matthias/dashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
884397b520a3994c705d6536ee4ab6982faef937
dashboard/backend/src/routes/booking.routes.ts
Matthias Hochmeister 884397b520 calendar and vehicle booking rework
2026-03-26 08:47:38 +01:00

37 lines
2.3 KiB
TypeScript
Raw Blame History

import { Router } from 'express';
import bookingController from '../controllers/booking.controller';
import { authenticate, optionalAuth } from '../middleware/auth.middleware';
import { requirePermission } from '../middleware/rbac.middleware';
const router = Router();
// ── Public (token-based, no session auth required) ───────────────────────────
router.get('/calendar.ics', optionalAuth, bookingController.getIcalExport.bind(bookingController));
// ── Read-only (all authenticated users) ──────────────────────────────────────
router.get('/vehicles', authenticate, bookingController.getVehiclesForBooking.bind(bookingController));
router.get('/calendar', authenticate, bookingController.getCalendarRange.bind(bookingController));
router.get('/upcoming', authenticate, bookingController.getUpcoming.bind(bookingController));
router.get('/availability', authenticate, bookingController.checkAvailability.bind(bookingController));
router.get('/calendar-token', authenticate, bookingController.getCalendarToken.bind(bookingController));
// ── Write operations ──────────────────────────────────────────────────────────
router.post('/', authenticate, requirePermission('fahrzeugbuchungen:create'), bookingController.create.bind(bookingController));
router.patch('/:id', authenticate, requirePermission('fahrzeugbuchungen:manage'), bookingController.update.bind(bookingController));
// Soft-cancel (sets abgesagt=TRUE) — creator or bookings:write
router.delete('/:id', authenticate, bookingController.cancel.bind(bookingController));
router.patch('/:id/cancel', authenticate, bookingController.cancel.bind(bookingController));
// Hard-delete (admin only)
router.delete('/:id/force', authenticate, requirePermission('fahrzeugbuchungen:manage'), bookingController.hardDelete.bind(bookingController));
// ── Single booking read — after specific routes to avoid path conflicts ───────
router.get('/:id', authenticate, bookingController.getById.bind(bookingController));
export default router;
Reference in New Issue View Git Blame Copy Permalink