added missing payments api routes
This commit is contained in:
parent
e25c0f9121
commit
6356456a18
@ -9,7 +9,6 @@ import {IMAGE_DIR} from '$env/static/private';
|
|||||||
|
|
||||||
export const POST: RequestHandler = async ({request, cookies}) => {
|
export const POST: RequestHandler = async ({request, cookies}) => {
|
||||||
const user = await authenticateUser(cookies)
|
const user = await authenticateUser(cookies)
|
||||||
console.log(user)
|
|
||||||
if(!user){
|
if(!user){
|
||||||
throw error(401, "Not logged in")
|
throw error(401, "Not logged in")
|
||||||
}
|
}
|
||||||
@ -25,7 +24,6 @@ export const POST: RequestHandler = async ({request, cookies}) => {
|
|||||||
payee: formData.get("payee"),
|
payee: formData.get("payee"),
|
||||||
added_by: user._id
|
added_by: user._id
|
||||||
}
|
}
|
||||||
|
|
||||||
await dbConnect();
|
await dbConnect();
|
||||||
let id;
|
let id;
|
||||||
try{
|
try{
|
||||||
@ -38,7 +36,7 @@ export const POST: RequestHandler = async ({request, cookies}) => {
|
|||||||
await dbDisconnect();
|
await dbDisconnect();
|
||||||
const img = formData.get("file")
|
const img = formData.get("file")
|
||||||
if(img){
|
if(img){
|
||||||
console.log("IMG:", img)
|
//this feels stupid, is there a smarter way directly to Buffer?
|
||||||
const full_res = Buffer.from(await img.arrayBuffer())
|
const full_res = Buffer.from(await img.arrayBuffer())
|
||||||
|
|
||||||
await sharp(full_res)
|
await sharp(full_res)
|
||||||
|
24
src/routes/api/payments/delete/+server.ts
Normal file
24
src/routes/api/payments/delete/+server.ts
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
import type { RequestHandler } from '@sveltejs/kit';
|
||||||
|
import { Payment } from '../../../../models/Payment';
|
||||||
|
import { dbConnect, dbDisconnect } from '../../../../utils/db';
|
||||||
|
import { error } from '@sveltejs/kit';
|
||||||
|
import { authenticateUser } from '$lib/js/authenticate';
|
||||||
|
// header: use for bearer token for now
|
||||||
|
// recipe json in body
|
||||||
|
export const POST: RequestHandler = async ({request, cookies}) => {
|
||||||
|
let json = await request.json()
|
||||||
|
|
||||||
|
const user = await authenticateUser(cookies)
|
||||||
|
if(!user) throw error(401, "Need to be logged in")
|
||||||
|
if(!user.access.includes("abrechnung")){
|
||||||
|
throw error(401, "Insufficient permissions")
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
await dbConnect();
|
||||||
|
await Payment.findOneAndDelete({_id: json.id});
|
||||||
|
await dbDisconnect();
|
||||||
|
return new Response(JSON.stringify({msg: "Deleted payment successfully"}),{
|
||||||
|
status: 200,
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
27
src/routes/api/payments/edit/+server.ts
Normal file
27
src/routes/api/payments/edit/+server.ts
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
import type { RequestHandler } from '@sveltejs/kit';
|
||||||
|
import { Payment } from '../../../../models/Payment';
|
||||||
|
import { dbConnect, dbDisconnect } from '../../../../utils/db';
|
||||||
|
import { error } from '@sveltejs/kit';
|
||||||
|
import { authenticateUser } from '$lib/js/authenticate';
|
||||||
|
// header: use for bearer token for now
|
||||||
|
// recipe json in body
|
||||||
|
export const POST: RequestHandler = async ({request, cookies}) => {
|
||||||
|
let message = await request.json()
|
||||||
|
const json = message.payment
|
||||||
|
const user = await authenticateUser(cookies)
|
||||||
|
if(!user){
|
||||||
|
throw error(403, "Not logged in")
|
||||||
|
}
|
||||||
|
else if(!user.access.includes("abrechnung")){
|
||||||
|
throw error(403, "This user does not have edit permissions for payments")
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
await dbConnect();
|
||||||
|
await Payment.findOneAndUpdate({_id: json.id}, json);
|
||||||
|
await dbDisconnect();
|
||||||
|
return new Response(JSON.stringify({msg: "Edited payment successfully"}),{
|
||||||
|
status: 200,
|
||||||
|
});
|
||||||
|
|
||||||
|
}
|
||||||
|
};
|
27
src/routes/api/payments/item/[id]/+server.ts
Normal file
27
src/routes/api/payments/item/[id]/+server.ts
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
import type { RequestHandler } from '@sveltejs/kit';
|
||||||
|
import { Payment } from '../../../../models/Payment';
|
||||||
|
import { dbConnect, dbDisconnect } from '../../../../utils/db';
|
||||||
|
import { error } from '@sveltejs/kit';
|
||||||
|
import { authenticateUser } from '$lib/js/authenticate';
|
||||||
|
// header: use for bearer token for now
|
||||||
|
// recipe json in body
|
||||||
|
export const POST: RequestHandler = async ({request, cookies}) => {
|
||||||
|
let message = await request.json()
|
||||||
|
const json = message.payment
|
||||||
|
const user = await authenticateUser(cookies)
|
||||||
|
if(!user){
|
||||||
|
throw error(403, "Not logged in")
|
||||||
|
}
|
||||||
|
else if(!user.access.includes("abrechnung")){
|
||||||
|
throw error(403, "This user does not have edit permissions for payments")
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
await dbConnect();
|
||||||
|
const payment = await Payment.findOne({_id: json.id}).lean();
|
||||||
|
await dbDisconnect();
|
||||||
|
return new Response(JSON.stringify({payment}),{
|
||||||
|
status: 200,
|
||||||
|
});
|
||||||
|
|
||||||
|
}
|
||||||
|
};
|
28
src/routes/api/payments/items/[range]/+server.ts
Normal file
28
src/routes/api/payments/items/[range]/+server.ts
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
import type { RequestHandler } from '@sveltejs/kit';
|
||||||
|
import { Payment } from '../../../../../models/Payment';
|
||||||
|
import { dbConnect, dbDisconnect } from '../../../../../utils/db';
|
||||||
|
import { error } from '@sveltejs/kit';
|
||||||
|
import { authenticateUser } from '$lib/js/authenticate';
|
||||||
|
// header: use for bearer token for now
|
||||||
|
// recipe json in body
|
||||||
|
export const POST: RequestHandler = async ({request, cookies, params}) => {
|
||||||
|
let message = await request.json()
|
||||||
|
const n = params.range
|
||||||
|
const start = message?.start ?? 0;
|
||||||
|
const user = await authenticateUser(cookies)
|
||||||
|
if(!user){
|
||||||
|
throw error(403, "Not logged in")
|
||||||
|
}
|
||||||
|
else if(!user.access.includes("abrechnung")){
|
||||||
|
throw error(403, "This user does not have viewing permissions for payments")
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
await dbConnect();
|
||||||
|
const payments = await Payment.find({}).sort({ date: -1 }).skip(start).limit(n).lean()
|
||||||
|
await dbDisconnect();
|
||||||
|
return new Response(JSON.stringify({payments}),{
|
||||||
|
status: 200,
|
||||||
|
});
|
||||||
|
|
||||||
|
}
|
||||||
|
};
|
26
src/routes/api/payments/payees/+server.ts
Normal file
26
src/routes/api/payments/payees/+server.ts
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
import type { RequestHandler } from '@sveltejs/kit';
|
||||||
|
import { Payment } from '../../../../models/Payment';
|
||||||
|
import { dbConnect, dbDisconnect } from '../../../../utils/db';
|
||||||
|
import { error } from '@sveltejs/kit';
|
||||||
|
import { authenticateUser } from '$lib/js/authenticate';
|
||||||
|
import { User } from '../../../../models/User';
|
||||||
|
// header: use for bearer token for now
|
||||||
|
// recipe json in body
|
||||||
|
export const GET: RequestHandler = async ({request, cookies}) => {
|
||||||
|
const user = await authenticateUser(cookies)
|
||||||
|
if(!user){
|
||||||
|
throw error(403, "Not logged in")
|
||||||
|
}
|
||||||
|
else if(!user.access.includes("abrechnung")){
|
||||||
|
throw error(403, "This user does not have edit permissions for payments")
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
await dbConnect();
|
||||||
|
const users = await User.find({access: "abrechnung"}, 'username').lean()
|
||||||
|
await dbDisconnect();
|
||||||
|
return new Response(JSON.stringify({users}),{
|
||||||
|
status: 200,
|
||||||
|
});
|
||||||
|
|
||||||
|
}
|
||||||
|
};
|
Loading…
Reference in New Issue
Block a user