204 lines
5.2 KiB
TypeScript
204 lines
5.2 KiB
TypeScript
import { Router } from 'express';
|
|
import bestellungController from '../controllers/bestellung.controller';
|
|
import { authenticate } from '../middleware/auth.middleware';
|
|
import { requirePermission } from '../middleware/rbac.middleware';
|
|
import { uploadBestellung } from '../middleware/upload';
|
|
|
|
const router = Router();
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// Vendors (Lieferanten)
|
|
// ---------------------------------------------------------------------------
|
|
|
|
router.get(
|
|
'/vendors',
|
|
authenticate,
|
|
requirePermission('bestellungen:view'),
|
|
bestellungController.listVendors.bind(bestellungController)
|
|
);
|
|
|
|
router.get(
|
|
'/vendors/:id',
|
|
authenticate,
|
|
requirePermission('bestellungen:view'),
|
|
bestellungController.getVendor.bind(bestellungController)
|
|
);
|
|
|
|
router.get(
|
|
'/vendors/:id/orders',
|
|
authenticate,
|
|
requirePermission('bestellungen:view'),
|
|
bestellungController.getVendorOrders.bind(bestellungController)
|
|
);
|
|
|
|
router.post(
|
|
'/vendors',
|
|
authenticate,
|
|
requirePermission('bestellungen:manage_vendors'),
|
|
bestellungController.createVendor.bind(bestellungController)
|
|
);
|
|
|
|
router.patch(
|
|
'/vendors/:id',
|
|
authenticate,
|
|
requirePermission('bestellungen:manage_vendors'),
|
|
bestellungController.updateVendor.bind(bestellungController)
|
|
);
|
|
|
|
router.delete(
|
|
'/vendors/:id',
|
|
authenticate,
|
|
requirePermission('bestellungen:manage_vendors'),
|
|
bestellungController.deleteVendor.bind(bestellungController)
|
|
);
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// Orders (Bestellungen)
|
|
// ---------------------------------------------------------------------------
|
|
|
|
router.get(
|
|
'/',
|
|
authenticate,
|
|
requirePermission('bestellungen:view'),
|
|
bestellungController.listOrders.bind(bestellungController)
|
|
);
|
|
|
|
router.post(
|
|
'/',
|
|
authenticate,
|
|
requirePermission('bestellungen:create'),
|
|
bestellungController.createOrder.bind(bestellungController)
|
|
);
|
|
|
|
// Export must come before /:id to avoid param capture
|
|
router.get(
|
|
'/export/:id',
|
|
authenticate,
|
|
requirePermission('bestellungen:export'),
|
|
bestellungController.exportOrder.bind(bestellungController)
|
|
);
|
|
|
|
router.get(
|
|
'/:id',
|
|
authenticate,
|
|
requirePermission('bestellungen:view'),
|
|
bestellungController.getOrder.bind(bestellungController)
|
|
);
|
|
|
|
router.patch(
|
|
'/:id',
|
|
authenticate,
|
|
requirePermission('bestellungen:create'),
|
|
bestellungController.updateOrder.bind(bestellungController)
|
|
);
|
|
|
|
router.delete(
|
|
'/:id',
|
|
authenticate,
|
|
requirePermission('bestellungen:delete'),
|
|
bestellungController.deleteOrder.bind(bestellungController)
|
|
);
|
|
|
|
router.patch(
|
|
'/:id/status',
|
|
authenticate,
|
|
requirePermission('bestellungen:create'),
|
|
bestellungController.updateStatus.bind(bestellungController)
|
|
);
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// Line Items (Bestellpositionen)
|
|
// ---------------------------------------------------------------------------
|
|
|
|
router.post(
|
|
'/:id/items',
|
|
authenticate,
|
|
requirePermission('bestellungen:create'),
|
|
bestellungController.addLineItem.bind(bestellungController)
|
|
);
|
|
|
|
router.patch(
|
|
'/items/:itemId',
|
|
authenticate,
|
|
requirePermission('bestellungen:create'),
|
|
bestellungController.updateLineItem.bind(bestellungController)
|
|
);
|
|
|
|
router.delete(
|
|
'/items/:itemId',
|
|
authenticate,
|
|
requirePermission('bestellungen:delete'),
|
|
bestellungController.deleteLineItem.bind(bestellungController)
|
|
);
|
|
|
|
router.patch(
|
|
'/items/:itemId/received',
|
|
authenticate,
|
|
requirePermission('bestellungen:manage_orders'),
|
|
bestellungController.updateReceivedQuantity.bind(bestellungController)
|
|
);
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// Files (Bestellung Dateien)
|
|
// ---------------------------------------------------------------------------
|
|
|
|
router.post(
|
|
'/:id/files',
|
|
authenticate,
|
|
requirePermission('bestellungen:create'),
|
|
uploadBestellung.single('datei'),
|
|
bestellungController.uploadFile.bind(bestellungController)
|
|
);
|
|
|
|
router.delete(
|
|
'/files/:fileId',
|
|
authenticate,
|
|
requirePermission('bestellungen:delete'),
|
|
bestellungController.deleteFile.bind(bestellungController)
|
|
);
|
|
|
|
router.get(
|
|
'/:id/files',
|
|
authenticate,
|
|
requirePermission('bestellungen:view'),
|
|
bestellungController.listFiles.bind(bestellungController)
|
|
);
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// Reminders (Erinnerungen)
|
|
// ---------------------------------------------------------------------------
|
|
|
|
router.post(
|
|
'/:id/reminders',
|
|
authenticate,
|
|
requirePermission('bestellungen:manage_reminders'),
|
|
bestellungController.addReminder.bind(bestellungController)
|
|
);
|
|
|
|
router.patch(
|
|
'/reminders/:remId',
|
|
authenticate,
|
|
requirePermission('bestellungen:manage_reminders'),
|
|
bestellungController.markReminderDone.bind(bestellungController)
|
|
);
|
|
|
|
router.delete(
|
|
'/reminders/:remId',
|
|
authenticate,
|
|
requirePermission('bestellungen:manage_reminders'),
|
|
bestellungController.deleteReminder.bind(bestellungController)
|
|
);
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// History & Export
|
|
// ---------------------------------------------------------------------------
|
|
|
|
router.get(
|
|
'/:id/history',
|
|
authenticate,
|
|
requirePermission('bestellungen:view'),
|
|
bestellungController.getHistory.bind(bestellungController)
|
|
);
|
|
|
|
export default router;
|