mirror of
https://github.com/marcogll/AnchorOS.git
synced 2026-03-15 16:24:30 +00:00
feat: Add kiosk management, artist selection, and schedule management
- Add KiosksManagement component with full CRUD for kiosks - Add ScheduleManagement for staff schedules with break reminders - Update booking flow to allow artist selection by customers - Add staff_services API for assigning services to artists - Update staff management UI with service assignment dialog - Add auto-break reminder when schedule >= 8 hours - Update availability API to filter artists by service - Add kiosk management to Aperture dashboard - Clean up ralphy artifacts and logs
This commit is contained in:
Marco Gallegos
@@ -2,9 +2,18 @@ import { NextRequest, NextResponse } from 'next/server'
|
||||
import { supabaseAdmin } from '@/lib/supabase/admin'
|
||||
|
||||
/**
|
||||
* @description Add technical note to client
|
||||
* @param {NextRequest} request - Body with note content
|
||||
* @returns {NextResponse} Updated customer with notes
|
||||
* @description Adds a new technical note to the client's profile with timestamp
|
||||
* @param {NextRequest} request - HTTP request containing note text in request body
|
||||
* @param {Object} params - Route parameters containing the client UUID
|
||||
* @param {string} params.clientId - The UUID of the client to add note to
|
||||
* @returns {NextResponse} JSON with success status and updated client data including new note
|
||||
* @example POST /api/aperture/clients/123e4567-e89b-12d3-a456-426614174000/notes { note: "Allergic to latex products" }
|
||||
* @audit BUSINESS RULE: Notes are appended to existing technical_notes with ISO timestamp prefix
|
||||
* @audit BUSINESS RULE: Technical notes used for service customization and allergy tracking
|
||||
* @audit SECURITY: Requires authenticated admin/manager/staff role via RLS policies
|
||||
* @audit Validate: Ensures note content is provided and client exists
|
||||
* @audit AUDIT: Note additions logged as 'technical_note_added' action in audit_logs
|
||||
* @audit PERFORMANCE: Single append operation on technical_notes field
|
||||
*/
|
||||
export async function POST(
|
||||
request: NextRequest,
|
||||
|
||||
@@ -2,9 +2,18 @@ import { NextRequest, NextResponse } from 'next/server'
|
||||
import { supabaseAdmin } from '@/lib/supabase/admin'
|
||||
|
||||
/**
|
||||
* @description Get client photo gallery (VIP/Black/Gold only)
|
||||
* @param {NextRequest} request - URL params: clientId in path
|
||||
* @returns {NextResponse} Client photos with metadata
|
||||
* @description Retrieves client photo gallery for premium tier clients (Gold/Black/VIP only)
|
||||
* @param {NextRequest} request - HTTP request (no body required)
|
||||
* @param {Object} params - Route parameters containing the client UUID
|
||||
* @param {string} params.clientId - The UUID of the client to get photos for
|
||||
* @returns {NextResponse} JSON with success status and array of photo records with creator info
|
||||
* @example GET /api/aperture/clients/123e4567-e89b-12d3-a456-426614174000/photos
|
||||
* @audit BUSINESS RULE: Photo access restricted to Gold, Black, and VIP tiers only
|
||||
* @audit BUSINESS RULE: Returns only active photos (is_active = true) ordered by taken date descending
|
||||
* @audit SECURITY: Validates client tier before allowing photo access
|
||||
* @audit Validate: Returns 403 if client tier does not have photo gallery access
|
||||
* @audit PERFORMANCE: Single query fetches photos with creator user info
|
||||
* @audit AUDIT: Photo gallery access logged for privacy compliance
|
||||
*/
|
||||
export async function GET(
|
||||
request: NextRequest,
|
||||
@@ -69,9 +78,18 @@ export async function GET(
|
||||
}
|
||||
|
||||
/**
|
||||
* @description Upload photo to client gallery (VIP/Black/Gold only)
|
||||
* @param {NextRequest} request - Body with photo data
|
||||
* @returns {NextResponse} Uploaded photo metadata
|
||||
* @description Uploads a new photo to the client's gallery (Gold/Black/VIP tiers only)
|
||||
* @param {NextRequest} request - HTTP request containing storage_path and optional description
|
||||
* @param {Object} params - Route parameters containing the client UUID
|
||||
* @param {string} params.clientId - The UUID of the client to upload photo for
|
||||
* @returns {NextResponse} JSON with success status and created photo record metadata
|
||||
* @example POST /api/aperture/clients/123e4567-e89b-12d3-a456-426614174000/photos { storage_path: "photos/client-id/photo.jpg", description: "Before nail art" }
|
||||
* @audit BUSINESS RULE: Photo storage path must reference Supabase Storage bucket
|
||||
* @audit BUSINESS RULE: Only Gold/Black/VIP tier clients can have photos in gallery
|
||||
* @audit SECURITY: Validates client tier before allowing photo upload
|
||||
* @audit Validate: Ensures storage_path is provided (required for photo reference)
|
||||
* @audit AUDIT: Photo uploads logged as 'upload' action in audit_logs
|
||||
* @audit PERFORMANCE: Single insert with automatic creator tracking
|
||||
*/
|
||||
export async function POST(
|
||||
request: NextRequest,
|
||||
|
||||
@@ -2,9 +2,18 @@ import { NextRequest, NextResponse } from 'next/server'
|
||||
import { supabaseAdmin } from '@/lib/supabase/admin'
|
||||
|
||||
/**
|
||||
* @description Get specific client details with full history
|
||||
* @param {NextRequest} request - URL params: clientId in path
|
||||
* @returns {NextResponse} Client details with bookings, loyalty, photos
|
||||
* @description Retrieves detailed client profile including personal info, booking history, loyalty transactions, photos, and subscription status
|
||||
* @param {NextRequest} request - HTTP request (no body required)
|
||||
* @param {Object} params - Route parameters containing the client UUID
|
||||
* @param {string} params.clientId - The UUID of the client to retrieve
|
||||
* @returns {NextResponse} JSON with success status and comprehensive client data
|
||||
* @example GET /api/aperture/clients/123e4567-e89b-12d3-a456-426614174000
|
||||
* @audit BUSINESS RULE: Photo access restricted to Gold/Black/VIP tiers only
|
||||
* @audit BUSINESS RULE: Returns up to 20 recent bookings, 10 recent loyalty transactions
|
||||
* @audit SECURITY: Requires authenticated admin/manager role via RLS policies
|
||||
* @audit Validate: Ensures client exists before fetching related data
|
||||
* @audit PERFORMANCE: Uses Promise.all for parallel fetching of bookings, loyalty, photos, subscription
|
||||
* @audit AUDIT: Client profile access logged for customer service tracking
|
||||
*/
|
||||
export async function GET(
|
||||
request: NextRequest,
|
||||
@@ -105,9 +114,17 @@ export async function GET(
|
||||
}
|
||||
|
||||
/**
|
||||
* @description Update client information
|
||||
* @param {NextRequest} request - Body with updated client data
|
||||
* @returns {NextResponse} Updated client data
|
||||
* @description Updates client profile information with audit trail logging
|
||||
* @param {NextRequest} request - HTTP request containing updated client fields in request body
|
||||
* @param {Object} params - Route parameters containing the client UUID
|
||||
* @param {string} params.clientId - The UUID of the client to update
|
||||
* @returns {NextResponse} JSON with success status and updated client data
|
||||
* @example PUT /api/aperture/clients/123e4567-e89b-12d3-a456-426614174000 { first_name: "Ana María", phone: "+528441234567" }
|
||||
* @audit BUSINESS RULE: Updates client fields with automatic updated_at timestamp
|
||||
* @audit SECURITY: Requires authenticated admin/manager role via RLS policies
|
||||
* @audit Validate: Ensures client exists before attempting update
|
||||
* @audit AUDIT: All client updates logged in audit_logs with old and new values
|
||||
* @audit PERFORMANCE: Single update query with returning clause
|
||||
*/
|
||||
export async function PUT(
|
||||
request: NextRequest,
|
||||
|
||||
Reference in New Issue
Block a user