Compare commits
3 Commits
3a0934bdc6
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
 jason
|
ba2b631e23 | ||
|
jason
|
3220ee70c4 | ||
|
jason
|
5a2b581c71 |
@@ -0,0 +1,25 @@
|
||||
name: Build and Push Docker Image
|
||||
on:
|
||||
push:
|
||||
branches: [main]
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
container:
|
||||
image: catthehacker/ubuntu:act-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Log in to Gitea Container Registry
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: registry.alwisp.com
|
||||
username: ${{ secrets.REGISTRY_USER }}
|
||||
password: ${{ secrets.REGISTRY_TOKEN }}
|
||||
|
||||
- name: Build and Push
|
||||
run: |
|
||||
docker build -t registry.alwisp.com/${{ gitea.repository_owner }}/${{ gitea.repository }}:latest .
|
||||
docker push registry.alwisp.com/${{ gitea.repository_owner }}/${{ gitea.repository }}:latest
|
||||
@@ -82,7 +82,7 @@ The following fields on `violations` are locked after submission. They are the b
|
||||
- `prior_active_points` (snapshot at insert time)
|
||||
- `prior_tier_label`
|
||||
|
||||
Amendable fields (non-scoring): `location`, `details`, `witness_name`, `acknowledged_by`, `acknowledged_date`
|
||||
Amendable fields (non-scoring): `incident_time`, `location`, `details`, `submitted_by`, `witness_name`, `acknowledged_by`, `acknowledged_date`, `amount`
|
||||
|
||||
### Soft-Delete Pattern
|
||||
|
||||
|
||||
@@ -130,7 +130,6 @@ Useful for showing the app to stakeholders without exposing live employee data.
|
||||
- Summary stat cards: total employees, elite standing (0 pts), with active points, at-risk count, highest active score
|
||||
- **At-risk badge**: flags employees within 2 points of the next tier escalation
|
||||
- Search/filter by name, department, or supervisor
|
||||
- **Department filter**: pre-loaded dropdown of all departments for quick scoped views
|
||||
- Click any employee name to open their full profile modal
|
||||
- **📋 Audit Log** button — filterable, paginated view of all system write actions
|
||||
|
||||
@@ -138,9 +137,11 @@ Useful for showing the app to stakeholders without exposing live employee data.
|
||||
- Select existing employee or enter new employee by name
|
||||
- **Employee intelligence**: shows current CPAS standing badge and 90-day violation count before submitting
|
||||
- Violation type dropdown grouped by category; shows prior 90-day counts inline
|
||||
- **Custom violation types**: add or edit user-defined types directly from the form (`+ Add Type` / `Edit Type` buttons); persisted to the database and merged into the dropdown alongside hardcoded types
|
||||
- **Recidivist auto-escalation**: if an employee has prior violations of the same type, points slider auto-sets to maximum per policy
|
||||
- Repeat offense badge with prior count displayed
|
||||
- Context-sensitive fields (time, minutes late, amount, location, description) shown only when relevant to violation type
|
||||
- **Financial amount tracking**: dollar amount in question recorded for chargeback / receipt / custom financial violations; surfaces on the PDF for repayment records and is audit-logged on edit
|
||||
- **Tier crossing warning** (TierWarning component): previews what tier the new points would push the employee into before submission
|
||||
- Point slider for discretionary adjustments within the violation's min/max range
|
||||
- **Employee Acknowledgment section**: optional "received by employee" name and date fields; when filled, the PDF signature block shows the recorded acknowledgment instead of a blank signature line
|
||||
@@ -214,23 +215,30 @@ Scores are computed over a **rolling 90-day window** (negated violations exclude
|
||||
|
||||
| Method | Endpoint | Description |
|
||||
|--------|----------|-------------|
|
||||
| GET | `/api/health` | Health check |
|
||||
| GET | `/api/health` | Health check (returns build SHA + timestamp) |
|
||||
| GET | `/api/employees` | List all employees (includes `notes`) |
|
||||
| GET | `/api/employees/:id` | Single employee record |
|
||||
| POST | `/api/employees` | Create or upsert employee |
|
||||
| PATCH | `/api/employees/:id` | Edit name, department, supervisor, or notes |
|
||||
| PATCH | `/api/employees/:id/notes` | Save employee notes only (shorthand) |
|
||||
| POST | `/api/employees/:id/merge` | Merge duplicate employee; reassigns all violations |
|
||||
| GET | `/api/employees/:id/score` | Get active CPAS score for employee |
|
||||
| GET | `/api/employees/:id/expiration` | Active violation roll-off timeline with days remaining |
|
||||
| PATCH | `/api/employees/:id/notes` | Save employee notes only (shorthand) |
|
||||
| GET | `/api/employees/:id/violation-counts` | 90-day non-negated counts grouped by violation type |
|
||||
| GET | `/api/employees/:id/violation-counts/alltime` | All-time non-negated counts + max points used per type |
|
||||
| GET | `/api/dashboard` | All employees with active points + violation counts |
|
||||
| POST | `/api/violations` | Log a new violation (accepts `acknowledged_by`, `acknowledged_date`) |
|
||||
| POST | `/api/violations` | Log a new violation (accepts `acknowledged_by`, `acknowledged_date`, `amount`) |
|
||||
| GET | `/api/violations/employee/:id` | Violation history with resolutions + amendment counts |
|
||||
| PATCH | `/api/violations/:id/negated` | Negate a violation (soft delete + resolution record) |
|
||||
| PATCH | `/api/violations/:id/negate` | Negate a violation (soft delete + resolution record) |
|
||||
| PATCH | `/api/violations/:id/restore` | Restore a negated violation |
|
||||
| PATCH | `/api/violations/:id/amend` | Amend non-scoring fields with field-level diff logging |
|
||||
| GET | `/api/violations/:id/amendments` | Get amendment history for a violation |
|
||||
| DELETE | `/api/violations/:id` | Hard delete a violation |
|
||||
| GET | `/api/violations/:id/pdf` | Download violation PDF |
|
||||
| GET | `/api/violation-types` | List custom violation types |
|
||||
| POST | `/api/violation-types` | Create a custom violation type |
|
||||
| PUT | `/api/violation-types/:id` | Update a custom violation type |
|
||||
| DELETE | `/api/violation-types/:id` | Delete a custom violation type (blocked if any violation references it) |
|
||||
| GET | `/api/audit` | Paginated audit log (filterable by `entity_type`, `entity_id`) |
|
||||
|
||||
---
|
||||
@@ -258,14 +266,19 @@ cpas/
|
||||
├── main.jsx
|
||||
├── App.jsx # Root app + AppFooter (copyright, dev ticker, Gitea link)
|
||||
├── data/
|
||||
│ └── violations.js # All CPAS violation definitions + groups
|
||||
│ ├── violations.js # All hardcoded CPAS violation definitions + groups
|
||||
│ └── departments.js # DEPARTMENTS constant; single source of truth
|
||||
├── hooks/
|
||||
│ └── useEmployeeIntelligence.js # Score + history hook
|
||||
├── styles/
|
||||
│ └── mobile.css # Mobile breakpoint overrides only
|
||||
└── components/
|
||||
├── CpasBadge.jsx # Tier badge + color logic
|
||||
├── CpasBadge.jsx # Tier badge + color logic (canonical TIERS, getTier)
|
||||
├── TierWarning.jsx # Pre-submit tier crossing alert
|
||||
├── Dashboard.jsx # Company-wide leaderboard + audit log trigger
|
||||
├── ViolationForm.jsx # Violation entry form + ack signature fields
|
||||
├── DashboardMobile.jsx # Mobile-optimized dashboard layout
|
||||
├── ViolationForm.jsx # Violation entry form + ack signature + amount field
|
||||
├── ViolationTypeModal.jsx # Create / edit / delete custom violation types
|
||||
├── EmployeeModal.jsx # Employee profile + history modal
|
||||
├── EditEmployeeModal.jsx # Employee edit + merge duplicate
|
||||
├── AmendViolationModal.jsx # Non-scoring field amendment + diff history
|
||||
@@ -284,10 +297,11 @@ cpas/
|
||||
|
||||
Six tables + one view:
|
||||
|
||||
- **`employees`** — id, name, department, supervisor, **notes**
|
||||
- **`violations`** — full incident record including `prior_active_points` snapshot at time of logging, `acknowledged_by` and `acknowledged_date` for employee acknowledgment
|
||||
- **`employees`** — id, name, department, supervisor, notes
|
||||
- **`violations`** — full incident record including `prior_active_points` snapshot, `acknowledged_by` / `acknowledged_date`, and `amount` (financial amount in question for chargeback/repayment)
|
||||
- **`violation_resolutions`** — resolution type, details, resolved_by (linked to violations)
|
||||
- **`violation_amendments`** — field-level diff log for violation edits; one row per changed field per amendment
|
||||
- **`violation_types`** — persisted custom violation type definitions added via the UI; `type_key` is prefixed `custom_` to prevent collisions with hardcoded keys
|
||||
- **`audit_log`** — append-only record of every write action (action, entity_type, entity_id, performed_by, details, timestamp)
|
||||
- **`active_cpas_scores`** (view) — sum of points for non-negated violations in rolling 90 days, grouped by employee
|
||||
|
||||
@@ -306,6 +320,7 @@ Point values, violation type, and incident date are **immutable** after submissi
|
||||
| `witness_name` | Witness on record |
|
||||
| `acknowledged_by` | Employee who acknowledged receipt |
|
||||
| `acknowledged_date` | Date of employee acknowledgment |
|
||||
| `amount` | Dollar amount in question (financial violations); typo-correctable for repayment records |
|
||||
|
||||
---
|
||||
|
||||
@@ -339,6 +354,8 @@ Point values, violation type, and incident date are **immutable** after submissi
|
||||
| 7 | Department dropdown | Pre-loaded select on the violation form replacing free-text department input; shared `DEPARTMENTS` constant |
|
||||
| 8 | Stakeholder demo page | Standalone `/demo` route with synthetic data; static HTML served before SPA catch-all; useful for non-live presentations |
|
||||
| 8 | App footer | Copyright (© Jason Stedwell), live dev ticker since first commit, Gitea repo icon+link |
|
||||
| 9 | Custom violation types | Persisted user-defined violation types created from the form; `+ Add Type` / `Edit Type` UI; merged into the dropdown alongside hardcoded types; delete blocked when in use |
|
||||
| 9 | Financial amount tracking | `amount` field on financial violations (chargeback, receipt negligence, custom types with the field enabled); stored on `violations`, rendered prominently on the PDF, amendable with audit-logged diffs |
|
||||
|
||||
---
|
||||
|
||||
|
||||
@@ -7,6 +7,7 @@ const FIELD_LABELS = {
|
||||
details: 'Incident Notes',
|
||||
submitted_by: 'Submitted By',
|
||||
witness_name: 'Witness / Documenting Officer',
|
||||
amount: 'Amount in Question',
|
||||
};
|
||||
|
||||
const s = {
|
||||
@@ -84,6 +85,7 @@ export default function AmendViolationModal({ violation, onClose, onSaved }) {
|
||||
details: violation.details || '',
|
||||
submitted_by: violation.submitted_by || '',
|
||||
witness_name: violation.witness_name || '',
|
||||
amount: violation.amount || '',
|
||||
});
|
||||
const [changedBy, setChangedBy] = useState('');
|
||||
const [saving, setSaving] = useState(false);
|
||||
|
||||
@@ -36,7 +36,6 @@ const s = {
|
||||
const EMPTY_FORM = {
|
||||
employeeId: '', employeeName: '', department: '', supervisor: '', witnessName: '',
|
||||
violationType: '', incidentDate: '', incidentTime: '',
|
||||
// TODO [MAJOR #6]: `amount` and `minutesLate` are rendered but never sent to the API
|
||||
amount: '', minutesLate: '', location: '', additionalDetails: '', points: 1,
|
||||
acknowledgedBy: '', acknowledgedDate: '',
|
||||
};
|
||||
@@ -159,6 +158,7 @@ export default function ViolationForm() {
|
||||
witness_name: form.witnessName || null,
|
||||
acknowledged_by: form.acknowledgedBy || null,
|
||||
acknowledged_date: form.acknowledgedDate || null,
|
||||
amount: form.amount || null,
|
||||
});
|
||||
|
||||
const newId = violRes.data.id;
|
||||
|
||||
@@ -21,6 +21,8 @@ if (!cols.includes('prior_active_points')) db.exec("ALTER TABLE violations ADD C
|
||||
if (!cols.includes('prior_tier_label')) db.exec("ALTER TABLE violations ADD COLUMN prior_tier_label TEXT");
|
||||
if (!cols.includes('acknowledged_by')) db.exec("ALTER TABLE violations ADD COLUMN acknowledged_by TEXT");
|
||||
if (!cols.includes('acknowledged_date')) db.exec("ALTER TABLE violations ADD COLUMN acknowledged_date TEXT");
|
||||
// Financial amount in question (record-keeping / repayment for chargeback, receipt negligence, etc.)
|
||||
if (!cols.includes('amount')) db.exec("ALTER TABLE violations ADD COLUMN amount TEXT");
|
||||
|
||||
// Employee notes column (free-text, does not affect scoring)
|
||||
const empCols = db.prepare('PRAGMA table_info(employees)').all().map(c => c.name);
|
||||
|
||||
@@ -25,6 +25,7 @@ CREATE TABLE IF NOT EXISTS violations (
|
||||
prior_tier_label TEXT, -- optional human-readable tier
|
||||
acknowledged_by TEXT, -- employee name who acknowledged receipt
|
||||
acknowledged_date TEXT, -- date of acknowledgment (YYYY-MM-DD)
|
||||
amount TEXT, -- dollar amount in question for financial violations (record-keeping / repayment)
|
||||
created_at DATETIME DEFAULT CURRENT_TIMESTAMP
|
||||
);
|
||||
|
||||
|
||||
@@ -243,6 +243,11 @@ function buildHtml(v, score) {
|
||||
<div class="field-label">Submitted By</div>
|
||||
<div class="field-value">${v.submitted_by || 'System'}</div>
|
||||
</div>
|
||||
${v.amount ? `
|
||||
<div class="field" style="grid-column: 1 / -1;">
|
||||
<div class="field-label">Amount in Question</div>
|
||||
<div class="field-value prominent">${v.amount}</div>
|
||||
</div>` : ''}
|
||||
${v.location ? `
|
||||
<div class="field" style="grid-column: 1 / -1;">
|
||||
<div class="field-label">Location / Context</div>
|
||||
|
||||
@@ -266,7 +266,8 @@ app.post('/api/violations', (req, res) => {
|
||||
employee_id, violation_type, violation_name, category,
|
||||
points, incident_date, incident_time, location,
|
||||
details, submitted_by, witness_name,
|
||||
acknowledged_by, acknowledged_date
|
||||
acknowledged_by, acknowledged_date,
|
||||
amount
|
||||
} = req.body;
|
||||
|
||||
if (!employee_id || !violation_type || !points || !incident_date) {
|
||||
@@ -282,15 +283,17 @@ app.post('/api/violations', (req, res) => {
|
||||
points, incident_date, incident_time, location,
|
||||
details, submitted_by, witness_name,
|
||||
prior_active_points,
|
||||
acknowledged_by, acknowledged_date
|
||||
) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
|
||||
acknowledged_by, acknowledged_date,
|
||||
amount
|
||||
) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
|
||||
`).run(
|
||||
employee_id, violation_type, violation_name || violation_type,
|
||||
category || 'General', ptsInt, incident_date,
|
||||
incident_time || null, location || null,
|
||||
details || null, submitted_by || null, witness_name || null,
|
||||
priorPts,
|
||||
acknowledged_by || null, acknowledged_date || null
|
||||
acknowledged_by || null, acknowledged_date || null,
|
||||
amount || null
|
||||
);
|
||||
|
||||
audit('violation_created', 'violation', result.lastInsertRowid, submitted_by, {
|
||||
@@ -302,7 +305,7 @@ app.post('/api/violations', (req, res) => {
|
||||
|
||||
// ── Violation Amendment (edit) ───────────────────────────────────────────────
|
||||
// PATCH /api/violations/:id/amend — edit mutable fields; logs a diff per changed field
|
||||
const AMENDABLE_FIELDS = ['incident_time', 'location', 'details', 'submitted_by', 'witness_name', 'acknowledged_by', 'acknowledged_date'];
|
||||
const AMENDABLE_FIELDS = ['incident_time', 'location', 'details', 'submitted_by', 'witness_name', 'acknowledged_by', 'acknowledged_date', 'amount'];
|
||||
|
||||
// Pre-build one prepared UPDATE statement per amendable field combination is not
|
||||
// practical (2^n combos), so instead we validate columns against the static
|
||||
|
||||
Reference in New Issue
Block a user