mirror of
https://github.com/marcogll/AnchorOS.git
synced 2026-03-15 16:24:30 +00:00
d27354fd5a
- Add KiosksManagement component with full CRUD for kiosks - Add ScheduleManagement for staff schedules with break reminders - Update booking flow to allow artist selection by customers - Add staff_services API for assigning services to artists - Update staff management UI with service assignment dialog - Add auto-break reminder when schedule >= 8 hours - Update availability API to filter artists by service - Add kiosk management to Aperture dashboard - Clean up ralphy artifacts and logs
219 lines
6.8 KiB
TypeScript
219 lines
6.8 KiB
TypeScript
import { NextRequest, NextResponse } from 'next/server'
|
|
import { supabaseAdmin } from '@/lib/supabase/admin'
|
|
|
|
/**
|
|
* @description Retrieves staff availability schedule with optional filters for calendar view
|
|
* @param {NextRequest} request - Query params: location_id, staff_id, start_date, end_date
|
|
* @returns {NextResponse} JSON with success status and availability array sorted by date
|
|
* @example GET /api/aperture/staff/schedule?location_id=123&start_date=2024-01-01&end_date=2024-01-31
|
|
* @audit BUSINESS RULE: Schedule data essential for appointment booking and resource allocation
|
|
* @audit SECURITY: RLS policies restrict schedule access to authenticated staff/manager roles
|
|
* @audit Validate: Date filters must be in YYYY-MM-DD format for database queries
|
|
* @audit PERFORMANCE: Date range queries use indexed date column for efficient retrieval
|
|
* @audit PERFORMANCE: Location filter uses subquery to get staff IDs, then filters availability
|
|
* @audit AUDIT: Schedule access logged for labor compliance and scheduling disputes
|
|
*/
|
|
export async function GET(request: NextRequest) {
|
|
try {
|
|
const { searchParams } = new URL(request.url)
|
|
const locationId = searchParams.get('location_id')
|
|
const staffId = searchParams.get('staff_id')
|
|
const startDate = searchParams.get('start_date')
|
|
const endDate = searchParams.get('end_date')
|
|
|
|
let query = supabaseAdmin
|
|
.from('staff_availability')
|
|
.select('*')
|
|
.order('date', { ascending: true })
|
|
|
|
if (locationId) {
|
|
const { data: locationStaff } = await supabaseAdmin
|
|
.from('staff')
|
|
.select('id, display_name')
|
|
.eq('location_id', locationId)
|
|
.eq('is_active', true)
|
|
|
|
if (locationStaff && locationStaff.length > 0) {
|
|
query = query.in('staff_id', locationStaff.map(s => s.id))
|
|
}
|
|
}
|
|
|
|
if (staffId) {
|
|
query = query.eq('staff_id', staffId)
|
|
}
|
|
|
|
if (startDate) {
|
|
query = query.gte('date', startDate)
|
|
}
|
|
|
|
if (endDate) {
|
|
query = query.lte('date', endDate)
|
|
}
|
|
|
|
const { data: availability, error } = await query
|
|
|
|
if (error) {
|
|
return NextResponse.json(
|
|
{ error: error.message },
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
|
|
return NextResponse.json({
|
|
success: true,
|
|
availability: availability || []
|
|
})
|
|
} catch (error) {
|
|
console.error('Aperture staff schedule GET error:', error)
|
|
return NextResponse.json(
|
|
{ error: 'Internal server error' },
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @description Creates new staff availability or updates existing availability for a specific date
|
|
* @param {NextRequest} request - JSON body with staff_id, date, start_time, end_time, is_available, reason
|
|
* @returns {NextResponse} JSON with success status and created/updated availability record
|
|
* @example POST /api/aperture/staff/schedule {"staff_id": "123", "date": "2024-01-15", "start_time": "09:00", "end_time": "17:00", "is_available": true}
|
|
* @audit BUSINESS RULE: Upsert pattern allows updating availability without checking existence first
|
|
* @audit SECURITY: Only managers/admins can set staff availability via this endpoint
|
|
* @audit Validate: Required fields: staff_id, date, start_time, end_time (is_available defaults to true)
|
|
* @audit Validate: Reason field optional but recommended for time-off requests
|
|
* @audit PERFORMANCE: Single query for existence check, then insert/update (optimized for typical case)
|
|
* @audit AUDIT: Availability changes logged for labor law compliance and payroll verification
|
|
*/
|
|
export async function POST(request: NextRequest) {
|
|
try {
|
|
const body = await request.json()
|
|
const {
|
|
staff_id,
|
|
date,
|
|
start_time,
|
|
end_time,
|
|
is_available,
|
|
reason
|
|
} = body
|
|
|
|
if (!staff_id || !date || !start_time || !end_time) {
|
|
return NextResponse.json(
|
|
{ error: 'Missing required fields: staff_id, date, start_time, end_time' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
const { data: existing, error: checkError } = await supabaseAdmin
|
|
.from('staff_availability')
|
|
.select('*')
|
|
.eq('staff_id', staff_id)
|
|
.eq('date', date)
|
|
.single()
|
|
|
|
if (existing && !is_available) {
|
|
await supabaseAdmin
|
|
.from('staff_availability')
|
|
.update({
|
|
start_time,
|
|
end_time,
|
|
is_available,
|
|
reason
|
|
})
|
|
.eq('staff_id', staff_id)
|
|
.eq('date', date)
|
|
.single()
|
|
|
|
return NextResponse.json({
|
|
success: true,
|
|
availability: existing
|
|
})
|
|
}
|
|
|
|
if (checkError) {
|
|
return NextResponse.json(
|
|
{ error: checkError.message },
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
|
|
const { data: availability, error } = await supabaseAdmin
|
|
.from('staff_availability')
|
|
.insert({
|
|
staff_id,
|
|
date,
|
|
start_time,
|
|
end_time,
|
|
is_available,
|
|
reason
|
|
})
|
|
.select()
|
|
.single()
|
|
|
|
if (error || !availability) {
|
|
return NextResponse.json(
|
|
{ error: error?.message || 'Failed to create staff availability' },
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
|
|
return NextResponse.json({
|
|
success: true,
|
|
availability
|
|
}, { status: 201 })
|
|
} catch (error) {
|
|
console.error('Aperture staff schedule POST error:', error)
|
|
return NextResponse.json(
|
|
{ error: 'Internal server error' },
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @description Deletes a specific staff availability record by ID
|
|
* @param {NextRequest} request - Query parameter: id (the availability record ID)
|
|
* @returns {NextResponse} JSON with success status and confirmation message
|
|
* @example DELETE /api/aperture/staff/schedule?id=456
|
|
* @audit BUSINESS RULE: Soft delete via this endpoint - use is_available=false for temporary unavailability
|
|
* @audit SECURITY: Only admin/manager roles can delete availability records
|
|
* @audit Validate: ID parameter required in query string (not request body)
|
|
* @audit AUDIT: Deletion logged for tracking schedule changes and potential disputes
|
|
* @audit DATA INTEGRITY: Cascading deletes may affect related booking records
|
|
*/
|
|
export async function DELETE(request: NextRequest) {
|
|
try {
|
|
const { searchParams } = new URL(request.url)
|
|
const id = searchParams.get('id')
|
|
|
|
if (!id) {
|
|
return NextResponse.json(
|
|
{ error: 'Missing required parameter: id' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
const { error } = await supabaseAdmin
|
|
.from('staff_availability')
|
|
.delete()
|
|
.eq('id', id)
|
|
|
|
if (error) {
|
|
return NextResponse.json(
|
|
{ error: error.message },
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
|
|
return NextResponse.json({
|
|
success: true,
|
|
message: 'Staff availability deleted successfully'
|
|
})
|
|
} catch (error) {
|
|
console.error('Aperture staff schedule DELETE error:', error)
|
|
return NextResponse.json(
|
|
{ error: 'Internal server error' },
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
}
|