contractor_id = c.id
|
|
LEFT JOIN sub_departments sd ON wa.sub_department_id = sd.id
|
|
LEFT JOIN departments d ON e.department_id = d.id
|
|
WHERE wa.id = ?`,
|
|
[allocationId]
|
|
);
|
|
|
|
if (allocations.length === 0) {
|
|
ctx.response.status = 404;
|
|
ctx.response.body = { error: "Work allocation not found" };
|
|
return;
|
|
}
|
|
|
|
ctx.response.body = allocations[0];
|
|
} catch (error) {
|
|
console.error("Get work allocation error:", error);
|
|
ctx.response.status = 500;
|
|
ctx.response.body = { error: "Internal server error" };
|
|
}
|
|
});
|
|
|
|
// Create work allocation (Supervisor or SuperAdmin)
|
|
router.post("/", authenticateToken, authorize("Supervisor", "SuperAdmin"), async (ctx) => {
|
|
try {
|
|
const currentUser = getCurrentUser(ctx);
|
|
const body = await ctx.request.body.json() as CreateWorkAllocationRequest;
|
|
const { employeeId, contractorId, subDepartmentId, activity, description, assignedDate, rate, units, totalAmount, departmentId } = body;
|
|
|
|
if (!employeeId || !contractorId || !assignedDate) {
|
|
ctx.response.status = 400;
|
|
ctx.response.body = { error: "Missing required fields" };
|
|
return;
|
|
}
|
|
|
|
// Verify employee exists
|
|
let employeeQuery = "SELECT * FROM users WHERE id = ?";
|
|
const employeeParams: unknown[] = [employeeId];
|
|
|
|
if (currentUser.role === "Supervisor") {
|
|
employeeQuery += " AND department_id = ?";
|
|
employeeParams.push(currentUser.departmentId);
|
|
}
|
|
|
|
const employees = await db.query<{ id: number }[]>(employeeQuery, employeeParams);
|
|
|
|
if (employees.length === 0) {
|
|
ctx.response.status = 403;
|
|
ctx.response.body = { error: "Employee not found or not in your department" };
|
|
return;
|
|
}
|
|
|
|
// Use provided rate or get contractor's current rate
|
|
let finalRate = rate;
|
|
if (!finalRate) {
|
|
const rates = await db.query<ContractorRate[]>(
|
|
"SELECT rate FROM contractor_rates WHERE contractor_id = ? ORDER BY effective_date DESC LIMIT 1",
|
|
[contractorId]
|
|
);
|
|
finalRate = rates.length > 0 ? rates[0].rate : null;
|
|
}
|
|
|
|
const sanitizedActivity = activity ? sanitizeInput(activity) : null;
|
|
const sanitizedDescription = description ? sanitizeInput(description) : null;
|
|
|
|
const result = await db.execute(
|
|
`INSERT INTO work_allocations
|
|
(employee_id, supervisor_id, contractor_id, sub_department_id, activity, description, assigned_date, rate, units, total_amount)
|
|
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
|
|
[employeeId, currentUser.id, contractorId, subDepartmentId || null, sanitizedActivity, sanitizedDescription, assignedDate, finalRate, units || null, totalAmount || null]
|
|
);
|
|
|
|
const newAllocation = await db.query<WorkAllocation[]>(
|
|
`SELECT wa.*,
|
|
e.name as employee_name, e.username as employee_username,
|
|
s.name as supervisor_name,
|
|
c.name as contractor_name,
|
|
sd.name as sub_department_name,
|
|
d.name as department_name
|
|
FROM work_allocations wa
|
|
JOIN users e ON wa.employee_id = e.id
|
|
JOIN users s ON wa.supervisor_id = s.id
|
|
JOIN users c ON wa.contractor_id = c.id
|
|
LEFT JOIN sub_departments sd ON wa.sub_department_id = sd.id
|
|
LEFT JOIN departments d ON e.department_id = d.id
|
|
WHERE wa.id = ?`,
|
|
[result.insertId]
|
|
);
|
|
|
|
ctx.response.status = 201;
|
|
ctx.response.body = newAllocation[0];
|
|
} catch (error) {
|
|
console.error("Create work allocation error:", error);
|
|
ctx.response.status = 500;
|
|
ctx.response.body = { error: "Internal server error" };
|
|
}
|
|
});
|
|
|
|
// Update work allocation status (Supervisor or SuperAdmin)
|
|
router.put("/:id/status", authenticateToken, authorize("Supervisor", "SuperAdmin"), async (ctx) => {
|
|
try {
|
|
const currentUser = getCurrentUser(ctx);
|
|
const allocationId = ctx.params.id;
|
|
const body = await ctx.request.body.json() as { status: string; completionDate?: string };
|
|
const { status, completionDate } = body;
|
|
|
|
if (!status) {
|
|
ctx.response.status = 400;
|
|
ctx.response.body = { error: "Status required" };
|
|
return;
|
|
}
|
|
|
|
// Verify allocation exists and user has access
|
|
let query = "SELECT * FROM work_allocations WHERE id = ?";
|
|
const params: unknown[] = [allocationId];
|
|
|
|
if (currentUser.role === "Supervisor") {
|
|
query += " AND supervisor_id = ?";
|
|
params.push(currentUser.id);
|
|
}
|
|
|
|
const allocations = await db.query<WorkAllocation[]>(query, params);
|
|
|
|
if (allocations.length === 0) {
|
|
ctx.response.status = 403;
|
|
ctx.response.body = { error: "Work allocation not found or access denied" };
|
|
return;
|
|
}
|
|
|
|
await db.execute(
|
|
"UPDATE work_allocations SET status = ?, completion_date = ? WHERE id = ?",
|
|
[status, completionDate || null, allocationId]
|
|
);
|
|
|
|
const updatedAllocation = await db.query<WorkAllocation[]>(
|
|
`SELECT wa.*,
|
|
e.name as employee_name, e.username as employee_username,
|
|
s.name as supervisor_name,
|
|
c.name as contractor_name,
|
|
sd.name as sub_department_name,
|
|
d.name as department_name
|
|
FROM work_allocations wa
|
|
JOIN users e ON wa.employee_id = e.id
|
|
JOIN users s ON wa.supervisor_id = s.id
|
|
JOIN users c ON wa.contractor_id = c.id
|
|
LEFT JOIN sub_departments sd ON wa.sub_department_id = sd.id
|
|
LEFT JOIN departments d ON e.department_id = d.id
|
|
WHERE wa.id = ?`,
|
|
[allocationId]
|
|
);
|
|
|
|
ctx.response.body = updatedAllocation[0];
|
|
} catch (error) {
|
|
console.error("Update work allocation error:", error);
|
|
ctx.response.status = 500;
|
|
ctx.response.body = { error: "Internal server error" };
|
|
}
|
|
});
|
|
|
|
// Delete work allocation (Supervisor or SuperAdmin)
|
|
router.delete("/:id", authenticateToken, authorize("Supervisor", "SuperAdmin"), async (ctx) => {
|
|
try {
|
|
const currentUser = getCurrentUser(ctx);
|
|
const allocationId = ctx.params.id;
|
|
|
|
// Verify allocation exists and user has access
|
|
let query = "SELECT * FROM work_allocations WHERE id = ?";
|
|
const params: unknown[] = [allocationId];
|
|
|
|
if (currentUser.role === "Supervisor") {
|
|
query += " AND supervisor_id = ?";
|
|
params.push(currentUser.id);
|
|
}
|
|
|
|
const allocations = await db.query<WorkAllocation[]>(query, params);
|
|
|
|
if (allocations.length === 0) {
|
|
ctx.response.status = 403;
|
|
ctx.response.body = { error: "Work allocation not found or access denied" };
|
|
return;
|
|
}
|
|
|
|
await db.execute("DELETE FROM work_allocations WHERE id = ?", [allocationId]);
|
|
ctx.response.body = { message: "Work allocation deleted successfully" };
|
|
} catch (error) {
|
|
console.error("Delete work allocation error:", error);
|
|
ctx.response.status = 500;
|
|
ctx.response.body = { error: "Internal server error" };
|
|
}
|
|
});
|
|
|
|
export default router;
|