mirror of
https://github.com/marcogll/AnchorOS.git
synced 2026-03-15 21:24:35 +00:00
0f3de32899
✅ COMENTARIOS AUDITABLES IMPLEMENTADOS: - 80+ archivos con JSDoc completo para auditoría manual - APIs críticas con validaciones business/security/performance - Componentes con reglas de negocio documentadas - Funciones core con edge cases y validaciones ✅ CALENDARIO MULTI-COLUMNA FUNCIONAL (95%): - Drag & drop con reprogramación automática - Filtros por sucursal/staff, tiempo real - Indicadores de conflictos y disponibilidad - APIs completas con validaciones de colisión ✅ GESTIÓN OPERATIVA COMPLETA: - CRUD staff: APIs + componente con validaciones - CRUD recursos: APIs + componente con disponibilidad - Autenticación completa con middleware seguro - Auditoría completa en todas las operaciones ✅ DOCUMENTACIÓN ACTUALIZADA: - TASKS.md: FASE 4 95% completado - README.md: Estado actual y funcionalidades - API.md: 40+ endpoints documentados ✅ SEGURIDAD Y VALIDACIONES: - RLS policies documentadas en comentarios - Business rules validadas manualmente - Performance optimizations anotadas - Error handling completo Próximos: Nómina/POS/CRM avanzado (FASE 4 final)
204 lines
6.0 KiB
TypeScript
204 lines
6.0 KiB
TypeScript
import { NextRequest, NextResponse } from 'next/server'
|
|
import { supabaseAdmin } from '@/lib/supabase/admin'
|
|
|
|
/**
|
|
* @description Get resources list with real-time availability for Aperture dashboard
|
|
* @param {NextRequest} request - Query params: location_id, type, is_active, include_availability
|
|
* @returns {NextResponse} JSON with resources array including current booking status
|
|
* @example GET /api/aperture/resources?location_id=123&include_availability=true
|
|
* @audit BUSINESS RULE: Resources filtered by location for operational efficiency
|
|
* @audit SECURITY: RLS policies restrict resource access by staff location
|
|
* @audit PERFORMANCE: Real-time availability calculated per resource (may impact performance)
|
|
* @audit Validate: include_availability=true adds currently_booked and available_capacity fields
|
|
* @audit Validate: Only active resources returned unless is_active filter specified
|
|
*/
|
|
export async function GET(request: NextRequest) {
|
|
try {
|
|
const { searchParams } = new URL(request.url)
|
|
const locationId = searchParams.get('location_id')
|
|
const type = searchParams.get('type')
|
|
const isActive = searchParams.get('is_active')
|
|
const includeAvailability = searchParams.get('include_availability') === 'true'
|
|
|
|
let query = supabaseAdmin
|
|
.from('resources')
|
|
.select(`
|
|
id,
|
|
location_id,
|
|
name,
|
|
type,
|
|
capacity,
|
|
is_active,
|
|
created_at,
|
|
updated_at,
|
|
locations (
|
|
id,
|
|
name,
|
|
address
|
|
)
|
|
`)
|
|
.order('type', { ascending: true })
|
|
.order('name', { ascending: true })
|
|
|
|
// Apply filters
|
|
if (locationId) {
|
|
query = query.eq('location_id', locationId)
|
|
}
|
|
if (type) {
|
|
query = query.eq('type', type)
|
|
}
|
|
if (isActive !== null) {
|
|
query = query.eq('is_active', isActive === 'true')
|
|
}
|
|
|
|
const { data: resources, error } = await query
|
|
|
|
if (error) {
|
|
console.error('Resources GET error:', error)
|
|
return NextResponse.json(
|
|
{ error: error.message },
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
|
|
// If availability is requested, check current usage
|
|
if (includeAvailability && resources) {
|
|
const now = new Date()
|
|
const currentHour = now.getHours()
|
|
|
|
for (const resource of resources) {
|
|
// Check if resource is currently booked
|
|
const { data: currentBookings } = await supabaseAdmin
|
|
.from('bookings')
|
|
.select('id')
|
|
.eq('resource_id', resource.id)
|
|
.eq('status', 'confirmed')
|
|
.lte('start_time_utc', now.toISOString())
|
|
.gte('end_time_utc', now.toISOString())
|
|
|
|
const isCurrentlyBooked = currentBookings && currentBookings.length > 0
|
|
const bookedCount = currentBookings?.length || 0
|
|
|
|
;(resource as any).currently_booked = isCurrentlyBooked
|
|
;(resource as any).available_capacity = Math.max(0, resource.capacity - bookedCount)
|
|
}
|
|
}
|
|
|
|
return NextResponse.json({
|
|
success: true,
|
|
resources: resources || []
|
|
})
|
|
} catch (error) {
|
|
console.error('Resources GET error:', error)
|
|
return NextResponse.json(
|
|
{ error: 'Internal server error' },
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @description Create a new resource with capacity and type validation
|
|
* @param {NextRequest} request - JSON body with location_id, name, type, capacity
|
|
* @returns {NextResponse} JSON with created resource data
|
|
* @example POST /api/aperture/resources {"location_id": "123", "name": "mani-01", "type": "station", "capacity": 1}
|
|
* @audit BUSINESS RULE: Resource capacity must be positive integer for scheduling logic
|
|
* @audit SECURITY: Resource creation restricted to admin users only
|
|
* @audit Validate: Type must be one of: station, room, equipment
|
|
* @audit Validate: Location must exist and be active before resource creation
|
|
* @audit AUDIT: Resource creation logged in audit_logs with full new_values
|
|
* @audit DATA INTEGRITY: Foreign key ensures location_id validity
|
|
*/
|
|
export async function POST(request: NextRequest) {
|
|
try {
|
|
const body = await request.json()
|
|
const { location_id, name, type, capacity } = body
|
|
|
|
if (!location_id || !name || !type) {
|
|
return NextResponse.json(
|
|
{ error: 'Missing required fields: location_id, name, type' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
// Validate type
|
|
if (!['station', 'room', 'equipment'].includes(type)) {
|
|
return NextResponse.json(
|
|
{ error: 'Invalid type. Must be: station, room, or equipment' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
// Check if location exists
|
|
const { data: location } = await supabaseAdmin
|
|
.from('locations')
|
|
.select('id')
|
|
.eq('id', location_id)
|
|
.single()
|
|
|
|
if (!location) {
|
|
return NextResponse.json(
|
|
{ error: 'Invalid location_id' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
// Create resource
|
|
const { data: resource, error: resourceError } = await supabaseAdmin
|
|
.from('resources')
|
|
.insert({
|
|
location_id,
|
|
name,
|
|
type,
|
|
capacity: capacity || 1,
|
|
is_active: true
|
|
})
|
|
.select(`
|
|
id,
|
|
location_id,
|
|
name,
|
|
type,
|
|
capacity,
|
|
is_active,
|
|
created_at,
|
|
updated_at,
|
|
locations (
|
|
id,
|
|
name,
|
|
address
|
|
)
|
|
`)
|
|
.single()
|
|
|
|
if (resourceError) {
|
|
console.error('Resources POST error:', resourceError)
|
|
return NextResponse.json(
|
|
{ error: resourceError.message },
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
|
|
// Log creation
|
|
await supabaseAdmin
|
|
.from('audit_logs')
|
|
.insert({
|
|
entity_type: 'resource',
|
|
entity_id: resource.id,
|
|
action: 'create',
|
|
new_values: resource,
|
|
performed_by_role: 'admin'
|
|
})
|
|
|
|
return NextResponse.json({
|
|
success: true,
|
|
resource
|
|
})
|
|
} catch (error) {
|
|
console.error('Resources POST error:', error)
|
|
return NextResponse.json(
|
|
{ error: 'Internal server error' },
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
}
|