Hartmut/CapaKraken
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
a50ca09333402647fa34419ae24501d0d0b9ed5f
CapaKraken/packages/api/src/router/vacation.ts
T

1235 lines
41 KiB
TypeScript
Raw Blame History

import { UpdateVacationStatusSchema, buildTaskAction } from "@capakraken/shared";
import { VacationStatus, VacationType } from "@capakraken/db";
import { TRPCError } from "@trpc/server";
import { z } from "zod";
import { findUniqueOrThrow } from "../db/helpers.js";
import { RESOURCE_BRIEF_SELECT } from "../db/selects.js";
import { emitVacationCreated, emitVacationUpdated, emitTaskAssigned } from "../sse/event-bus.js";
import { createNotification } from "../lib/create-notification.js";
import { createTRPCRouter, adminProcedure, managerProcedure, protectedProcedure } from "../trpc.js";
import { sendEmail } from "../lib/email.js";
import { anonymizeResource, anonymizeUser, getAnonymizationDirectory } from "../lib/anonymization.js";
import { checkVacationConflicts, checkBatchVacationConflicts } from "../lib/vacation-conflicts.js";
import { dispatchWebhooks } from "../lib/webhook-dispatcher.js";
import { createAuditEntry } from "../lib/audit.js";
import { asHolidayResolverDb, getResolvedCalendarHolidays } from "../lib/holiday-availability.js";
import { countCalendarDaysInPeriod, countVacationChargeableDays } from "../lib/vacation-day-count.js";
import { loadResourceHolidayContext } from "../lib/resource-holiday-context.js";
import { logger } from "../lib/logger.js";
import type { TRPCContext } from "../trpc.js";
/** Types that consume from annual leave balance */
const BALANCE_TYPES = new Set<VacationType>([VacationType.ANNUAL, VacationType.OTHER]);
type VacationReadContext = Pick<TRPCContext, "db" | "dbUser">;
function canManageVacationReads(ctx: { dbUser: { systemRole: string } | null }): boolean {
const role = ctx.dbUser?.systemRole;
return role === "ADMIN" || role === "MANAGER";
}
function runVacationBackgroundEffect(
effectName: string,
execute: () => unknown,
metadata: Record<string, unknown> = {},
): void {
void Promise.resolve()
.then(execute)
.catch((error) => {
logger.error(
{ err: error, effectName, ...metadata },
"Vacation background side effect failed",
);
});
}
function notifyVacationStatusInBackground(
db: Parameters<Parameters<typeof protectedProcedure["query"]>[0]>[0]["ctx"]["db"],
vacationId: string,
resourceId: string,
newStatus: VacationStatus,
rejectionReason?: string | null,
): void {
runVacationBackgroundEffect(
"notifyVacationStatus",
() => notifyVacationStatus(db, vacationId, resourceId, newStatus, rejectionReason),
{ vacationId, resourceId, newStatus },
);
}
function dispatchVacationWebhookInBackground(
db: Parameters<Parameters<typeof protectedProcedure["query"]>[0]>[0]["ctx"]["db"],
event: string,
payload: Record<string, unknown>,
): void {
runVacationBackgroundEffect(
"dispatchWebhooks",
() => dispatchWebhooks(db, event, payload),
{ event },
);
}
async function findOwnedResourceId(
ctx: VacationReadContext,
): Promise<string | null> {
if (!ctx.dbUser?.id) {
return null;
}
if (!ctx.db.resource || typeof ctx.db.resource.findFirst !== "function") {
return null;
}
const resource = await ctx.db.resource.findFirst({
where: { userId: ctx.dbUser.id },
select: { id: true },
});
return resource?.id ?? null;
}
async function assertCanReadVacationResource(
ctx: VacationReadContext,
resourceId: string,
): Promise<void> {
if (canManageVacationReads(ctx)) {
return;
}
const ownedResourceId = await findOwnedResourceId(ctx);
if (!ownedResourceId || ownedResourceId !== resourceId) {
throw new TRPCError({
code: "FORBIDDEN",
message: "You can only view vacation data for your own resource",
});
}
}
function isSameUtcDay(left: Date, right: Date): boolean {
return left.toISOString().slice(0, 10) === right.toISOString().slice(0, 10);
}
function mapTeamOverlapDetail(params: {
resource: { displayName: string; chapter: string | null };
startDate: Date;
endDate: Date;
overlaps: Array<{
type: VacationType;
status: VacationStatus;
startDate: Date;
endDate: Date;
resource: { displayName: string };
}>;
}) {
return {
resource: params.resource.displayName,
chapter: params.resource.chapter,
period: `${params.startDate.toISOString().slice(0, 10)} to ${params.endDate.toISOString().slice(0, 10)}`,
overlappingVacations: params.overlaps.map((vacation) => ({
resource: vacation.resource.displayName,
type: vacation.type,
status: vacation.status,
start: vacation.startDate.toISOString().slice(0, 10),
end: vacation.endDate.toISOString().slice(0, 10),
})),
overlapCount: params.overlaps.length,
};
}
const PreviewVacationRequestSchema = z.object({
resourceId: z.string(),
type: z.nativeEnum(VacationType),
startDate: z.coerce.date(),
endDate: z.coerce.date(),
isHalfDay: z.boolean().optional(),
}).superRefine((data, ctx) => {
if (data.endDate < data.startDate) {
ctx.addIssue({
code: z.ZodIssueCode.custom,
message: "End date must be after start date",
path: ["endDate"],
});
}
if (data.isHalfDay && !isSameUtcDay(data.startDate, data.endDate)) {
ctx.addIssue({
code: z.ZodIssueCode.custom,
message: "Half-day requests must start and end on the same day",
path: ["isHalfDay"],
});
}
});
const CreateVacationRequestSchema = z.object({
resourceId: z.string(),
type: z.nativeEnum(VacationType),
startDate: z.coerce.date(),
endDate: z.coerce.date(),
note: z.string().max(500).optional(),
isHalfDay: z.boolean().optional(),
halfDayPart: z.enum(["MORNING", "AFTERNOON"]).optional(),
}).superRefine((data, ctx) => {
if (data.endDate < data.startDate) {
ctx.addIssue({
code: z.ZodIssueCode.custom,
message: "End date must be after start date",
path: ["endDate"],
});
}
if (data.isHalfDay && !isSameUtcDay(data.startDate, data.endDate)) {
ctx.addIssue({
code: z.ZodIssueCode.custom,
message: "Half-day requests must start and end on the same day",
path: ["isHalfDay"],
});
}
if (data.isHalfDay && !data.halfDayPart) {
ctx.addIssue({
code: z.ZodIssueCode.custom,
message: "Half-day requests require a half-day part",
path: ["halfDayPart"],
});
}
if (!data.isHalfDay && data.halfDayPart) {
ctx.addIssue({
code: z.ZodIssueCode.custom,
message: "Half-day part is only allowed for half-day requests",
path: ["halfDayPart"],
});
}
});
function anonymizeVacationRecord<T extends {
resource?: { id: string } | null;
requestedBy?: { id?: string | null; name?: string | null; email?: string | null } | null;
approvedBy?: { id?: string | null; name?: string | null; email?: string | null } | null;
}>(
vacation: T,
directory: Awaited<ReturnType<typeof getAnonymizationDirectory>>,
): T {
return {
...vacation,
...(vacation.resource ? { resource: anonymizeResource(vacation.resource, directory) } : {}),
...(vacation.requestedBy ? { requestedBy: anonymizeUser(vacation.requestedBy, directory) } : {}),
...(vacation.approvedBy ? { approvedBy: anonymizeUser(vacation.approvedBy, directory) } : {}),
};
}
/** Send in-app notification + optional email when vacation status changes */
async function notifyVacationStatus(
db: Parameters<Parameters<typeof protectedProcedure["query"]>[0]>[0]["ctx"]["db"],
vacationId: string,
resourceId: string,
newStatus: VacationStatus,
rejectionReason?: string | null,
) {
// Find the resource's linked user
const resource = await db.resource.findUnique({
where: { id: resourceId },
select: {
displayName: true,
user: { select: { id: true, email: true, name: true } },
},
});
if (!resource?.user) return;
const statusLabel = newStatus === VacationStatus.APPROVED ? "approved" : "rejected";
const title = `Vacation request ${statusLabel}`;
const body = rejectionReason
? `Your vacation request was ${statusLabel}. Reason: ${rejectionReason}`
: `Your vacation request has been ${statusLabel}.`;
// In-app notification
await createNotification({
db,
userId: resource.user.id,
type: `VACATION_${newStatus}`,
title,
body,
entityId: vacationId,
entityType: "vacation",
});
// Email (non-blocking)
if (resource.user.email) {
void sendEmail({
to: resource.user.email,
subject: `CapaKraken — ${title}`,
text: body,
});
}
}
export const vacationRouter = createTRPCRouter({
previewRequest: protectedProcedure
.input(PreviewVacationRequestSchema)
.query(async ({ ctx, input }) => {
const holidayContext = await loadResourceHolidayContext(
ctx.db,
input.resourceId,
input.startDate,
input.endDate,
);
const vacation = {
startDate: input.startDate,
endDate: input.endDate,
isHalfDay: input.isHalfDay ?? false,
};
const requestedDays = countCalendarDaysInPeriod(vacation);
const effectiveDays = BALANCE_TYPES.has(input.type)
? countVacationChargeableDays({
vacation,
countryCode: holidayContext.countryCode,
federalState: holidayContext.federalState,
metroCityName: holidayContext.metroCityName,
calendarHolidayStrings: holidayContext.calendarHolidayStrings,
publicHolidayStrings: holidayContext.publicHolidayStrings,
})
: requestedDays;
const publicHolidayDates = [...new Set([
...holidayContext.calendarHolidayStrings,
...holidayContext.publicHolidayStrings,
])].sort();
const holidayDetails = publicHolidayDates.map((date) => ({
date,
source:
holidayContext.calendarHolidayStrings.includes(date) && holidayContext.publicHolidayStrings.includes(date)
? "CALENDAR_AND_LEGACY"
: holidayContext.calendarHolidayStrings.includes(date)
? "CALENDAR"
: "LEGACY_PUBLIC_HOLIDAY",
}));
return {
requestedDays,
effectiveDays,
deductedDays: BALANCE_TYPES.has(input.type) ? effectiveDays : 0,
publicHolidayDates,
holidayDetails,
holidayContext: {
countryCode: holidayContext.countryCode ?? null,
countryName: holidayContext.countryName ?? null,
federalState: holidayContext.federalState ?? null,
metroCityName: holidayContext.metroCityName ?? null,
sources: {
hasCalendarHolidays: holidayContext.calendarHolidayStrings.length > 0,
hasLegacyPublicHolidayEntries: holidayContext.publicHolidayStrings.length > 0,
},
},
};
}),
/**
* List vacations with optional filters.
*/
list: protectedProcedure
.input(
z.object({
resourceId: z.string().optional(),
status: z.union([z.nativeEnum(VacationStatus), z.array(z.nativeEnum(VacationStatus))]).optional(),
type: z.nativeEnum(VacationType).optional(),
startDate: z.coerce.date().optional(),
endDate: z.coerce.date().optional(),
limit: z.number().min(1).max(500).default(100),
}),
)
.query(async ({ ctx, input }) => {
let resourceIdFilter = input.resourceId;
if (!canManageVacationReads(ctx)) {
const ownedResourceId = await findOwnedResourceId(ctx);
if (input.resourceId && input.resourceId !== ownedResourceId) {
throw new TRPCError({
code: "FORBIDDEN",
message: "You can only view vacation data for your own resource",
});
}
if (!ownedResourceId) {
return [];
}
resourceIdFilter = ownedResourceId;
}
const vacations = await ctx.db.vacation.findMany({
where: {
...(resourceIdFilter ? { resourceId: resourceIdFilter } : {}),
...(input.status ? { status: Array.isArray(input.status) ? { in: input.status } : input.status } : {}),
...(input.type ? { type: input.type } : {}),
...(input.startDate ? { endDate: { gte: input.startDate } } : {}),
...(input.endDate ? { startDate: { lte: input.endDate } } : {}),
},
include: {
resource: { select: RESOURCE_BRIEF_SELECT },
requestedBy: { select: { id: true, name: true, email: true } },
approvedBy: { select: { id: true, name: true, email: true } },
},
orderBy: { startDate: "asc" },
take: input.limit,
});
const directory = await getAnonymizationDirectory(ctx.db);
return vacations.map((vacation) => anonymizeVacationRecord(vacation, directory));
}),
/**
* Get a single vacation by ID.
*/
getById: protectedProcedure
.input(z.object({ id: z.string() }))
.query(async ({ ctx, input }) => {
const vacation = await findUniqueOrThrow(
ctx.db.vacation.findUnique({
where: { id: input.id },
include: {
resource: { select: { ...RESOURCE_BRIEF_SELECT, userId: true } },
requestedBy: { select: { id: true, name: true, email: true } },
approvedBy: { select: { id: true, name: true, email: true } },
},
}),
"Vacation",
);
if (!canManageVacationReads(ctx)) {
const isOwnVacation = vacation.resource?.userId === ctx.dbUser?.id || vacation.requestedById === ctx.dbUser?.id;
if (!isOwnVacation) {
throw new TRPCError({
code: "FORBIDDEN",
message: "You can only view your own vacation data",
});
}
}
const directory = await getAnonymizationDirectory(ctx.db);
const anonymized = anonymizeVacationRecord(vacation, directory);
return {
...anonymized,
resource: anonymized.resource
? {
id: anonymized.resource.id,
displayName: anonymized.resource.displayName,
eid: anonymized.resource.eid,
lcrCents: anonymized.resource.lcrCents,
chapter: anonymized.resource.chapter,
}
: null,
};
}),
/**
* Create a vacation request.
* - MANAGER/ADMIN → auto-approved
* - USER → PENDING
* Adds isHalfDay + halfDayPart support.
*/
create: protectedProcedure
.input(CreateVacationRequestSchema)
.mutation(async ({ ctx, input }) => {
if (input.type === VacationType.PUBLIC_HOLIDAY) {
throw new TRPCError({
code: "BAD_REQUEST",
message: "Public holidays must be managed via Holiday Calendars or the legacy holiday import, not via manual vacation requests",
});
}
const userRecord = await ctx.db.user.findUnique({
where: { email: ctx.session.user?.email ?? "" },
select: { id: true, systemRole: true },
});
if (!userRecord) {
throw new TRPCError({ code: "UNAUTHORIZED" });
}
// Ownership check: USER role can only create vacations for their own resource
const isManager = userRecord.systemRole === "ADMIN" || userRecord.systemRole === "MANAGER";
if (!isManager) {
const resource = await ctx.db.resource.findUnique({
where: { id: input.resourceId },
select: { userId: true },
});
if (!resource || resource.userId !== userRecord.id) {
throw new TRPCError({
code: "FORBIDDEN",
message: "You can only create vacation requests for your own resource",
});
}
}
// Check for overlapping APPROVED or PENDING vacations
const overlapping = await ctx.db.vacation.findFirst({
where: {
resourceId: input.resourceId,
status: { in: ["APPROVED", "PENDING"] },
startDate: { lte: input.endDate },
endDate: { gte: input.startDate },
...(BALANCE_TYPES.has(input.type)
? { type: { not: VacationType.PUBLIC_HOLIDAY } }
: {}),
},
});
if (overlapping) {
throw new TRPCError({
code: "BAD_REQUEST",
message: "Overlapping vacation already exists for this resource in the selected period",
});
}
let effectiveDays: number | null = null;
if (BALANCE_TYPES.has(input.type)) {
const holidayContext = await loadResourceHolidayContext(
ctx.db,
input.resourceId,
input.startDate,
input.endDate,
);
effectiveDays = countVacationChargeableDays({
vacation: {
startDate: input.startDate,
endDate: input.endDate,
isHalfDay: input.isHalfDay ?? false,
},
countryCode: holidayContext.countryCode,
federalState: holidayContext.federalState,
metroCityName: holidayContext.metroCityName,
calendarHolidayStrings: holidayContext.calendarHolidayStrings,
publicHolidayStrings: holidayContext.publicHolidayStrings,
});
if (effectiveDays <= 0) {
throw new TRPCError({
code: "BAD_REQUEST",
message: "Selected vacation period only contains public holidays and does not deduct any vacation days",
});
}
}
const status = isManager ? VacationStatus.APPROVED : VacationStatus.PENDING;
const vacation = await ctx.db.vacation.create({
data: {
resourceId: input.resourceId,
type: input.type,
status,
startDate: input.startDate,
endDate: input.endDate,
...(input.note !== undefined ? { note: input.note } : {}),
isHalfDay: input.isHalfDay ?? false,
...(input.halfDayPart !== undefined ? { halfDayPart: input.halfDayPart } : {}),
requestedById: userRecord.id,
...(isManager
? { approvedById: userRecord.id, approvedAt: new Date() }
: {}),
},
include: {
resource: { select: RESOURCE_BRIEF_SELECT },
requestedBy: { select: { id: true, name: true, email: true } },
},
});
emitVacationCreated({ id: vacation.id, resourceId: vacation.resourceId, status: vacation.status });
void createAuditEntry({
db: ctx.db,
entityType: "Vacation",
entityId: vacation.id,
entityName: `${vacation.resource?.displayName ?? "Unknown"} - ${vacation.type}`,
action: "CREATE",
userId: userRecord.id,
after: vacation as unknown as Record<string, unknown>,
source: "ui",
});
// Create approval tasks for managers when a non-manager submits a vacation request
if (status === VacationStatus.PENDING) {
const resourceName = vacation.resource?.displayName ?? "Unknown";
const startStr = input.startDate.toISOString().slice(0, 10);
const endStr = input.endDate.toISOString().slice(0, 10);
const managers = await ctx.db.user.findMany({
where: { systemRole: { in: ["ADMIN", "MANAGER"] } },
select: { id: true },
});
for (const manager of managers) {
if (manager.id === userRecord.id) continue;
const taskId = await createNotification({
db: ctx.db,
userId: manager.id,
category: "APPROVAL",
type: "VACATION_APPROVAL",
priority: "NORMAL",
title: `Vacation approval: ${resourceName}`,
body: `${resourceName} requests ${input.type} from ${startStr} to ${endStr}`,
taskStatus: "OPEN",
taskAction: buildTaskAction("approve_vacation", vacation.id),
entityId: vacation.id,
entityType: "vacation",
link: "/vacations",
senderId: userRecord.id,
channel: "in_app",
});
emitTaskAssigned(manager.id, taskId);
}
}
const directory = await getAnonymizationDirectory(ctx.db);
const result = anonymizeVacationRecord(vacation, directory);
return effectiveDays === null ? result : { ...result, effectiveDays };
}),
/**
* Approve a vacation (manager/admin only).
*/
approve: managerProcedure
.input(z.object({ id: z.string() }))
.mutation(async ({ ctx, input }) => {
const existing = await findUniqueOrThrow(
ctx.db.vacation.findUnique({ where: { id: input.id } }),
"Vacation",
);
const approvableStatuses: string[] = [VacationStatus.PENDING, VacationStatus.CANCELLED, VacationStatus.REJECTED];
if (!approvableStatuses.includes(existing.status)) {
throw new TRPCError({ code: "BAD_REQUEST", message: "Only PENDING, CANCELLED, or REJECTED vacations can be approved" });
}
const userRecord = await ctx.db.user.findUnique({
where: { email: ctx.session.user?.email ?? "" },
select: { id: true },
});
// Check for team conflicts before approving (non-blocking)
// eslint-disable-next-line @typescript-eslint/no-explicit-any
const conflictResult = await checkVacationConflicts(ctx.db as any, input.id, userRecord?.id);
const updated = await ctx.db.vacation.update({
where: { id: input.id },
data: {
status: VacationStatus.APPROVED,
rejectionReason: null,
...(userRecord?.id ? { approvedById: userRecord.id } : {}),
approvedAt: new Date(),
},
});
emitVacationUpdated({ id: updated.id, resourceId: updated.resourceId, status: updated.status });
void createAuditEntry({
db: ctx.db,
entityType: "Vacation",
entityId: updated.id,
entityName: `Vacation ${updated.id}`,
action: "UPDATE",
...(userRecord?.id ? { userId: userRecord.id } : {}),
before: existing as unknown as Record<string, unknown>,
after: updated as unknown as Record<string, unknown>,
source: "ui",
summary: `Approved vacation (was ${existing.status})`,
});
dispatchVacationWebhookInBackground(ctx.db, "vacation.approved", {
id: updated.id,
resourceId: updated.resourceId,
startDate: updated.startDate.toISOString(),
endDate: updated.endDate.toISOString(),
});
// Mark approval tasks as DONE
await ctx.db.notification.updateMany({
where: {
taskAction: buildTaskAction("approve_vacation", input.id),
category: "APPROVAL",
taskStatus: "OPEN",
},
data: {
taskStatus: "DONE",
completedAt: new Date(),
...(userRecord?.id ? { completedBy: userRecord.id } : {}),
},
});
if (existing.status === VacationStatus.PENDING) {
notifyVacationStatusInBackground(ctx.db, updated.id, updated.resourceId, VacationStatus.APPROVED);
}
return { ...updated, warnings: conflictResult.warnings };
}),
/**
* Reject a vacation (manager/admin only).
*/
reject: managerProcedure
.input(z.object({ id: z.string(), rejectionReason: z.string().max(500).optional() }))
.mutation(async ({ ctx, input }) => {
const existing = await findUniqueOrThrow(
ctx.db.vacation.findUnique({ where: { id: input.id } }),
"Vacation",
);
if (existing.status !== VacationStatus.PENDING) {
throw new TRPCError({ code: "BAD_REQUEST", message: "Only PENDING vacations can be rejected" });
}
const updated = await ctx.db.vacation.update({
where: { id: input.id },
data: {
status: VacationStatus.REJECTED,
...(input.rejectionReason !== undefined ? { rejectionReason: input.rejectionReason } : {}),
},
});
emitVacationUpdated({ id: updated.id, resourceId: updated.resourceId, status: updated.status });
// Mark approval tasks as DONE
const userRecord = await ctx.db.user.findUnique({
where: { email: ctx.session.user?.email ?? "" },
select: { id: true },
});
await ctx.db.notification.updateMany({
where: {
taskAction: buildTaskAction("approve_vacation", input.id),
category: "APPROVAL",
taskStatus: "OPEN",
},
data: {
taskStatus: "DONE",
completedAt: new Date(),
...(userRecord?.id ? { completedBy: userRecord.id } : {}),
},
});
void createAuditEntry({
db: ctx.db,
entityType: "Vacation",
entityId: updated.id,
entityName: `Vacation ${updated.id}`,
action: "UPDATE",
...(userRecord?.id ? { userId: userRecord.id } : {}),
before: existing as unknown as Record<string, unknown>,
after: updated as unknown as Record<string, unknown>,
source: "ui",
summary: `Rejected vacation${input.rejectionReason ? `: ${input.rejectionReason}` : ""}`,
});
notifyVacationStatusInBackground(
ctx.db,
updated.id,
updated.resourceId,
VacationStatus.REJECTED,
input.rejectionReason,
);
return updated;
}),
/**
* Batch approve multiple pending vacations (manager/admin only).
*/
batchApprove: managerProcedure
.input(z.object({ ids: z.array(z.string()).min(1).max(100) }))
.mutation(async ({ ctx, input }) => {
const userRecord = await ctx.db.user.findUnique({
where: { email: ctx.session.user?.email ?? "" },
select: { id: true },
});
const vacations = await ctx.db.vacation.findMany({
where: { id: { in: input.ids }, status: VacationStatus.PENDING },
select: { id: true, resourceId: true },
});
// Check for team conflicts before approving (non-blocking)
const conflictMap = await checkBatchVacationConflicts(
// eslint-disable-next-line @typescript-eslint/no-explicit-any
ctx.db as any,
vacations.map((v) => v.id),
userRecord?.id,
);
await ctx.db.vacation.updateMany({
where: { id: { in: vacations.map((v) => v.id) } },
data: {
status: VacationStatus.APPROVED,
rejectionReason: null,
...(userRecord?.id ? { approvedById: userRecord.id } : {}),
approvedAt: new Date(),
},
});
for (const v of vacations) {
emitVacationUpdated({ id: v.id, resourceId: v.resourceId, status: VacationStatus.APPROVED });
notifyVacationStatusInBackground(ctx.db, v.id, v.resourceId, VacationStatus.APPROVED);
void createAuditEntry({
db: ctx.db,
entityType: "Vacation",
entityId: v.id,
entityName: `Vacation ${v.id}`,
action: "UPDATE",
...(userRecord?.id ? { userId: userRecord.id } : {}),
after: { status: VacationStatus.APPROVED } as unknown as Record<string, unknown>,
source: "ui",
summary: "Batch approved vacation",
});
// Mark approval tasks as DONE
await ctx.db.notification.updateMany({
where: {
taskAction: buildTaskAction("approve_vacation", v.id),
category: "APPROVAL",
taskStatus: "OPEN",
},
data: {
taskStatus: "DONE",
completedAt: new Date(),
...(userRecord?.id ? { completedBy: userRecord.id } : {}),
},
});
}
// Flatten all warnings into a single array
const warnings: string[] = [];
for (const [, w] of conflictMap) {
warnings.push(...w);
}
return { approved: vacations.length, warnings };
}),
/**
* Batch reject multiple pending vacations (manager/admin only).
*/
batchReject: managerProcedure
.input(
z.object({
ids: z.array(z.string()).min(1).max(100),
rejectionReason: z.string().max(500).optional(),
}),
)
.mutation(async ({ ctx, input }) => {
const userRecord = await ctx.db.user.findUnique({
where: { email: ctx.session.user?.email ?? "" },
select: { id: true },
});
const vacations = await ctx.db.vacation.findMany({
where: { id: { in: input.ids }, status: VacationStatus.PENDING },
select: { id: true, resourceId: true },
});
await ctx.db.vacation.updateMany({
where: { id: { in: vacations.map((v) => v.id) } },
data: {
status: VacationStatus.REJECTED,
...(input.rejectionReason !== undefined ? { rejectionReason: input.rejectionReason } : {}),
},
});
for (const v of vacations) {
emitVacationUpdated({ id: v.id, resourceId: v.resourceId, status: VacationStatus.REJECTED });
notifyVacationStatusInBackground(
ctx.db,
v.id,
v.resourceId,
VacationStatus.REJECTED,
input.rejectionReason,
);
void createAuditEntry({
db: ctx.db,
entityType: "Vacation",
entityId: v.id,
entityName: `Vacation ${v.id}`,
action: "UPDATE",
...(userRecord?.id ? { userId: userRecord.id } : {}),
after: { status: VacationStatus.REJECTED, rejectionReason: input.rejectionReason } as unknown as Record<string, unknown>,
source: "ui",
summary: `Batch rejected vacation${input.rejectionReason ? `: ${input.rejectionReason}` : ""}`,
});
// Mark approval tasks as DONE
await ctx.db.notification.updateMany({
where: {
taskAction: buildTaskAction("approve_vacation", v.id),
category: "APPROVAL",
taskStatus: "OPEN",
},
data: {
taskStatus: "DONE",
completedAt: new Date(),
...(userRecord?.id ? { completedBy: userRecord.id } : {}),
},
});
}
return { rejected: vacations.length };
}),
/**
* Cancel a vacation (owner or manager).
*/
cancel: protectedProcedure
.input(z.object({ id: z.string() }))
.mutation(async ({ ctx, input }) => {
const existing = await findUniqueOrThrow(
ctx.db.vacation.findUnique({ where: { id: input.id } }),
"Vacation",
);
if (existing.status === VacationStatus.CANCELLED) {
throw new TRPCError({ code: "BAD_REQUEST", message: "Already cancelled" });
}
// Ownership check: USER can only cancel their own vacations
const userRecord = await ctx.db.user.findUnique({
where: { email: ctx.session.user?.email ?? "" },
select: { id: true, systemRole: true },
});
if (!userRecord) {
throw new TRPCError({ code: "UNAUTHORIZED" });
}
const isManagerOrAdmin = userRecord.systemRole === "ADMIN" || userRecord.systemRole === "MANAGER";
if (!isManagerOrAdmin) {
if (existing.requestedById !== userRecord.id) {
const resource = await ctx.db.resource.findUnique({
where: { id: existing.resourceId },
select: { userId: true },
});
if (!resource || resource.userId !== userRecord.id) {
throw new TRPCError({
code: "FORBIDDEN",
message: "You can only cancel your own vacation requests",
});
}
}
}
const updated = await ctx.db.vacation.update({
where: { id: input.id },
data: { status: VacationStatus.CANCELLED },
});
emitVacationUpdated({ id: updated.id, resourceId: updated.resourceId, status: updated.status });
void createAuditEntry({
db: ctx.db,
entityType: "Vacation",
entityId: updated.id,
entityName: `Vacation ${updated.id}`,
action: "UPDATE",
userId: userRecord.id,
before: existing as unknown as Record<string, unknown>,
after: updated as unknown as Record<string, unknown>,
source: "ui",
summary: `Cancelled vacation (was ${existing.status})`,
});
return updated;
}),
/**
* Get all APPROVED vacations for a resource in a date range (used by calculator).
*/
getForResource: protectedProcedure
.input(
z.object({
resourceId: z.string(),
startDate: z.coerce.date(),
endDate: z.coerce.date(),
}),
)
.query(async ({ ctx, input }) => {
await assertCanReadVacationResource(ctx, input.resourceId);
return ctx.db.vacation.findMany({
where: {
resourceId: input.resourceId,
status: VacationStatus.APPROVED,
startDate: { lte: input.endDate },
endDate: { gte: input.startDate },
},
select: {
id: true,
startDate: true,
endDate: true,
type: true,
status: true,
},
orderBy: { startDate: "asc" },
});
}),
/**
* Get all PENDING vacations awaiting approval (manager/admin only).
*/
getPendingApprovals: managerProcedure.query(async ({ ctx }) => {
return ctx.db.vacation.findMany({
where: { status: VacationStatus.PENDING },
include: {
resource: { select: { ...RESOURCE_BRIEF_SELECT, chapter: true } },
requestedBy: { select: { id: true, name: true, email: true } },
},
orderBy: { startDate: "asc" },
});
}),
/**
* Get team overlap: other vacations in the same chapter for a given period.
* Used by the creation modal to warn the requester.
*/
getTeamOverlap: protectedProcedure
.input(
z.object({
resourceId: z.string(),
startDate: z.coerce.date(),
endDate: z.coerce.date(),
}),
)
.query(async ({ ctx, input }) => {
await assertCanReadVacationResource(ctx, input.resourceId);
// Find the chapter of the requesting resource
const resource = await ctx.db.resource.findUnique({
where: { id: input.resourceId },
select: { chapter: true },
});
if (!resource?.chapter) return [];
// Find team members in the same chapter who are off in this period
return ctx.db.vacation.findMany({
where: {
resource: { chapter: resource.chapter },
resourceId: { not: input.resourceId },
status: { in: [VacationStatus.APPROVED, VacationStatus.PENDING] },
startDate: { lte: input.endDate },
endDate: { gte: input.startDate },
},
include: {
resource: { select: RESOURCE_BRIEF_SELECT },
},
orderBy: { startDate: "asc" },
take: 20,
});
}),
getTeamOverlapDetail: protectedProcedure
.input(
z.object({
resourceId: z.string(),
startDate: z.coerce.date(),
endDate: z.coerce.date(),
}),
)
.query(async ({ ctx, input }) => {
await assertCanReadVacationResource(ctx, input.resourceId);
const resource = await ctx.db.resource.findUnique({
where: { id: input.resourceId },
select: { displayName: true, chapter: true },
});
if (!resource) {
throw new TRPCError({
code: "NOT_FOUND",
message: "Resource not found",
});
}
if (!resource.chapter) {
return mapTeamOverlapDetail({
resource,
startDate: input.startDate,
endDate: input.endDate,
overlaps: [],
});
}
const overlaps = await ctx.db.vacation.findMany({
where: {
resource: { chapter: resource.chapter },
resourceId: { not: input.resourceId },
status: { in: [VacationStatus.APPROVED, VacationStatus.PENDING] },
startDate: { lte: input.endDate },
endDate: { gte: input.startDate },
},
include: {
resource: { select: RESOURCE_BRIEF_SELECT },
},
orderBy: { startDate: "asc" },
take: 20,
});
return mapTeamOverlapDetail({
resource,
startDate: input.startDate,
endDate: input.endDate,
overlaps,
});
}),
/**
* Batch-create public holidays for all resources (or a chapter) for a given year+state.
* Admin-only. Creates as APPROVED automatically.
*/
batchCreatePublicHolidays: adminProcedure
.input(
z.object({
year: z.number().int().min(2000).max(2100),
federalState: z.string().optional(), // e.g. "BY"
chapter: z.string().optional(), // filter to a chapter
replaceExisting: z.boolean().default(false),
}),
)
.mutation(async ({ ctx, input }) => {
const resources = await ctx.db.resource.findMany({
where: {
isActive: true,
...(input.chapter ? { chapter: input.chapter } : {}),
},
select: {
id: true,
federalState: true,
countryId: true,
metroCityId: true,
country: { select: { code: true } },
metroCity: { select: { name: true } },
},
});
if (resources.length === 0) {
return { created: 0 };
}
const adminUser = await ctx.db.user.findUnique({
where: { email: ctx.session.user?.email ?? "" },
select: { id: true },
});
if (!adminUser) throw new TRPCError({ code: "UNAUTHORIZED" });
let created = 0;
let holidayCount = 0;
for (const resource of resources) {
const holidays = await getResolvedCalendarHolidays(asHolidayResolverDb(ctx.db), {
periodStart: new Date(`${input.year}-01-01T00:00:00.000Z`),
periodEnd: new Date(`${input.year}-12-31T00:00:00.000Z`),
countryId: resource.countryId,
countryCode: resource.country?.code,
federalState: input.federalState ?? resource.federalState,
metroCityId: resource.metroCityId,
metroCityName: resource.metroCity?.name,
});
holidayCount += holidays.length;
for (const holiday of holidays) {
const startDate = new Date(holiday.date);
const endDate = new Date(holiday.date);
if (input.replaceExisting) {
// Remove any existing public holiday on this exact date for this resource
await ctx.db.vacation.deleteMany({
where: {
resourceId: resource.id,
type: VacationType.PUBLIC_HOLIDAY,
startDate,
endDate,
},
});
}
// Check if one already exists
const exists = await ctx.db.vacation.findFirst({
where: {
resourceId: resource.id,
type: VacationType.PUBLIC_HOLIDAY,
startDate,
endDate,
},
});
if (exists) continue;
await ctx.db.vacation.create({
data: {
resourceId: resource.id,
type: VacationType.PUBLIC_HOLIDAY,
status: VacationStatus.APPROVED,
startDate,
endDate,
note: holiday.name,
requestedById: adminUser.id,
approvedById: adminUser.id,
approvedAt: new Date(),
},
});
created++;
}
}
void createAuditEntry({
db: ctx.db,
entityType: "Vacation",
entityId: `public-holidays-${input.year}`,
entityName: `Public Holidays ${input.year}${input.federalState ? ` (${input.federalState})` : ""}`,
action: "CREATE",
userId: adminUser.id,
after: { created, holidays: holidayCount, resources: resources.length, year: input.year, federalState: input.federalState } as unknown as Record<string, unknown>,
source: "ui",
summary: `Batch created ${created} public holidays for ${resources.length} resources (${input.year})`,
});
return { created, holidays: holidayCount, resources: resources.length };
}),
/**
* Update vacation status (approve/reject/cancel via schema).
*/
updateStatus: protectedProcedure
.input(UpdateVacationStatusSchema)
.mutation(async ({ ctx, input }) => {
const existing = await findUniqueOrThrow(
ctx.db.vacation.findUnique({ where: { id: input.id } }),
"Vacation",
);
const userRecord = await ctx.db.user.findUnique({
where: { email: ctx.session.user?.email ?? "" },
select: { id: true, systemRole: true },
});
if (!userRecord) throw new TRPCError({ code: "UNAUTHORIZED" });
const isManager = userRecord.systemRole === "ADMIN" || userRecord.systemRole === "MANAGER";
if (input.status !== "CANCELLED" && !isManager) {
throw new TRPCError({ code: "FORBIDDEN", message: "Manager role required to approve/reject" });
}
const data: Record<string, unknown> = { status: input.status };
if (input.status === "APPROVED") {
data.approvedById = userRecord.id;
data.approvedAt = new Date();
data.rejectionReason = null;
}
if (input.note !== undefined) {
data.note = input.note;
}
const updated = await ctx.db.vacation.update({
where: { id: input.id },
data,
});
emitVacationUpdated({ id: updated.id, resourceId: updated.resourceId, status: updated.status });
void createAuditEntry({
db: ctx.db,
entityType: "Vacation",
entityId: updated.id,
entityName: `Vacation ${updated.id}`,
action: "UPDATE",
userId: userRecord.id,
before: existing as unknown as Record<string, unknown>,
after: updated as unknown as Record<string, unknown>,
source: "ui",
summary: `Updated vacation status to ${input.status}`,
});
return updated;
}),
});
Reference in New Issue View Git Blame Copy Permalink