212 lines
6.1 KiB
Go
212 lines
6.1 KiB
Go
package main
|
|
|
|
import (
|
|
"encoding/json"
|
|
"net/http"
|
|
"strconv"
|
|
)
|
|
|
|
func (app *App) handleListShifts(w http.ResponseWriter, r *http.Request) {
|
|
q := r.URL.Query()
|
|
var deptIDs []int
|
|
if d := q.Get("dept"); d != "" {
|
|
if id, err := strconv.Atoi(d); err == nil {
|
|
deptIDs = []int{id}
|
|
}
|
|
}
|
|
|
|
claims := claimsFromContext(r)
|
|
if isCoLeadOnly(claims) && len(deptIDs) == 0 {
|
|
deptIDs = claims.DeptIDs
|
|
}
|
|
|
|
shifts, err := app.listShifts(deptIDs, q.Get("day"), q.Get("since"))
|
|
if err != nil {
|
|
writeError(w, err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
writeJSON(w, shifts)
|
|
}
|
|
|
|
func (app *App) handleCreateShift(w http.ResponseWriter, r *http.Request) {
|
|
var s Shift
|
|
if err := json.NewDecoder(r.Body).Decode(&s); err != nil {
|
|
writeError(w, "invalid request", http.StatusBadRequest)
|
|
return
|
|
}
|
|
if s.DepartmentID == 0 || s.Name == "" || s.Day == "" || s.StartTime == "" || s.EndTime == "" {
|
|
writeError(w, "department_id, name, day, start_time, end_time required", http.StatusBadRequest)
|
|
return
|
|
}
|
|
claims := claimsFromContext(r)
|
|
if isCoLeadOnly(claims) && !inSlice(s.DepartmentID, claims.DeptIDs) {
|
|
writeError(w, "forbidden: outside your department", http.StatusForbidden)
|
|
return
|
|
}
|
|
created, err := app.createShift(s)
|
|
if err != nil {
|
|
writeError(w, err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
w.WriteHeader(http.StatusCreated)
|
|
writeJSON(w, created)
|
|
}
|
|
|
|
func (app *App) handleUpdateShift(w http.ResponseWriter, r *http.Request) {
|
|
id, err := strconv.Atoi(r.PathValue("id"))
|
|
if err != nil {
|
|
writeError(w, "invalid id", http.StatusBadRequest)
|
|
return
|
|
}
|
|
var s Shift
|
|
if err := json.NewDecoder(r.Body).Decode(&s); err != nil {
|
|
writeError(w, "invalid request", http.StatusBadRequest)
|
|
return
|
|
}
|
|
claims := claimsFromContext(r)
|
|
if isCoLeadOnly(claims) {
|
|
existing, _ := app.getShift(id)
|
|
if existing == nil || !inSlice(existing.DepartmentID, claims.DeptIDs) {
|
|
writeError(w, "forbidden: outside your department", http.StatusForbidden)
|
|
return
|
|
}
|
|
}
|
|
s.ID = id
|
|
if err := app.updateShift(s); err != nil {
|
|
writeError(w, err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
updated, _ := app.getShift(id)
|
|
writeJSON(w, updated)
|
|
}
|
|
|
|
func (app *App) handleDeleteShift(w http.ResponseWriter, r *http.Request) {
|
|
id, err := strconv.Atoi(r.PathValue("id"))
|
|
if err != nil {
|
|
writeError(w, "invalid id", http.StatusBadRequest)
|
|
return
|
|
}
|
|
claims := claimsFromContext(r)
|
|
if isCoLeadOnly(claims) {
|
|
s, _ := app.getShift(id)
|
|
if s == nil || !inSlice(s.DepartmentID, claims.DeptIDs) {
|
|
writeError(w, "forbidden: outside your department", http.StatusForbidden)
|
|
return
|
|
}
|
|
}
|
|
if err := app.deleteShift(id); err != nil {
|
|
writeError(w, err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
w.WriteHeader(http.StatusNoContent)
|
|
}
|
|
|
|
// handleAssignShiftVolunteer is the shift-centric assignment endpoint.
|
|
// POST /api/shifts/:id/volunteers body: {"volunteer_id": N, "force": false}
|
|
// Checks for scheduling conflicts unless force=true.
|
|
func (app *App) handleAssignShiftVolunteer(w http.ResponseWriter, r *http.Request) {
|
|
shiftID, err := strconv.Atoi(r.PathValue("id"))
|
|
if err != nil {
|
|
writeError(w, "invalid shift id", http.StatusBadRequest)
|
|
return
|
|
}
|
|
var body struct {
|
|
VolunteerID int `json:"volunteer_id"`
|
|
Force bool `json:"force"`
|
|
}
|
|
if err := json.NewDecoder(r.Body).Decode(&body); err != nil || body.VolunteerID == 0 {
|
|
writeError(w, "volunteer_id required", http.StatusBadRequest)
|
|
return
|
|
}
|
|
claims := claimsFromContext(r)
|
|
if isCoLeadOnly(claims) {
|
|
s, _ := app.getShift(shiftID)
|
|
if s == nil || !inSlice(s.DepartmentID, claims.DeptIDs) {
|
|
writeError(w, "forbidden: outside your department", http.StatusForbidden)
|
|
return
|
|
}
|
|
}
|
|
|
|
if !body.Force {
|
|
conflicts, err := app.checkShiftConflict(body.VolunteerID, shiftID)
|
|
if err != nil {
|
|
writeError(w, err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
if len(conflicts) > 0 {
|
|
w.Header().Set("Content-Type", "application/json")
|
|
w.WriteHeader(http.StatusConflict)
|
|
writeJSON(w, map[string]any{
|
|
"conflict": true,
|
|
"conflicting_shifts": conflicts,
|
|
})
|
|
return
|
|
}
|
|
}
|
|
|
|
if err := app.assignShift(body.VolunteerID, shiftID); err != nil {
|
|
writeError(w, err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
w.WriteHeader(http.StatusNoContent)
|
|
}
|
|
|
|
// handleUnassignShiftVolunteer removes a volunteer from a shift.
|
|
// DELETE /api/shifts/:id/volunteers/:volunteer_id
|
|
func (app *App) handleUnassignShiftVolunteer(w http.ResponseWriter, r *http.Request) {
|
|
shiftID, err := strconv.Atoi(r.PathValue("id"))
|
|
if err != nil {
|
|
writeError(w, "invalid shift id", http.StatusBadRequest)
|
|
return
|
|
}
|
|
volunteerID, err := strconv.Atoi(r.PathValue("volunteer_id"))
|
|
if err != nil {
|
|
writeError(w, "invalid volunteer id", http.StatusBadRequest)
|
|
return
|
|
}
|
|
claims := claimsFromContext(r)
|
|
if isCoLeadOnly(claims) {
|
|
s, _ := app.getShift(shiftID)
|
|
if s == nil || !inSlice(s.DepartmentID, claims.DeptIDs) {
|
|
writeError(w, "forbidden: outside your department", http.StatusForbidden)
|
|
return
|
|
}
|
|
}
|
|
if err := app.unassignShift(volunteerID, shiftID); err != nil {
|
|
writeError(w, err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
w.WriteHeader(http.StatusNoContent)
|
|
}
|
|
|
|
// handleReorderShifts bulk-updates shift positions.
|
|
// POST /api/shifts/reorder body: [{"id": N, "position": N}, ...]
|
|
func (app *App) handleReorderShifts(w http.ResponseWriter, r *http.Request) {
|
|
var raw []struct {
|
|
ID int `json:"id"`
|
|
Position int `json:"position"`
|
|
}
|
|
if err := json.NewDecoder(r.Body).Decode(&raw); err != nil || len(raw) == 0 {
|
|
writeError(w, "array of {id, position} required", http.StatusBadRequest)
|
|
return
|
|
}
|
|
claims := claimsFromContext(r)
|
|
if isCoLeadOnly(claims) {
|
|
for _, p := range raw {
|
|
s, _ := app.getShift(p.ID)
|
|
if s == nil || !inSlice(s.DepartmentID, claims.DeptIDs) {
|
|
writeError(w, "forbidden: outside your department", http.StatusForbidden)
|
|
return
|
|
}
|
|
}
|
|
}
|
|
positions := make([]struct{ ID, Position int }, len(raw))
|
|
for i, p := range raw {
|
|
positions[i] = struct{ ID, Position int }{p.ID, p.Position}
|
|
}
|
|
if err := app.reorderShifts(positions); err != nil {
|
|
writeError(w, err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
w.WriteHeader(http.StatusNoContent)
|
|
}
|