rework vehicle handling
This commit is contained in:
Matthias Hochmeister
@@ -3,118 +3,28 @@ import vehicleController from '../controllers/vehicle.controller';
|
||||
import { authenticate } from '../middleware/auth.middleware';
|
||||
import { requireGroups } from '../middleware/rbac.middleware';
|
||||
|
||||
const ADMIN_GROUPS = ['dashboard_admin'];
|
||||
const STATUS_GROUPS = ['dashboard_admin', 'dashboard_fahrmeister'];
|
||||
const ADMIN_GROUPS = ['dashboard_admin'];
|
||||
const WRITE_GROUPS = ['dashboard_admin', 'dashboard_fahrmeister'];
|
||||
|
||||
const router = Router();
|
||||
|
||||
// ── Read-only endpoints (any authenticated user) ──────────────────────────────
|
||||
// ── Read-only (any authenticated user) ───────────────────────────────────────
|
||||
|
||||
/**
|
||||
* GET /api/vehicles
|
||||
* Fleet overview list — inspection badges included.
|
||||
*/
|
||||
router.get('/', authenticate, vehicleController.listVehicles.bind(vehicleController));
|
||||
|
||||
/**
|
||||
* GET /api/vehicles/stats
|
||||
* Dashboard KPI aggregates.
|
||||
* NOTE: /stats and /alerts must be declared BEFORE /:id to avoid route conflicts.
|
||||
*/
|
||||
router.get('/stats', authenticate, vehicleController.getStats.bind(vehicleController));
|
||||
|
||||
/**
|
||||
* GET /api/vehicles/alerts?daysAhead=30
|
||||
* Upcoming and overdue inspections for the dashboard alert panel.
|
||||
*/
|
||||
router.get('/', authenticate, vehicleController.listVehicles.bind(vehicleController));
|
||||
router.get('/stats', authenticate, vehicleController.getStats.bind(vehicleController));
|
||||
router.get('/alerts', authenticate, vehicleController.getAlerts.bind(vehicleController));
|
||||
|
||||
/**
|
||||
* GET /api/vehicles/:id
|
||||
* Full vehicle detail with inspection history and maintenance log.
|
||||
*/
|
||||
router.get('/:id', authenticate, vehicleController.getVehicle.bind(vehicleController));
|
||||
|
||||
/**
|
||||
* GET /api/vehicles/:id/pruefungen
|
||||
* Inspection history for a single vehicle.
|
||||
*/
|
||||
router.get('/:id/pruefungen', authenticate, vehicleController.getPruefungen.bind(vehicleController));
|
||||
|
||||
/**
|
||||
* GET /api/vehicles/:id/wartung
|
||||
* Maintenance log for a single vehicle.
|
||||
*/
|
||||
router.get('/:id', authenticate, vehicleController.getVehicle.bind(vehicleController));
|
||||
router.get('/:id/wartung', authenticate, vehicleController.getWartung.bind(vehicleController));
|
||||
|
||||
// ── Write endpoints (dashboard_admin group required) ────────────────────────
|
||||
// ── Write — admin only ────────────────────────────────────────────────────────
|
||||
|
||||
/**
|
||||
* POST /api/vehicles
|
||||
* Create a new vehicle.
|
||||
*/
|
||||
router.post(
|
||||
'/',
|
||||
authenticate,
|
||||
requireGroups(ADMIN_GROUPS),
|
||||
vehicleController.createVehicle.bind(vehicleController)
|
||||
);
|
||||
router.post('/', authenticate, requireGroups(ADMIN_GROUPS), vehicleController.createVehicle.bind(vehicleController));
|
||||
router.patch('/:id', authenticate, requireGroups(ADMIN_GROUPS), vehicleController.updateVehicle.bind(vehicleController));
|
||||
router.delete('/:id', authenticate, requireGroups(ADMIN_GROUPS), vehicleController.deleteVehicle.bind(vehicleController));
|
||||
|
||||
/**
|
||||
* PATCH /api/vehicles/:id
|
||||
* Update vehicle fields.
|
||||
*/
|
||||
router.patch(
|
||||
'/:id',
|
||||
authenticate,
|
||||
requireGroups(ADMIN_GROUPS),
|
||||
vehicleController.updateVehicle.bind(vehicleController)
|
||||
);
|
||||
// ── Status + maintenance log — admin + fahrmeister ────────────────────────────
|
||||
|
||||
/**
|
||||
* PATCH /api/vehicles/:id/status
|
||||
* Live status change — dashboard_admin or dashboard_fahrmeister required.
|
||||
* The `io` instance is retrieved inside the controller via req.app.get('io').
|
||||
*/
|
||||
router.patch(
|
||||
'/:id/status',
|
||||
authenticate,
|
||||
requireGroups(STATUS_GROUPS),
|
||||
vehicleController.updateVehicleStatus.bind(vehicleController)
|
||||
);
|
||||
|
||||
/**
|
||||
* POST /api/vehicles/:id/pruefungen
|
||||
* Record an inspection (scheduled or completed).
|
||||
*/
|
||||
router.post(
|
||||
'/:id/pruefungen',
|
||||
authenticate,
|
||||
requireGroups(ADMIN_GROUPS),
|
||||
vehicleController.addPruefung.bind(vehicleController)
|
||||
);
|
||||
|
||||
/**
|
||||
* POST /api/vehicles/:id/wartung
|
||||
* Add a maintenance log entry.
|
||||
*/
|
||||
router.post(
|
||||
'/:id/wartung',
|
||||
authenticate,
|
||||
requireGroups(ADMIN_GROUPS),
|
||||
vehicleController.addWartung.bind(vehicleController)
|
||||
);
|
||||
|
||||
/**
|
||||
* DELETE /api/vehicles/:id
|
||||
* Delete a vehicle — dashboard_admin only.
|
||||
* NOTE: vehicleController.deleteVehicle needs to be implemented.
|
||||
*/
|
||||
router.delete(
|
||||
'/:id',
|
||||
authenticate,
|
||||
requireGroups(ADMIN_GROUPS),
|
||||
vehicleController.deleteVehicle.bind(vehicleController)
|
||||
);
|
||||
router.patch('/:id/status', authenticate, requireGroups(WRITE_GROUPS), vehicleController.updateVehicleStatus.bind(vehicleController));
|
||||
router.post('/:id/wartung', authenticate, requireGroups(WRITE_GROUPS), vehicleController.addWartung.bind(vehicleController));
|
||||
|
||||
export default router;
|
||||
|
||||
Reference in New Issue
Block a user