Hartmut/CapaKraken
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

refactor(api): extract vacation management procedures

Browse Source
This commit is contained in:
Hartmut Nörenberg
2026-03-31 11:12:56 +02:00
parent 656c3d0ee5
commit ae1a0ca268
2 changed files with 445 additions and 486 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/api/src/router/vacation-management-procedures.ts
+436
View File
@@ -0,0 +1,436 @@
import { UpdateVacationStatusSchema } from "@capakraken/shared";
import { VacationStatus } from "@capakraken/db";
import { TRPCError } from "@trpc/server";
import { z } from "zod";
import { findUniqueOrThrow } from "../db/helpers.js";
import { RESOURCE_BRIEF_SELECT } from "../db/selects.js";
import { createAuditEntry } from "../lib/audit.js";
import { checkBatchVacationConflicts, checkVacationConflicts } from "../lib/vacation-conflicts.js";
import { emitVacationUpdated } from "../sse/event-bus.js";
import { adminProcedure, managerProcedure, protectedProcedure } from "../trpc.js";
import {
assertVacationStillChargeable,
buildVacationApprovalWriteData,
} from "./vacation-chargeability.js";
import { batchCreatePublicHolidayVacations } from "./vacation-public-holidays.js";
import {
completeVacationApprovalTasks,
dispatchVacationWebhookInBackground,
notifyVacationStatusInBackground,
} from "./vacation-side-effects.js";
const BatchCreatePublicHolidaysSchema = z.object({
year: z.number().int().min(2000).max(2100),
federalState: z.string().optional(),
chapter: z.string().optional(),
replaceExisting: z.boolean().default(false),
});
async function findVacationActor(
db: Parameters<Parameters<typeof protectedProcedure["query"]>[0]>[0]["ctx"]["db"],
email: string | null | undefined,
) {
return db.user.findUnique({
where: { email: email ?? "" },
select: { id: true, systemRole: true },
});
}
export const vacationManagementProcedures = {
approve: managerProcedure
.input(z.object({ id: z.string() }))
.mutation(async ({ ctx, input }) => {
const existing = await findUniqueOrThrow(
ctx.db.vacation.findUnique({ where: { id: input.id } }),
"Vacation",
);
const approvableStatuses: string[] = [VacationStatus.PENDING, VacationStatus.CANCELLED, VacationStatus.REJECTED];
if (!approvableStatuses.includes(existing.status)) {
throw new TRPCError({ code: "BAD_REQUEST", message: "Only PENDING, CANCELLED, or REJECTED vacations can be approved" });
}
await assertVacationStillChargeable(ctx.db, {
resourceId: existing.resourceId,
type: existing.type,
startDate: existing.startDate,
endDate: existing.endDate,
isHalfDay: existing.isHalfDay,
});
const deductionSnapshotWriteData = await buildVacationApprovalWriteData(ctx.db, {
resourceId: existing.resourceId,
type: existing.type,
startDate: existing.startDate,
endDate: existing.endDate,
isHalfDay: existing.isHalfDay,
});
const userRecord = await findVacationActor(ctx.db, ctx.session.user?.email);
const conflictResult = await checkVacationConflicts(
// eslint-disable-next-line @typescript-eslint/no-explicit-any
ctx.db as any,
input.id,
userRecord?.id,
);
const updated = await ctx.db.vacation.update({
where: { id: input.id },
data: {
status: VacationStatus.APPROVED,
rejectionReason: null,
...deductionSnapshotWriteData,
...(userRecord?.id ? { approvedById: userRecord.id } : {}),
approvedAt: new Date(),
},
});
emitVacationUpdated({ id: updated.id, resourceId: updated.resourceId, status: updated.status });
void createAuditEntry({
db: ctx.db,
entityType: "Vacation",
entityId: updated.id,
entityName: `Vacation ${updated.id}`,
action: "UPDATE",
...(userRecord?.id ? { userId: userRecord.id } : {}),
before: existing as unknown as Record<string, unknown>,
after: updated as unknown as Record<string, unknown>,
source: "ui",
summary: `Approved vacation (was ${existing.status})`,
});
dispatchVacationWebhookInBackground(ctx.db, "vacation.approved", {
id: updated.id,
resourceId: updated.resourceId,
startDate: updated.startDate.toISOString(),
endDate: updated.endDate.toISOString(),
});
await completeVacationApprovalTasks(ctx.db, input.id, userRecord?.id);
if (existing.status === VacationStatus.PENDING) {
notifyVacationStatusInBackground(ctx.db, updated.id, updated.resourceId, VacationStatus.APPROVED);
}
return { ...updated, warnings: conflictResult.warnings };
}),
reject: managerProcedure
.input(z.object({ id: z.string(), rejectionReason: z.string().max(500).optional() }))
.mutation(async ({ ctx, input }) => {
const existing = await findUniqueOrThrow(
ctx.db.vacation.findUnique({ where: { id: input.id } }),
"Vacation",
);
if (existing.status !== VacationStatus.PENDING) {
throw new TRPCError({ code: "BAD_REQUEST", message: "Only PENDING vacations can be rejected" });
}
const updated = await ctx.db.vacation.update({
where: { id: input.id },
data: {
status: VacationStatus.REJECTED,
...(input.rejectionReason !== undefined ? { rejectionReason: input.rejectionReason } : {}),
},
});
emitVacationUpdated({ id: updated.id, resourceId: updated.resourceId, status: updated.status });
const userRecord = await findVacationActor(ctx.db, ctx.session.user?.email);
await completeVacationApprovalTasks(ctx.db, input.id, userRecord?.id);
void createAuditEntry({
db: ctx.db,
entityType: "Vacation",
entityId: updated.id,
entityName: `Vacation ${updated.id}`,
action: "UPDATE",
...(userRecord?.id ? { userId: userRecord.id } : {}),
before: existing as unknown as Record<string, unknown>,
after: updated as unknown as Record<string, unknown>,
source: "ui",
summary: `Rejected vacation${input.rejectionReason ? `: ${input.rejectionReason}` : ""}`,
});
notifyVacationStatusInBackground(
ctx.db,
updated.id,
updated.resourceId,
VacationStatus.REJECTED,
input.rejectionReason,
);
return updated;
}),
batchApprove: managerProcedure
.input(z.object({ ids: z.array(z.string()).min(1).max(100) }))
.mutation(async ({ ctx, input }) => {
const userRecord = await findVacationActor(ctx.db, ctx.session.user?.email);
const vacations = await ctx.db.vacation.findMany({
where: { id: { in: input.ids }, status: VacationStatus.PENDING },
select: {
id: true,
resourceId: true,
type: true,
startDate: true,
endDate: true,
isHalfDay: true,
},
});
for (const vacation of vacations) {
await assertVacationStillChargeable(ctx.db, vacation);
}
const conflictMap = await checkBatchVacationConflicts(
// eslint-disable-next-line @typescript-eslint/no-explicit-any
ctx.db as any,
vacations.map((vacation) => vacation.id),
userRecord?.id,
);
for (const vacation of vacations) {
const deductionSnapshotWriteData = await buildVacationApprovalWriteData(ctx.db, {
resourceId: vacation.resourceId,
type: vacation.type,
startDate: vacation.startDate,
endDate: vacation.endDate,
isHalfDay: vacation.isHalfDay,
});
const updated = await ctx.db.vacation.update({
where: { id: vacation.id },
data: {
status: VacationStatus.APPROVED,
rejectionReason: null,
...deductionSnapshotWriteData,
...(userRecord?.id ? { approvedById: userRecord.id } : {}),
approvedAt: new Date(),
},
});
emitVacationUpdated({ id: updated.id, resourceId: updated.resourceId, status: updated.status });
notifyVacationStatusInBackground(ctx.db, updated.id, updated.resourceId, VacationStatus.APPROVED);
void createAuditEntry({
db: ctx.db,
entityType: "Vacation",
entityId: updated.id,
entityName: `Vacation ${updated.id}`,
action: "UPDATE",
...(userRecord?.id ? { userId: userRecord.id } : {}),
after: updated as unknown as Record<string, unknown>,
source: "ui",
summary: "Batch approved vacation",
});
await completeVacationApprovalTasks(ctx.db, updated.id, userRecord?.id);
}
const warnings: string[] = [];
for (const [, vacationWarnings] of conflictMap) {
warnings.push(...vacationWarnings);
}
return { approved: vacations.length, warnings };
}),
batchReject: managerProcedure
.input(
z.object({
ids: z.array(z.string()).min(1).max(100),
rejectionReason: z.string().max(500).optional(),
}),
)
.mutation(async ({ ctx, input }) => {
const userRecord = await findVacationActor(ctx.db, ctx.session.user?.email);
const vacations = await ctx.db.vacation.findMany({
where: { id: { in: input.ids }, status: VacationStatus.PENDING },
select: { id: true, resourceId: true },
});
await ctx.db.vacation.updateMany({
where: { id: { in: vacations.map((vacation) => vacation.id) } },
data: {
status: VacationStatus.REJECTED,
...(input.rejectionReason !== undefined ? { rejectionReason: input.rejectionReason } : {}),
},
});
for (const vacation of vacations) {
emitVacationUpdated({ id: vacation.id, resourceId: vacation.resourceId, status: VacationStatus.REJECTED });
notifyVacationStatusInBackground(
ctx.db,
vacation.id,
vacation.resourceId,
VacationStatus.REJECTED,
input.rejectionReason,
);
void createAuditEntry({
db: ctx.db,
entityType: "Vacation",
entityId: vacation.id,
entityName: `Vacation ${vacation.id}`,
action: "UPDATE",
...(userRecord?.id ? { userId: userRecord.id } : {}),
after: { status: VacationStatus.REJECTED, rejectionReason: input.rejectionReason } as unknown as Record<string, unknown>,
source: "ui",
summary: `Batch rejected vacation${input.rejectionReason ? `: ${input.rejectionReason}` : ""}`,
});
await completeVacationApprovalTasks(ctx.db, vacation.id, userRecord?.id);
}
return { rejected: vacations.length };
}),
cancel: protectedProcedure
.input(z.object({ id: z.string() }))
.mutation(async ({ ctx, input }) => {
const existing = await findUniqueOrThrow(
ctx.db.vacation.findUnique({ where: { id: input.id } }),
"Vacation",
);
if (existing.status === VacationStatus.CANCELLED) {
throw new TRPCError({ code: "BAD_REQUEST", message: "Already cancelled" });
}
const userRecord = await findVacationActor(ctx.db, ctx.session.user?.email);
if (!userRecord) {
throw new TRPCError({ code: "UNAUTHORIZED" });
}
const isManagerOrAdmin = userRecord.systemRole === "ADMIN" || userRecord.systemRole === "MANAGER";
if (!isManagerOrAdmin) {
if (existing.requestedById !== userRecord.id) {
const resource = await ctx.db.resource.findUnique({
where: { id: existing.resourceId },
select: { userId: true },
});
if (!resource || resource.userId !== userRecord.id) {
throw new TRPCError({
code: "FORBIDDEN",
message: "You can only cancel your own vacation requests",
});
}
}
}
const updated = await ctx.db.vacation.update({
where: { id: input.id },
data: { status: VacationStatus.CANCELLED },
});
emitVacationUpdated({ id: updated.id, resourceId: updated.resourceId, status: updated.status });
void createAuditEntry({
db: ctx.db,
entityType: "Vacation",
entityId: updated.id,
entityName: `Vacation ${updated.id}`,
action: "UPDATE",
userId: userRecord.id,
before: existing as unknown as Record<string, unknown>,
after: updated as unknown as Record<string, unknown>,
source: "ui",
summary: `Cancelled vacation (was ${existing.status})`,
});
return updated;
}),
getPendingApprovals: managerProcedure.query(async ({ ctx }) => {
return ctx.db.vacation.findMany({
where: { status: VacationStatus.PENDING },
include: {
resource: { select: { ...RESOURCE_BRIEF_SELECT, chapter: true } },
requestedBy: { select: { id: true, name: true, email: true } },
},
orderBy: { startDate: "asc" },
});
}),
batchCreatePublicHolidays: adminProcedure
.input(BatchCreatePublicHolidaysSchema)
.mutation(async ({ ctx, input }) => {
const adminUser = await ctx.db.user.findUnique({
where: { email: ctx.session.user?.email ?? "" },
select: { id: true },
});
if (!adminUser) {
throw new TRPCError({ code: "UNAUTHORIZED" });
}
const { created, holidays, resources } = await batchCreatePublicHolidayVacations(
ctx.db,
input,
adminUser.id,
);
void createAuditEntry({
db: ctx.db,
entityType: "Vacation",
entityId: `public-holidays-${input.year}`,
entityName: `Public Holidays ${input.year}${input.federalState ? ` (${input.federalState})` : ""}`,
action: "CREATE",
userId: adminUser.id,
after: { created, holidays, resources, year: input.year, federalState: input.federalState } as unknown as Record<string, unknown>,
source: "ui",
summary: `Batch created ${created} public holidays for ${resources} resources (${input.year})`,
});
return { created, holidays, resources };
}),
updateStatus: protectedProcedure
.input(UpdateVacationStatusSchema)
.mutation(async ({ ctx, input }) => {
const existing = await findUniqueOrThrow(
ctx.db.vacation.findUnique({ where: { id: input.id } }),
"Vacation",
);
const userRecord = await findVacationActor(ctx.db, ctx.session.user?.email);
if (!userRecord) {
throw new TRPCError({ code: "UNAUTHORIZED" });
}
const isManager = userRecord.systemRole === "ADMIN" || userRecord.systemRole === "MANAGER";
if (input.status !== "CANCELLED" && !isManager) {
throw new TRPCError({ code: "FORBIDDEN", message: "Manager role required to approve/reject" });
}
const data: Record<string, unknown> = { status: input.status };
if (input.status === "APPROVED") {
data.approvedById = userRecord.id;
data.approvedAt = new Date();
data.rejectionReason = null;
}
if (input.note !== undefined) {
data.note = input.note;
}
const updated = await ctx.db.vacation.update({
where: { id: input.id },
data,
});
emitVacationUpdated({ id: updated.id, resourceId: updated.resourceId, status: updated.status });
void createAuditEntry({
db: ctx.db,
entityType: "Vacation",
entityId: updated.id,
entityName: `Vacation ${updated.id}`,
action: "UPDATE",
userId: userRecord.id,
before: existing as unknown as Record<string, unknown>,
after: updated as unknown as Record<string, unknown>,
source: "ui",
summary: `Updated vacation status to ${input.status}`,
});
return updated;
}),
};
packages/api/src/router/vacation.ts
+9 -486
View File
@@ -1,32 +1,16 @@
import { UpdateVacationStatusSchema } from "@capakraken/shared";
import { VacationStatus, VacationType } from "@capakraken/db"; import { VacationStatus, VacationType } from "@capakraken/db";
import { TRPCError } from "@trpc/server"; import { TRPCError } from "@trpc/server";
import { z } from "zod"; import { z } from "zod";
import { findUniqueOrThrow } from "../db/helpers.js";
import { RESOURCE_BRIEF_SELECT } from "../db/selects.js"; import { RESOURCE_BRIEF_SELECT } from "../db/selects.js";
import { emitVacationCreated, emitVacationUpdated } from "../sse/event-bus.js"; import { emitVacationCreated } from "../sse/event-bus.js";
import { createTRPCRouter, adminProcedure, managerProcedure, protectedProcedure } from "../trpc.js"; import { createTRPCRouter, protectedProcedure } from "../trpc.js";
import { getAnonymizationDirectory } from "../lib/anonymization.js"; import { getAnonymizationDirectory } from "../lib/anonymization.js";
import { checkVacationConflicts, checkBatchVacationConflicts } from "../lib/vacation-conflicts.js";
import { createAuditEntry } from "../lib/audit.js"; import { createAuditEntry } from "../lib/audit.js";
import { import { resolveVacationCreationChargeability } from "./vacation-chargeability.js";
buildVacationApprovalWriteData, import { vacationManagementProcedures } from "./vacation-management-procedures.js";
resolveVacationCreationChargeability, import { VACATION_BALANCE_TYPES } from "../lib/vacation-deduction-snapshot.js";
assertVacationStillChargeable,
} from "./vacation-chargeability.js";
import {
batchCreatePublicHolidayVacations,
} from "./vacation-public-holidays.js";
import {
VACATION_BALANCE_TYPES,
} from "../lib/vacation-deduction-snapshot.js";
import { anonymizeVacationRecord, isSameUtcDay, vacationReadProcedures } from "./vacation-read.js"; import { anonymizeVacationRecord, isSameUtcDay, vacationReadProcedures } from "./vacation-read.js";
import { import { createVacationApprovalTasks } from "./vacation-side-effects.js";
completeVacationApprovalTasks,
createVacationApprovalTasks,
dispatchVacationWebhookInBackground,
notifyVacationStatusInBackground,
} from "./vacation-side-effects.js";
const CreateVacationRequestSchema = z.object({ const CreateVacationRequestSchema = z.object({
resourceId: z.string(), resourceId: z.string(),
@@ -72,13 +56,8 @@ const CreateVacationRequestSchema = z.object({
export const vacationRouter = createTRPCRouter({ export const vacationRouter = createTRPCRouter({
...vacationReadProcedures, ...vacationReadProcedures,
...vacationManagementProcedures,
/**
* Create a vacation request.
* - MANAGER/ADMIN → auto-approved
* - USER → PENDING
* Adds isHalfDay + halfDayPart support.
*/
create: protectedProcedure create: protectedProcedure
.input(CreateVacationRequestSchema) .input(CreateVacationRequestSchema)
.mutation(async ({ ctx, input }) => { .mutation(async ({ ctx, input }) => {
@@ -97,7 +76,6 @@ export const vacationRouter = createTRPCRouter({
throw new TRPCError({ code: "UNAUTHORIZED" }); throw new TRPCError({ code: "UNAUTHORIZED" });
} }
// Ownership check: USER role can only create vacations for their own resource
const isManager = userRecord.systemRole === "ADMIN" || userRecord.systemRole === "MANAGER"; const isManager = userRecord.systemRole === "ADMIN" || userRecord.systemRole === "MANAGER";
if (!isManager) { if (!isManager) {
const resource = await ctx.db.resource.findUnique({ const resource = await ctx.db.resource.findUnique({
@@ -112,7 +90,6 @@ export const vacationRouter = createTRPCRouter({
} }
} }
// Check for overlapping APPROVED or PENDING vacations
const overlapping = await ctx.db.vacation.findFirst({ const overlapping = await ctx.db.vacation.findFirst({
where: { where: {
resourceId: input.resourceId, resourceId: input.resourceId,
@@ -140,7 +117,6 @@ export const vacationRouter = createTRPCRouter({
}); });
const status = isManager ? VacationStatus.APPROVED : VacationStatus.PENDING; const status = isManager ? VacationStatus.APPROVED : VacationStatus.PENDING;
const vacation = await ctx.db.vacation.create({ const vacation = await ctx.db.vacation.create({
data: { data: {
resourceId: input.resourceId, resourceId: input.resourceId,
@@ -153,9 +129,7 @@ export const vacationRouter = createTRPCRouter({
...(input.halfDayPart !== undefined ? { halfDayPart: input.halfDayPart } : {}), ...(input.halfDayPart !== undefined ? { halfDayPart: input.halfDayPart } : {}),
...(deductionSnapshotWriteData ?? { deductedDays: 0 }), ...(deductionSnapshotWriteData ?? { deductedDays: 0 }),
requestedById: userRecord.id, requestedById: userRecord.id,
...(isManager ...(isManager ? { approvedById: userRecord.id, approvedAt: new Date() } : {}),
? { approvedById: userRecord.id, approvedAt: new Date() }
: {}),
}, },
include: { include: {
resource: { select: RESOURCE_BRIEF_SELECT }, resource: { select: RESOURCE_BRIEF_SELECT },
@@ -176,14 +150,12 @@ export const vacationRouter = createTRPCRouter({
source: "ui", source: "ui",
}); });
// Create approval tasks for managers when a non-manager submits a vacation request
if (status === VacationStatus.PENDING) { if (status === VacationStatus.PENDING) {
const resourceName = vacation.resource?.displayName ?? "Unknown";
await createVacationApprovalTasks({ await createVacationApprovalTasks({
db: ctx.db, db: ctx.db,
submittedByUserId: userRecord.id, submittedByUserId: userRecord.id,
vacationId: vacation.id, vacationId: vacation.id,
resourceName, resourceName: vacation.resource?.displayName ?? "Unknown",
vacationType: input.type, vacationType: input.type,
startDate: input.startDate, startDate: input.startDate,
endDate: input.endDate, endDate: input.endDate,
@@ -194,453 +166,4 @@ export const vacationRouter = createTRPCRouter({
const result = anonymizeVacationRecord(vacation, directory); const result = anonymizeVacationRecord(vacation, directory);
return effectiveDays === null ? result : { ...result, effectiveDays }; return effectiveDays === null ? result : { ...result, effectiveDays };
}), }),
/**
* Approve a vacation (manager/admin only).
*/
approve: managerProcedure
.input(z.object({ id: z.string() }))
.mutation(async ({ ctx, input }) => {
const existing = await findUniqueOrThrow(
ctx.db.vacation.findUnique({ where: { id: input.id } }),
"Vacation",
);
const approvableStatuses: string[] = [VacationStatus.PENDING, VacationStatus.CANCELLED, VacationStatus.REJECTED];
if (!approvableStatuses.includes(existing.status)) {
throw new TRPCError({ code: "BAD_REQUEST", message: "Only PENDING, CANCELLED, or REJECTED vacations can be approved" });
}
await assertVacationStillChargeable(ctx.db, {
resourceId: existing.resourceId,
type: existing.type,
startDate: existing.startDate,
endDate: existing.endDate,
isHalfDay: existing.isHalfDay,
});
const deductionSnapshotWriteData = await buildVacationApprovalWriteData(ctx.db, {
resourceId: existing.resourceId,
type: existing.type,
startDate: existing.startDate,
endDate: existing.endDate,
isHalfDay: existing.isHalfDay,
});
const userRecord = await ctx.db.user.findUnique({
where: { email: ctx.session.user?.email ?? "" },
select: { id: true },
});
// Check for team conflicts before approving (non-blocking)
// eslint-disable-next-line @typescript-eslint/no-explicit-any
const conflictResult = await checkVacationConflicts(ctx.db as any, input.id, userRecord?.id);
const updated = await ctx.db.vacation.update({
where: { id: input.id },
data: {
status: VacationStatus.APPROVED,
rejectionReason: null,
...deductionSnapshotWriteData,
...(userRecord?.id ? { approvedById: userRecord.id } : {}),
approvedAt: new Date(),
},
});
emitVacationUpdated({ id: updated.id, resourceId: updated.resourceId, status: updated.status });
void createAuditEntry({
db: ctx.db,
entityType: "Vacation",
entityId: updated.id,
entityName: `Vacation ${updated.id}`,
action: "UPDATE",
...(userRecord?.id ? { userId: userRecord.id } : {}),
before: existing as unknown as Record<string, unknown>,
after: updated as unknown as Record<string, unknown>,
source: "ui",
summary: `Approved vacation (was ${existing.status})`,
});
dispatchVacationWebhookInBackground(ctx.db, "vacation.approved", {
id: updated.id,
resourceId: updated.resourceId,
startDate: updated.startDate.toISOString(),
endDate: updated.endDate.toISOString(),
});
// Mark approval tasks as DONE
await completeVacationApprovalTasks(ctx.db, input.id, userRecord?.id);
if (existing.status === VacationStatus.PENDING) {
notifyVacationStatusInBackground(ctx.db, updated.id, updated.resourceId, VacationStatus.APPROVED);
}
return { ...updated, warnings: conflictResult.warnings };
}),
/**
* Reject a vacation (manager/admin only).
*/
reject: managerProcedure
.input(z.object({ id: z.string(), rejectionReason: z.string().max(500).optional() }))
.mutation(async ({ ctx, input }) => {
const existing = await findUniqueOrThrow(
ctx.db.vacation.findUnique({ where: { id: input.id } }),
"Vacation",
);
if (existing.status !== VacationStatus.PENDING) {
throw new TRPCError({ code: "BAD_REQUEST", message: "Only PENDING vacations can be rejected" });
}
const updated = await ctx.db.vacation.update({
where: { id: input.id },
data: {
status: VacationStatus.REJECTED,
...(input.rejectionReason !== undefined ? { rejectionReason: input.rejectionReason } : {}),
},
});
emitVacationUpdated({ id: updated.id, resourceId: updated.resourceId, status: updated.status });
// Mark approval tasks as DONE
const userRecord = await ctx.db.user.findUnique({
where: { email: ctx.session.user?.email ?? "" },
select: { id: true },
});
await completeVacationApprovalTasks(ctx.db, input.id, userRecord?.id);
void createAuditEntry({
db: ctx.db,
entityType: "Vacation",
entityId: updated.id,
entityName: `Vacation ${updated.id}`,
action: "UPDATE",
...(userRecord?.id ? { userId: userRecord.id } : {}),
before: existing as unknown as Record<string, unknown>,
after: updated as unknown as Record<string, unknown>,
source: "ui",
summary: `Rejected vacation${input.rejectionReason ? `: ${input.rejectionReason}` : ""}`,
});
notifyVacationStatusInBackground(
ctx.db,
updated.id,
updated.resourceId,
VacationStatus.REJECTED,
input.rejectionReason,
);
return updated;
}),
/**
* Batch approve multiple pending vacations (manager/admin only).
*/
batchApprove: managerProcedure
.input(z.object({ ids: z.array(z.string()).min(1).max(100) }))
.mutation(async ({ ctx, input }) => {
const userRecord = await ctx.db.user.findUnique({
where: { email: ctx.session.user?.email ?? "" },
select: { id: true },
});
const vacations = await ctx.db.vacation.findMany({
where: { id: { in: input.ids }, status: VacationStatus.PENDING },
select: {
id: true,
resourceId: true,
type: true,
startDate: true,
endDate: true,
isHalfDay: true,
},
});
for (const vacation of vacations) {
await assertVacationStillChargeable(ctx.db, vacation);
}
// Check for team conflicts before approving (non-blocking)
const conflictMap = await checkBatchVacationConflicts(
// eslint-disable-next-line @typescript-eslint/no-explicit-any
ctx.db as any,
vacations.map((v) => v.id),
userRecord?.id,
);
for (const v of vacations) {
const deductionSnapshotWriteData = await buildVacationApprovalWriteData(ctx.db, {
resourceId: v.resourceId,
type: v.type,
startDate: v.startDate,
endDate: v.endDate,
isHalfDay: v.isHalfDay,
});
const updated = await ctx.db.vacation.update({
where: { id: v.id },
data: {
status: VacationStatus.APPROVED,
rejectionReason: null,
...deductionSnapshotWriteData,
...(userRecord?.id ? { approvedById: userRecord.id } : {}),
approvedAt: new Date(),
},
});
emitVacationUpdated({ id: updated.id, resourceId: updated.resourceId, status: updated.status });
notifyVacationStatusInBackground(ctx.db, updated.id, updated.resourceId, VacationStatus.APPROVED);
void createAuditEntry({
db: ctx.db,
entityType: "Vacation",
entityId: updated.id,
entityName: `Vacation ${updated.id}`,
action: "UPDATE",
...(userRecord?.id ? { userId: userRecord.id } : {}),
after: updated as unknown as Record<string, unknown>,
source: "ui",
summary: "Batch approved vacation",
});
// Mark approval tasks as DONE
await completeVacationApprovalTasks(ctx.db, updated.id, userRecord?.id);
}
// Flatten all warnings into a single array
const warnings: string[] = [];
for (const [, w] of conflictMap) {
warnings.push(...w);
}
return { approved: vacations.length, warnings };
}),
/**
* Batch reject multiple pending vacations (manager/admin only).
*/
batchReject: managerProcedure
.input(
z.object({
ids: z.array(z.string()).min(1).max(100),
rejectionReason: z.string().max(500).optional(),
}),
)
.mutation(async ({ ctx, input }) => {
const userRecord = await ctx.db.user.findUnique({
where: { email: ctx.session.user?.email ?? "" },
select: { id: true },
});
const vacations = await ctx.db.vacation.findMany({
where: { id: { in: input.ids }, status: VacationStatus.PENDING },
select: { id: true, resourceId: true },
});
await ctx.db.vacation.updateMany({
where: { id: { in: vacations.map((v) => v.id) } },
data: {
status: VacationStatus.REJECTED,
...(input.rejectionReason !== undefined ? { rejectionReason: input.rejectionReason } : {}),
},
});
for (const v of vacations) {
emitVacationUpdated({ id: v.id, resourceId: v.resourceId, status: VacationStatus.REJECTED });
notifyVacationStatusInBackground(
ctx.db,
v.id,
v.resourceId,
VacationStatus.REJECTED,
input.rejectionReason,
);
void createAuditEntry({
db: ctx.db,
entityType: "Vacation",
entityId: v.id,
entityName: `Vacation ${v.id}`,
action: "UPDATE",
...(userRecord?.id ? { userId: userRecord.id } : {}),
after: { status: VacationStatus.REJECTED, rejectionReason: input.rejectionReason } as unknown as Record<string, unknown>,
source: "ui",
summary: `Batch rejected vacation${input.rejectionReason ? `: ${input.rejectionReason}` : ""}`,
});
// Mark approval tasks as DONE
await completeVacationApprovalTasks(ctx.db, v.id, userRecord?.id);
}
return { rejected: vacations.length };
}),
/**
* Cancel a vacation (owner or manager).
*/
cancel: protectedProcedure
.input(z.object({ id: z.string() }))
.mutation(async ({ ctx, input }) => {
const existing = await findUniqueOrThrow(
ctx.db.vacation.findUnique({ where: { id: input.id } }),
"Vacation",
);
if (existing.status === VacationStatus.CANCELLED) {
throw new TRPCError({ code: "BAD_REQUEST", message: "Already cancelled" });
}
// Ownership check: USER can only cancel their own vacations
const userRecord = await ctx.db.user.findUnique({
where: { email: ctx.session.user?.email ?? "" },
select: { id: true, systemRole: true },
});
if (!userRecord) {
throw new TRPCError({ code: "UNAUTHORIZED" });
}
const isManagerOrAdmin = userRecord.systemRole === "ADMIN" || userRecord.systemRole === "MANAGER";
if (!isManagerOrAdmin) {
if (existing.requestedById !== userRecord.id) {
const resource = await ctx.db.resource.findUnique({
where: { id: existing.resourceId },
select: { userId: true },
});
if (!resource || resource.userId !== userRecord.id) {
throw new TRPCError({
code: "FORBIDDEN",
message: "You can only cancel your own vacation requests",
});
}
}
}
const updated = await ctx.db.vacation.update({
where: { id: input.id },
data: { status: VacationStatus.CANCELLED },
});
emitVacationUpdated({ id: updated.id, resourceId: updated.resourceId, status: updated.status });
void createAuditEntry({
db: ctx.db,
entityType: "Vacation",
entityId: updated.id,
entityName: `Vacation ${updated.id}`,
action: "UPDATE",
userId: userRecord.id,
before: existing as unknown as Record<string, unknown>,
after: updated as unknown as Record<string, unknown>,
source: "ui",
summary: `Cancelled vacation (was ${existing.status})`,
});
return updated;
}),
/**
* Get all PENDING vacations awaiting approval (manager/admin only).
*/
getPendingApprovals: managerProcedure.query(async ({ ctx }) => {
return ctx.db.vacation.findMany({
where: { status: VacationStatus.PENDING },
include: {
resource: { select: { ...RESOURCE_BRIEF_SELECT, chapter: true } },
requestedBy: { select: { id: true, name: true, email: true } },
},
orderBy: { startDate: "asc" },
});
}),
/**
* Batch-create public holidays for all resources (or a chapter) for a given year+state.
* Admin-only. Creates as APPROVED automatically.
*/
batchCreatePublicHolidays: adminProcedure
.input(
z.object({
year: z.number().int().min(2000).max(2100),
federalState: z.string().optional(), // e.g. "BY"
chapter: z.string().optional(), // filter to a chapter
replaceExisting: z.boolean().default(false),
}),
)
.mutation(async ({ ctx, input }) => {
const adminUser = await ctx.db.user.findUnique({
where: { email: ctx.session.user?.email ?? "" },
select: { id: true },
});
if (!adminUser) throw new TRPCError({ code: "UNAUTHORIZED" });
const { created, holidays: holidayCount, resources } = await batchCreatePublicHolidayVacations(
ctx.db,
input,
adminUser.id,
);
void createAuditEntry({
db: ctx.db,
entityType: "Vacation",
entityId: `public-holidays-${input.year}`,
entityName: `Public Holidays ${input.year}${input.federalState ? ` (${input.federalState})` : ""}`,
action: "CREATE",
userId: adminUser.id,
after: { created, holidays: holidayCount, resources, year: input.year, federalState: input.federalState } as unknown as Record<string, unknown>,
source: "ui",
summary: `Batch created ${created} public holidays for ${resources} resources (${input.year})`,
});
return { created, holidays: holidayCount, resources };
}),
/**
* Update vacation status (approve/reject/cancel via schema).
*/
updateStatus: protectedProcedure
.input(UpdateVacationStatusSchema)
.mutation(async ({ ctx, input }) => {
const existing = await findUniqueOrThrow(
ctx.db.vacation.findUnique({ where: { id: input.id } }),
"Vacation",
);
const userRecord = await ctx.db.user.findUnique({
where: { email: ctx.session.user?.email ?? "" },
select: { id: true, systemRole: true },
});
if (!userRecord) throw new TRPCError({ code: "UNAUTHORIZED" });
const isManager = userRecord.systemRole === "ADMIN" || userRecord.systemRole === "MANAGER";
if (input.status !== "CANCELLED" && !isManager) {
throw new TRPCError({ code: "FORBIDDEN", message: "Manager role required to approve/reject" });
}
const data: Record<string, unknown> = { status: input.status };
if (input.status === "APPROVED") {
data.approvedById = userRecord.id;
data.approvedAt = new Date();
data.rejectionReason = null;
}
if (input.note !== undefined) {
data.note = input.note;
}
const updated = await ctx.db.vacation.update({
where: { id: input.id },
data,
});
emitVacationUpdated({ id: updated.id, resourceId: updated.resourceId, status: updated.status });
void createAuditEntry({
db: ctx.db,
entityType: "Vacation",
entityId: updated.id,
entityName: `Vacation ${updated.id}`,
action: "UPDATE",
userId: userRecord.id,
before: existing as unknown as Record<string, unknown>,
after: updated as unknown as Record<string, unknown>,
source: "ui",
summary: `Updated vacation status to ${input.status}`,
});
return updated;
}),
}); });