zanewalker/EmployeeManagementSystem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

(Feat-Fix): New Activity Creation system, fixed activities being hardcoded and not displaying properly in the dropdown, added dynamic subdepartment activity fetching.

Browse Source
This commit is contained in:
Zane Walker
2025-12-18 09:30:44 +00:00
parent ac29bb2882
commit 2a38cf372a
8 changed files with 698 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
backend-deno/routes/activities.ts
View File

@@ -1,6 +1,6 @@
import { Router } from "@oak/oak";
import { db } from "../config/database.ts";
import { authenticateToken } from "../middleware/auth.ts";
import { authenticateToken, getCurrentUser } from "../middleware/auth.ts";
const router = new Router();
@@ -86,9 +86,10 @@ router.get("/:id", authenticateToken, async (ctx) => {
}
});
// Create activity (SuperAdmin only)
// Create activity (SuperAdmin or Supervisor for their own department)
router.post("/", authenticateToken, async (ctx) => {
try {
const user = getCurrentUser(ctx);
const body = await ctx.request.body.json();
const { sub_department_id, name, unit_of_measurement } = body;
@@ -98,6 +99,33 @@ router.post("/", authenticateToken, async (ctx) => {
return;
}
// Get the sub-department to check department ownership
const subDepts = await db.query<{ department_id: number }[]>(
"SELECT department_id FROM sub_departments WHERE id = ?",
[sub_department_id]
);
if (subDepts.length === 0) {
ctx.response.status = 404;
ctx.response.body = { error: "Sub-department not found" };
return;
}
const subDeptDepartmentId = subDepts[0].department_id;
// Check authorization
if (user.role === 'Supervisor' && user.departmentId !== subDeptDepartmentId) {
ctx.response.status = 403;
ctx.response.body = { error: "You can only create activities for your own department" };
return;
}
if (user.role !== 'SuperAdmin' && user.role !== 'Supervisor') {
ctx.response.status = 403;
ctx.response.body = { error: "Unauthorized" };
return;
}
const result = await db.execute(
"INSERT INTO activities (sub_department_id, name, unit_of_measurement) VALUES (?, ?, ?)",
[sub_department_id, name, unit_of_measurement || "Per Bag"]
@@ -109,6 +137,12 @@ router.post("/", authenticateToken, async (ctx) => {
message: "Activity created successfully"
};
} catch (error) {
const err = error as { code?: string };
if (err.code === "ER_DUP_ENTRY") {
ctx.response.status = 400;
ctx.response.body = { error: "Activity already exists in this sub-department" };
return;
}
console.error("Create activity error:", error);
ctx.response.status = 500;
ctx.response.body = { error: "Internal server error" };
@@ -135,11 +169,42 @@ router.put("/:id", authenticateToken, async (ctx) => {
}
});
// Delete activity
// Delete activity (SuperAdmin or Supervisor for their own department)
router.delete("/:id", authenticateToken, async (ctx) => {
try {
const user = getCurrentUser(ctx);
const activityId = ctx.params.id;
// Get the activity and its sub-department to check department ownership
const activities = await db.query<Activity[]>(
`SELECT a.*, sd.department_id
FROM activities a
JOIN sub_departments sd ON a.sub_department_id = sd.id
WHERE a.id = ?`,
[activityId]
);
if (activities.length === 0) {
ctx.response.status = 404;
ctx.response.body = { error: "Activity not found" };
return;
}
const activity = activities[0] as Activity & { department_id: number };
// Check authorization
if (user.role === 'Supervisor' && user.departmentId !== activity.department_id) {
ctx.response.status = 403;
ctx.response.body = { error: "You can only delete activities from your own department" };
return;
}
if (user.role !== 'SuperAdmin' && user.role !== 'Supervisor') {
ctx.response.status = 403;
ctx.response.body = { error: "Unauthorized" };
return;
}
await db.execute("DELETE FROM activities WHERE id = ?", [activityId]);
ctx.response.body = { message: "Activity deleted successfully" };