time-tracking-eltex/backend/routes/timeEntries.js

const express = require("express");
const { TimeEntry, User } = require("../models");
const {
  authenticate,
  authorizeAdmin,
  authorizeManager,
} = require("../middleware/auth");

const router = express.Router();

// Get time entries for current user
router.get("/", authenticate, async (req, res) => {
  try {
    const entries = await TimeEntry.findAll({
      where: { userId: req.user.id },
      order: [["date", "DESC"]],
    });
    res.json(entries);
  } catch (error) {
    res.status(500).json({ message: "Server error" });
  }
});

// Get all time entries (admin and manager)
router.get("/all", authenticate, authorizeManager, async (req, res) => {
  try {
    const entries = await TimeEntry.findAll({
      include: [{ model: User, attributes: ["username"] }],
      order: [["date", "DESC"]],
    });
    res.json(entries);
  } catch (error) {
    res.status(500).json({ message: "Server error" });
  }
});

// Get time entries for specific user (admin and manager)
router.get(
  "/user/:userId",
  authenticate,
  authorizeManager,
  async (req, res) => {
    try {
      const { userId } = req.params;
      console.log("Fetching entries for userId:", userId);
      const entries = await TimeEntry.findAll({
        where: { userId },
        order: [["date", "DESC"]],
      });
      console.log("Found entries:", entries);
      res.json(entries);
    } catch (error) {
      console.error("Error fetching user entries:", error);
      res.status(500).json({ message: "Server error" });
    }
  }
);

// Create time entry
router.post("/", authenticate, async (req, res) => {
  try {
    const { date, reason, hours } = req.body;
    const entry = await TimeEntry.create({
      userId: req.user.id,
      date,
      reason,
      hours: parseFloat(hours),
    });
    res.status(201).json(entry);
  } catch (error) {
    res.status(500).json({ message: "Server error" });
  }
});

// Update time entry (own or admin)
router.put("/:id", authenticate, async (req, res) => {
  try {
    const { date, reason, hours } = req.body;
    const entry = await TimeEntry.findByPk(req.params.id);
    if (!entry) {
      return res.status(404).json({ message: "Entry not found" });
    }
    if (entry.userId !== req.user.id && req.user.role !== "admin") {
      return res.status(403).json({ message: "Access denied" });
    }
    await entry.update({
      date,
      reason,
      hours: parseFloat(hours),
    });
    res.json(entry);
  } catch (error) {
    res.status(500).json({ message: "Server error" });
  }
});

// Delete all time entries for current user
router.delete("/delete-all", authenticate, async (req, res) => {
  try {
    const deletedCount = await TimeEntry.destroy({
      where: { userId: req.user.id },
    });
    res.json({ message: "All entries deleted", deletedCount });
  } catch (error) {
    res.status(500).json({ message: "Server error" });
  }
});

// Delete time entry (own or admin)
router.delete("/:id", authenticate, async (req, res) => {
  try {
    const entry = await TimeEntry.findByPk(req.params.id);
    if (!entry) {
      return res.status(404).json({ message: "Entry not found" });
    }
    if (entry.userId !== req.user.id && req.user.role !== "admin") {
      return res.status(403).json({ message: "Access denied" });
    }
    await entry.destroy();
    res.json({ message: "Entry deleted" });
  } catch (error) {
    res.status(500).json({ message: "Server error" });
  }
});

module.exports = router;