358 lines
14 KiB
TypeScript
358 lines
14 KiB
TypeScript
import { Request, Response } from 'express';
|
|
import issueService from '../services/issue.service';
|
|
import { permissionService } from '../services/permission.service';
|
|
import logger from '../utils/logger';
|
|
|
|
const param = (req: Request, key: string): string => req.params[key] as string;
|
|
|
|
class IssueController {
|
|
async getIssues(req: Request, res: Response): Promise<void> {
|
|
try {
|
|
const userId = req.user!.id;
|
|
const groups: string[] = (req.user as any).groups || [];
|
|
const canViewAll = permissionService.hasPermission(groups, 'issues:view_all');
|
|
|
|
// Parse filter query params
|
|
const filters: {
|
|
typ_id?: number[];
|
|
prioritaet?: string[];
|
|
status?: string[];
|
|
erstellt_von?: string;
|
|
zugewiesen_an?: string;
|
|
} = {};
|
|
|
|
if (req.query.typ_id) {
|
|
filters.typ_id = String(req.query.typ_id).split(',').map(Number).filter((n) => !isNaN(n));
|
|
}
|
|
if (req.query.prioritaet) {
|
|
filters.prioritaet = String(req.query.prioritaet).split(',');
|
|
}
|
|
if (req.query.status) {
|
|
filters.status = String(req.query.status).split(',');
|
|
}
|
|
if (req.query.erstellt_von) {
|
|
filters.erstellt_von = req.query.erstellt_von as string;
|
|
}
|
|
if (req.query.zugewiesen_an) {
|
|
filters.zugewiesen_an =
|
|
req.query.zugewiesen_an === 'me' ? userId : (req.query.zugewiesen_an as string);
|
|
}
|
|
|
|
const issues = await issueService.getIssues({ userId, canViewAll, filters });
|
|
res.status(200).json({ success: true, data: issues });
|
|
} catch (error) {
|
|
logger.error('IssueController.getIssues error', { error });
|
|
res.status(500).json({ success: false, message: 'Issues konnten nicht geladen werden' });
|
|
}
|
|
}
|
|
|
|
async getIssue(req: Request, res: Response): Promise<void> {
|
|
const id = parseInt(param(req, 'id'), 10);
|
|
if (isNaN(id)) {
|
|
res.status(400).json({ success: false, message: 'Ungültige ID' });
|
|
return;
|
|
}
|
|
try {
|
|
const issue = await issueService.getIssueById(id);
|
|
if (!issue) {
|
|
res.status(404).json({ success: false, message: 'Issue nicht gefunden' });
|
|
return;
|
|
}
|
|
const userId = req.user!.id;
|
|
const groups: string[] = (req.user as any).groups || [];
|
|
const canViewAll = permissionService.hasPermission(groups, 'issues:view_all');
|
|
if (!canViewAll && issue.erstellt_von !== userId && issue.zugewiesen_an !== userId) {
|
|
res.status(403).json({ success: false, message: 'Kein Zugriff' });
|
|
return;
|
|
}
|
|
res.status(200).json({ success: true, data: issue });
|
|
} catch (error) {
|
|
logger.error('IssueController.getIssue error', { error });
|
|
res.status(500).json({ success: false, message: 'Issue konnte nicht geladen werden' });
|
|
}
|
|
}
|
|
|
|
async createIssue(req: Request, res: Response): Promise<void> {
|
|
const { titel } = req.body;
|
|
if (!titel || typeof titel !== 'string' || titel.trim().length === 0) {
|
|
res.status(400).json({ success: false, message: 'Titel ist erforderlich' });
|
|
return;
|
|
}
|
|
try {
|
|
const issue = await issueService.createIssue(req.body, req.user!.id);
|
|
res.status(201).json({ success: true, data: issue });
|
|
} catch (error) {
|
|
logger.error('IssueController.createIssue error', { error });
|
|
res.status(500).json({ success: false, message: 'Issue konnte nicht erstellt werden' });
|
|
}
|
|
}
|
|
|
|
async updateIssue(req: Request, res: Response): Promise<void> {
|
|
const id = parseInt(param(req, 'id'), 10);
|
|
if (isNaN(id)) {
|
|
res.status(400).json({ success: false, message: 'Ungültige ID' });
|
|
return;
|
|
}
|
|
try {
|
|
const userId = req.user!.id;
|
|
const groups: string[] = (req.user as any).groups || [];
|
|
const canEdit = permissionService.hasPermission(groups, 'issues:edit');
|
|
const canChangeStatus = permissionService.hasPermission(groups, 'issues:change_status');
|
|
|
|
const existing = await issueService.getIssueById(id);
|
|
if (!existing) {
|
|
res.status(404).json({ success: false, message: 'Issue nicht gefunden' });
|
|
return;
|
|
}
|
|
|
|
const isOwner = existing.erstellt_von === userId;
|
|
const isAssignee = existing.zugewiesen_an === userId;
|
|
|
|
// Determine what update data is allowed
|
|
let updateData: Record<string, any>;
|
|
|
|
if (canEdit) {
|
|
// Full edit access
|
|
updateData = { ...req.body };
|
|
// Explicit null for unassign is handled by 'zugewiesen_an' in data check in service
|
|
} else if (canChangeStatus || isAssignee) {
|
|
// Can only change status (+ kommentar is handled separately)
|
|
updateData = {};
|
|
if (req.body.status !== undefined) updateData.status = req.body.status;
|
|
} else if (isOwner) {
|
|
// Owner without change_status: can only close own issue or reopen from erledigt
|
|
updateData = {};
|
|
if (req.body.status !== undefined) {
|
|
const newStatus = req.body.status;
|
|
if (newStatus === 'erledigt') {
|
|
updateData.status = 'erledigt';
|
|
} else if (newStatus === 'offen' && existing.status === 'erledigt') {
|
|
// Reopen: require kommentar
|
|
if (!req.body.kommentar || typeof req.body.kommentar !== 'string' || req.body.kommentar.trim().length === 0) {
|
|
res.status(400).json({
|
|
success: false,
|
|
message: 'Beim Wiedereröffnen ist ein Kommentar erforderlich',
|
|
});
|
|
return;
|
|
}
|
|
updateData.status = 'offen';
|
|
} else {
|
|
res.status(403).json({ success: false, message: 'Keine Berechtigung für diese Statusänderung' });
|
|
return;
|
|
}
|
|
} else {
|
|
// Owner trying to change non-status fields without edit permission
|
|
res.status(403).json({ success: false, message: 'Keine Berechtigung' });
|
|
return;
|
|
}
|
|
} else {
|
|
res.status(403).json({ success: false, message: 'Keine Berechtigung' });
|
|
return;
|
|
}
|
|
|
|
// Validate: if setting status to 'abgelehnt', check if type allows it
|
|
if (updateData.status === 'abgelehnt' && existing.typ_id) {
|
|
if (!existing.typ_erlaubt_abgelehnt) {
|
|
res.status(400).json({
|
|
success: false,
|
|
message: 'Dieser Issue-Typ erlaubt den Status "Abgelehnt" nicht',
|
|
});
|
|
return;
|
|
}
|
|
}
|
|
|
|
const issue = await issueService.updateIssue(id, updateData);
|
|
if (!issue) {
|
|
res.status(404).json({ success: false, message: 'Issue nicht gefunden' });
|
|
return;
|
|
}
|
|
|
|
// Handle reopen comment (owner reopen flow)
|
|
if (isOwner && !canChangeStatus && req.body.status === 'offen' && existing.status === 'erledigt' && req.body.kommentar) {
|
|
await issueService.addComment(id, userId, `[Wiedereröffnet] ${req.body.kommentar.trim()}`);
|
|
}
|
|
|
|
// If kommentar was provided alongside a status change (not the reopen flow above)
|
|
if (req.body.kommentar && updateData.status && !(isOwner && !canChangeStatus && req.body.status === 'offen' && existing.status === 'erledigt')) {
|
|
await issueService.addComment(id, userId, req.body.kommentar.trim());
|
|
}
|
|
|
|
// Re-fetch to include any new comment info
|
|
const updated = await issueService.getIssueById(id);
|
|
res.status(200).json({ success: true, data: updated });
|
|
} catch (error) {
|
|
logger.error('IssueController.updateIssue error', { error });
|
|
res.status(500).json({ success: false, message: 'Issue konnte nicht aktualisiert werden' });
|
|
}
|
|
}
|
|
|
|
async deleteIssue(req: Request, res: Response): Promise<void> {
|
|
const id = parseInt(param(req, 'id'), 10);
|
|
if (isNaN(id)) {
|
|
res.status(400).json({ success: false, message: 'Ungültige ID' });
|
|
return;
|
|
}
|
|
try {
|
|
const issue = await issueService.getIssueById(id);
|
|
if (!issue) {
|
|
res.status(404).json({ success: false, message: 'Issue nicht gefunden' });
|
|
return;
|
|
}
|
|
const userId = req.user!.id;
|
|
const groups: string[] = (req.user as any).groups || [];
|
|
const canDelete = permissionService.hasPermission(groups, 'issues:delete');
|
|
if (!canDelete && issue.erstellt_von !== userId) {
|
|
res.status(403).json({ success: false, message: 'Keine Berechtigung' });
|
|
return;
|
|
}
|
|
await issueService.deleteIssue(id);
|
|
res.status(200).json({ success: true, message: 'Issue gelöscht' });
|
|
} catch (error) {
|
|
logger.error('IssueController.deleteIssue error', { error });
|
|
res.status(500).json({ success: false, message: 'Issue konnte nicht gelöscht werden' });
|
|
}
|
|
}
|
|
|
|
async getComments(req: Request, res: Response): Promise<void> {
|
|
const issueId = parseInt(param(req, 'id'), 10);
|
|
if (isNaN(issueId)) {
|
|
res.status(400).json({ success: false, message: 'Ungültige ID' });
|
|
return;
|
|
}
|
|
try {
|
|
const issue = await issueService.getIssueById(issueId);
|
|
if (!issue) {
|
|
res.status(404).json({ success: false, message: 'Issue nicht gefunden' });
|
|
return;
|
|
}
|
|
const userId = req.user!.id;
|
|
const groups: string[] = (req.user as any).groups || [];
|
|
const canViewAll = permissionService.hasPermission(groups, 'issues:view_all');
|
|
if (!canViewAll && issue.erstellt_von !== userId && issue.zugewiesen_an !== userId) {
|
|
res.status(403).json({ success: false, message: 'Kein Zugriff' });
|
|
return;
|
|
}
|
|
const comments = await issueService.getComments(issueId);
|
|
res.status(200).json({ success: true, data: comments });
|
|
} catch (error) {
|
|
logger.error('IssueController.getComments error', { error });
|
|
res.status(500).json({ success: false, message: 'Kommentare konnten nicht geladen werden' });
|
|
}
|
|
}
|
|
|
|
async addComment(req: Request, res: Response): Promise<void> {
|
|
const issueId = parseInt(param(req, 'id'), 10);
|
|
if (isNaN(issueId)) {
|
|
res.status(400).json({ success: false, message: 'Ungültige ID' });
|
|
return;
|
|
}
|
|
const { inhalt } = req.body;
|
|
if (!inhalt || typeof inhalt !== 'string' || inhalt.trim().length === 0) {
|
|
res.status(400).json({ success: false, message: 'Kommentar darf nicht leer sein' });
|
|
return;
|
|
}
|
|
try {
|
|
const issue = await issueService.getIssueById(issueId);
|
|
if (!issue) {
|
|
res.status(404).json({ success: false, message: 'Issue nicht gefunden' });
|
|
return;
|
|
}
|
|
const userId = req.user!.id;
|
|
const groups: string[] = (req.user as any).groups || [];
|
|
const isOwner = issue.erstellt_von === userId;
|
|
const isAssignee = issue.zugewiesen_an === userId;
|
|
const canChangeStatus = permissionService.hasPermission(groups, 'issues:change_status');
|
|
const canEdit = permissionService.hasPermission(groups, 'issues:edit');
|
|
|
|
// Authorization: owner, assignee, change_status, or edit can comment
|
|
if (!isOwner && !isAssignee && !canChangeStatus && !canEdit) {
|
|
res.status(403).json({ success: false, message: 'Keine Berechtigung zum Kommentieren' });
|
|
return;
|
|
}
|
|
|
|
const comment = await issueService.addComment(issueId, userId, inhalt.trim());
|
|
res.status(201).json({ success: true, data: comment });
|
|
} catch (error) {
|
|
logger.error('IssueController.addComment error', { error });
|
|
res.status(500).json({ success: false, message: 'Kommentar konnte nicht erstellt werden' });
|
|
}
|
|
}
|
|
|
|
// --- Type management ---
|
|
|
|
async getTypes(_req: Request, res: Response): Promise<void> {
|
|
try {
|
|
const types = await issueService.getTypes();
|
|
res.status(200).json({ success: true, data: types });
|
|
} catch (error) {
|
|
logger.error('IssueController.getTypes error', { error });
|
|
res.status(500).json({ success: false, message: 'Issue-Typen konnten nicht geladen werden' });
|
|
}
|
|
}
|
|
|
|
async createType(req: Request, res: Response): Promise<void> {
|
|
const { name } = req.body;
|
|
if (!name || typeof name !== 'string' || name.trim().length === 0) {
|
|
res.status(400).json({ success: false, message: 'Name ist erforderlich' });
|
|
return;
|
|
}
|
|
try {
|
|
const type = await issueService.createType(req.body);
|
|
res.status(201).json({ success: true, data: type });
|
|
} catch (error) {
|
|
logger.error('IssueController.createType error', { error });
|
|
res.status(500).json({ success: false, message: 'Issue-Typ konnte nicht erstellt werden' });
|
|
}
|
|
}
|
|
|
|
async updateType(req: Request, res: Response): Promise<void> {
|
|
const id = parseInt(param(req, 'id'), 10);
|
|
if (isNaN(id)) {
|
|
res.status(400).json({ success: false, message: 'Ungültige ID' });
|
|
return;
|
|
}
|
|
try {
|
|
const type = await issueService.updateType(id, req.body);
|
|
if (!type) {
|
|
res.status(404).json({ success: false, message: 'Issue-Typ nicht gefunden' });
|
|
return;
|
|
}
|
|
res.status(200).json({ success: true, data: type });
|
|
} catch (error) {
|
|
logger.error('IssueController.updateType error', { error });
|
|
res.status(500).json({ success: false, message: 'Issue-Typ konnte nicht aktualisiert werden' });
|
|
}
|
|
}
|
|
|
|
async deleteType(req: Request, res: Response): Promise<void> {
|
|
const id = parseInt(param(req, 'id'), 10);
|
|
if (isNaN(id)) {
|
|
res.status(400).json({ success: false, message: 'Ungültige ID' });
|
|
return;
|
|
}
|
|
try {
|
|
const type = await issueService.deactivateType(id);
|
|
if (!type) {
|
|
res.status(404).json({ success: false, message: 'Issue-Typ nicht gefunden' });
|
|
return;
|
|
}
|
|
res.status(200).json({ success: true, data: type });
|
|
} catch (error) {
|
|
logger.error('IssueController.deleteType error', { error });
|
|
res.status(500).json({ success: false, message: 'Issue-Typ konnte nicht deaktiviert werden' });
|
|
}
|
|
}
|
|
|
|
async getMembers(_req: Request, res: Response): Promise<void> {
|
|
try {
|
|
const members = await issueService.getAssignableMembers();
|
|
res.status(200).json({ success: true, data: members });
|
|
} catch (error) {
|
|
logger.error('IssueController.getMembers error', { error });
|
|
res.status(500).json({ success: false, message: 'Mitglieder konnten nicht geladen werden' });
|
|
}
|
|
}
|
|
}
|
|
|
|
export default new IssueController();
|