diff --git a/src/routes/api/payments/add/+server.ts b/src/routes/api/payments/add/+server.ts index 5735d2e..2646a52 100644 --- a/src/routes/api/payments/add/+server.ts +++ b/src/routes/api/payments/add/+server.ts @@ -9,7 +9,6 @@ import {IMAGE_DIR} from '$env/static/private'; export const POST: RequestHandler = async ({request, cookies}) => { const user = await authenticateUser(cookies) - console.log(user) if(!user){ throw error(401, "Not logged in") } @@ -25,7 +24,6 @@ export const POST: RequestHandler = async ({request, cookies}) => { payee: formData.get("payee"), added_by: user._id } - await dbConnect(); let id; try{ @@ -38,7 +36,7 @@ export const POST: RequestHandler = async ({request, cookies}) => { await dbDisconnect(); const img = formData.get("file") if(img){ - console.log("IMG:", img) + //this feels stupid, is there a smarter way directly to Buffer? const full_res = Buffer.from(await img.arrayBuffer()) await sharp(full_res) diff --git a/src/routes/api/payments/delete/+server.ts b/src/routes/api/payments/delete/+server.ts new file mode 100644 index 0000000..1c42309 --- /dev/null +++ b/src/routes/api/payments/delete/+server.ts @@ -0,0 +1,24 @@ +import type { RequestHandler } from '@sveltejs/kit'; +import { Payment } from '../../../../models/Payment'; +import { dbConnect, dbDisconnect } from '../../../../utils/db'; +import { error } from '@sveltejs/kit'; +import { authenticateUser } from '$lib/js/authenticate'; +// header: use for bearer token for now +// recipe json in body +export const POST: RequestHandler = async ({request, cookies}) => { + let json = await request.json() + + const user = await authenticateUser(cookies) + if(!user) throw error(401, "Need to be logged in") + if(!user.access.includes("abrechnung")){ + throw error(401, "Insufficient permissions") + } + else{ + await dbConnect(); + await Payment.findOneAndDelete({_id: json.id}); + await dbDisconnect(); + return new Response(JSON.stringify({msg: "Deleted payment successfully"}),{ + status: 200, + }); + } +} diff --git a/src/routes/api/payments/edit/+server.ts b/src/routes/api/payments/edit/+server.ts new file mode 100644 index 0000000..2bed766 --- /dev/null +++ b/src/routes/api/payments/edit/+server.ts @@ -0,0 +1,27 @@ +import type { RequestHandler } from '@sveltejs/kit'; +import { Payment } from '../../../../models/Payment'; +import { dbConnect, dbDisconnect } from '../../../../utils/db'; +import { error } from '@sveltejs/kit'; +import { authenticateUser } from '$lib/js/authenticate'; +// header: use for bearer token for now +// recipe json in body +export const POST: RequestHandler = async ({request, cookies}) => { + let message = await request.json() + const json = message.payment + const user = await authenticateUser(cookies) + if(!user){ + throw error(403, "Not logged in") + } + else if(!user.access.includes("abrechnung")){ + throw error(403, "This user does not have edit permissions for payments") + } + else{ + await dbConnect(); + await Payment.findOneAndUpdate({_id: json.id}, json); + await dbDisconnect(); + return new Response(JSON.stringify({msg: "Edited payment successfully"}),{ + status: 200, + }); + + } +}; diff --git a/src/routes/api/payments/item/[id]/+server.ts b/src/routes/api/payments/item/[id]/+server.ts new file mode 100644 index 0000000..db99878 --- /dev/null +++ b/src/routes/api/payments/item/[id]/+server.ts @@ -0,0 +1,27 @@ +import type { RequestHandler } from '@sveltejs/kit'; +import { Payment } from '../../../../models/Payment'; +import { dbConnect, dbDisconnect } from '../../../../utils/db'; +import { error } from '@sveltejs/kit'; +import { authenticateUser } from '$lib/js/authenticate'; +// header: use for bearer token for now +// recipe json in body +export const POST: RequestHandler = async ({request, cookies}) => { + let message = await request.json() + const json = message.payment + const user = await authenticateUser(cookies) + if(!user){ + throw error(403, "Not logged in") + } + else if(!user.access.includes("abrechnung")){ + throw error(403, "This user does not have edit permissions for payments") + } + else{ + await dbConnect(); + const payment = await Payment.findOne({_id: json.id}).lean(); + await dbDisconnect(); + return new Response(JSON.stringify({payment}),{ + status: 200, + }); + + } +}; diff --git a/src/routes/api/payments/items/[range]/+server.ts b/src/routes/api/payments/items/[range]/+server.ts new file mode 100644 index 0000000..6bd8e42 --- /dev/null +++ b/src/routes/api/payments/items/[range]/+server.ts @@ -0,0 +1,28 @@ +import type { RequestHandler } from '@sveltejs/kit'; +import { Payment } from '../../../../../models/Payment'; +import { dbConnect, dbDisconnect } from '../../../../../utils/db'; +import { error } from '@sveltejs/kit'; +import { authenticateUser } from '$lib/js/authenticate'; +// header: use for bearer token for now +// recipe json in body +export const POST: RequestHandler = async ({request, cookies, params}) => { + let message = await request.json() + const n = params.range + const start = message?.start ?? 0; + const user = await authenticateUser(cookies) + if(!user){ + throw error(403, "Not logged in") + } + else if(!user.access.includes("abrechnung")){ + throw error(403, "This user does not have viewing permissions for payments") + } + else{ + await dbConnect(); + const payments = await Payment.find({}).sort({ date: -1 }).skip(start).limit(n).lean() + await dbDisconnect(); + return new Response(JSON.stringify({payments}),{ + status: 200, + }); + + } +}; diff --git a/src/routes/api/payments/payees/+server.ts b/src/routes/api/payments/payees/+server.ts new file mode 100644 index 0000000..8fd7a60 --- /dev/null +++ b/src/routes/api/payments/payees/+server.ts @@ -0,0 +1,26 @@ +import type { RequestHandler } from '@sveltejs/kit'; +import { Payment } from '../../../../models/Payment'; +import { dbConnect, dbDisconnect } from '../../../../utils/db'; +import { error } from '@sveltejs/kit'; +import { authenticateUser } from '$lib/js/authenticate'; +import { User } from '../../../../models/User'; +// header: use for bearer token for now +// recipe json in body +export const GET: RequestHandler = async ({request, cookies}) => { + const user = await authenticateUser(cookies) + if(!user){ + throw error(403, "Not logged in") + } + else if(!user.access.includes("abrechnung")){ + throw error(403, "This user does not have edit permissions for payments") + } + else{ + await dbConnect(); + const users = await User.find({access: "abrechnung"}, 'username').lean() + await dbDisconnect(); + return new Response(JSON.stringify({users}),{ + status: 200, + }); + + } +};