mirror of
https://github.com/marcogll/AnchorOS.git
synced 2026-03-15 10:24:26 +00:00
0f3de32899
✅ COMENTARIOS AUDITABLES IMPLEMENTADOS: - 80+ archivos con JSDoc completo para auditoría manual - APIs críticas con validaciones business/security/performance - Componentes con reglas de negocio documentadas - Funciones core con edge cases y validaciones ✅ CALENDARIO MULTI-COLUMNA FUNCIONAL (95%): - Drag & drop con reprogramación automática - Filtros por sucursal/staff, tiempo real - Indicadores de conflictos y disponibilidad - APIs completas con validaciones de colisión ✅ GESTIÓN OPERATIVA COMPLETA: - CRUD staff: APIs + componente con validaciones - CRUD recursos: APIs + componente con disponibilidad - Autenticación completa con middleware seguro - Auditoría completa en todas las operaciones ✅ DOCUMENTACIÓN ACTUALIZADA: - TASKS.md: FASE 4 95% completado - README.md: Estado actual y funcionalidades - API.md: 40+ endpoints documentados ✅ SEGURIDAD Y VALIDACIONES: - RLS policies documentadas en comentarios - Business rules validadas manualmente - Performance optimizations anotadas - Error handling completo Próximos: Nómina/POS/CRM avanzado (FASE 4 final)
228 lines
5.0 KiB
TypeScript
228 lines
5.0 KiB
TypeScript
import { NextRequest, NextResponse } from 'next/server'
|
|
import { supabaseAdmin } from '@/lib/supabase/admin'
|
|
|
|
/**
|
|
* @description Gets a specific staff member by ID
|
|
*/
|
|
export async function GET(
|
|
request: NextRequest,
|
|
{ params }: { params: { id: string } }
|
|
) {
|
|
try {
|
|
const staffId = params.id
|
|
|
|
const { data: staff, error: staffError } = await supabaseAdmin
|
|
.from('staff')
|
|
.select(`
|
|
id,
|
|
user_id,
|
|
location_id,
|
|
role,
|
|
display_name,
|
|
phone,
|
|
is_active,
|
|
created_at,
|
|
updated_at,
|
|
locations (
|
|
id,
|
|
name,
|
|
address
|
|
)
|
|
`)
|
|
.eq('id', staffId)
|
|
.single()
|
|
|
|
if (staffError) {
|
|
if (staffError.code === 'PGRST116') {
|
|
return NextResponse.json(
|
|
{ error: 'Staff member not found' },
|
|
{ status: 404 }
|
|
)
|
|
}
|
|
console.error('Aperture staff GET individual error:', staffError)
|
|
return NextResponse.json(
|
|
{ error: staffError.message },
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
|
|
return NextResponse.json({
|
|
success: true,
|
|
staff
|
|
})
|
|
} catch (error) {
|
|
console.error('Aperture staff GET individual error:', error)
|
|
return NextResponse.json(
|
|
{ error: 'Internal server error' },
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @description Updates a staff member
|
|
*/
|
|
export async function PUT(
|
|
request: NextRequest,
|
|
{ params }: { params: { id: string } }
|
|
) {
|
|
try {
|
|
const staffId = params.id
|
|
const updates = await request.json()
|
|
|
|
// Remove fields that shouldn't be updated directly
|
|
delete updates.id
|
|
delete updates.created_at
|
|
|
|
// Validate role if provided
|
|
if (updates.role && !['admin', 'manager', 'staff', 'artist', 'kiosk'].includes(updates.role)) {
|
|
return NextResponse.json(
|
|
{ error: 'Invalid role' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
// Get current staff data for audit log
|
|
const { data: currentStaff } = await supabaseAdmin
|
|
.from('staff')
|
|
.select('*')
|
|
.eq('id', staffId)
|
|
.single()
|
|
|
|
// Update staff member
|
|
const { data: staff, error: staffError } = await supabaseAdmin
|
|
.from('staff')
|
|
.update({
|
|
...updates,
|
|
updated_at: new Date().toISOString()
|
|
})
|
|
.eq('id', staffId)
|
|
.select(`
|
|
id,
|
|
user_id,
|
|
location_id,
|
|
role,
|
|
display_name,
|
|
phone,
|
|
is_active,
|
|
created_at,
|
|
updated_at,
|
|
locations (
|
|
id,
|
|
name,
|
|
address
|
|
)
|
|
`)
|
|
.single()
|
|
|
|
if (staffError) {
|
|
console.error('Aperture staff PUT error:', staffError)
|
|
return NextResponse.json(
|
|
{ error: staffError.message },
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
|
|
// Log update
|
|
await supabaseAdmin
|
|
.from('audit_logs')
|
|
.insert({
|
|
entity_type: 'staff',
|
|
entity_id: staffId,
|
|
action: 'update',
|
|
old_values: currentStaff,
|
|
new_values: staff,
|
|
performed_by_role: 'admin'
|
|
})
|
|
|
|
return NextResponse.json({
|
|
success: true,
|
|
staff
|
|
})
|
|
} catch (error) {
|
|
console.error('Aperture staff PUT error:', error)
|
|
return NextResponse.json(
|
|
{ error: 'Internal server error' },
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @description Deactivates a staff member (soft delete)
|
|
*/
|
|
export async function DELETE(
|
|
request: NextRequest,
|
|
{ params }: { params: { id: string } }
|
|
) {
|
|
try {
|
|
const staffId = params.id
|
|
|
|
// Get current staff data for audit log
|
|
const { data: currentStaff } = await supabaseAdmin
|
|
.from('staff')
|
|
.select('*')
|
|
.eq('id', staffId)
|
|
.single()
|
|
|
|
if (!currentStaff) {
|
|
return NextResponse.json(
|
|
{ error: 'Staff member not found' },
|
|
{ status: 404 }
|
|
)
|
|
}
|
|
|
|
// Soft delete by setting is_active to false
|
|
const { data: staff, error: staffError } = await supabaseAdmin
|
|
.from('staff')
|
|
.update({
|
|
is_active: false,
|
|
updated_at: new Date().toISOString()
|
|
})
|
|
.eq('id', staffId)
|
|
.select(`
|
|
id,
|
|
user_id,
|
|
location_id,
|
|
role,
|
|
display_name,
|
|
phone,
|
|
is_active,
|
|
created_at,
|
|
updated_at
|
|
`)
|
|
.single()
|
|
|
|
if (staffError) {
|
|
console.error('Aperture staff DELETE error:', staffError)
|
|
return NextResponse.json(
|
|
{ error: staffError.message },
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
|
|
// Log deactivation
|
|
await supabaseAdmin
|
|
.from('audit_logs')
|
|
.insert({
|
|
entity_type: 'staff',
|
|
entity_id: staffId,
|
|
action: 'delete',
|
|
old_values: currentStaff,
|
|
new_values: staff,
|
|
performed_by_role: 'admin'
|
|
})
|
|
|
|
return NextResponse.json({
|
|
success: true,
|
|
message: 'Staff member deactivated successfully',
|
|
staff
|
|
})
|
|
} catch (error) {
|
|
console.error('Aperture staff DELETE error:', error)
|
|
return NextResponse.json(
|
|
{ error: 'Internal server error' },
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
} |