2026-03-07 09:46:39 -06:00
1 changed files with 52 additions and 9 deletions
--- a/server.js
+++ b/server.js
@@ -29,7 +29,7 @@ app.get('/api/health', (req, res) => res.json({ status: 'ok', timestamp: new Dat

 // ── Employees ─────────────────────────────────────────────────────────────────
 app.get('/api/employees', (req, res) => {
-  const rows = db.prepare('SELECT id, name, department, supervisor FROM employees ORDER BY name ASC').all();
+  const rows = db.prepare('SELECT id, name, department, supervisor, notes FROM employees ORDER BY name ASC').all();
  res.json(rows);
 });

@@ -51,13 +51,13 @@ app.post('/api/employees', (req, res) => {
 });

 // ── Employee Edit ─────────────────────────────────────────────────────────────
-// PATCH /api/employees/:id  — update name, department, or supervisor
+// PATCH /api/employees/:id — update name, department, supervisor, or notes
 app.patch('/api/employees/:id', (req, res) => {
  const id  = parseInt(req.params.id);
  const emp = db.prepare('SELECT * FROM employees WHERE id = ?').get(id);
  if (!emp) return res.status(404).json({ error: 'Employee not found' });

-  const { name, department, supervisor, performed_by } = req.body;
+  const { name, department, supervisor, notes, performed_by } = req.body;

  // Prevent name collision with a different employee
  if (name && name.trim() !== emp.name) {
@@ -68,20 +68,21 @@ app.patch('/api/employees/:id', (req, res) => {
  const newName       = (name       || emp.name).trim();
  const newDept       = department  !== undefined ? (department  || null) : emp.department;
  const newSupervisor = supervisor  !== undefined ? (supervisor  || null) : emp.supervisor;
+  const newNotes      = notes       !== undefined ? (notes       || null) : emp.notes;

-  db.prepare('UPDATE employees SET name = ?, department = ?, supervisor = ? WHERE id = ?')
-    .run(newName, newDept, newSupervisor, id);
+  db.prepare('UPDATE employees SET name = ?, department = ?, supervisor = ?, notes = ? WHERE id = ?')
+    .run(newName, newDept, newSupervisor, newNotes, id);

  audit('employee_edited', 'employee', id, performed_by, {
-    before: { name: emp.name, department: emp.department, supervisor: emp.supervisor },
-    after:  { name: newName,  department: newDept,        supervisor: newSupervisor  },
+    before: { name: emp.name, department: emp.department, supervisor: emp.supervisor, notes: emp.notes },
+    after:  { name: newName,  department: newDept,        supervisor: newSupervisor,  notes: newNotes  },
  });

-  res.json({ id, name: newName, department: newDept, supervisor: newSupervisor });
+  res.json({ id, name: newName, department: newDept, supervisor: newSupervisor, notes: newNotes });
 });

 // ── Employee Merge ────────────────────────────────────────────────────────────
-// POST /api/employees/:id/merge  — reassign all violations from sourceId → id, then delete source
+// POST /api/employees/:id/merge — reassign all violations from sourceId → id, then delete source
 app.post('/api/employees/:id/merge', (req, res) => {
  const targetId = parseInt(req.params.id);
  const { source_id, performed_by } = req.body;
@@ -112,12 +113,54 @@ app.post('/api/employees/:id/merge', (req, res) => {
  res.json({ success: true, violations_reassigned: violationsMoved });
 });

+// ── Employee notes (PATCH shorthand) ─────────────────────────────────────────
+// PATCH /api/employees/:id/notes — save free-text notes only
+app.patch('/api/employees/:id/notes', (req, res) => {
+  const id  = parseInt(req.params.id);
+  const emp = db.prepare('SELECT * FROM employees WHERE id = ?').get(id);
+  if (!emp) return res.status(404).json({ error: 'Employee not found' });
+
+  const { notes, performed_by } = req.body;
+  const newNotes = notes !== undefined ? (notes || null) : emp.notes;
+
+  db.prepare('UPDATE employees SET notes = ? WHERE id = ?').run(newNotes, id);
+  audit('employee_notes_updated', 'employee', id, performed_by, { notes: newNotes });
+  res.json({ id, notes: newNotes });
+});
+
 // Employee score (current snapshot)
 app.get('/api/employees/:id/score', (req, res) => {
  const row = db.prepare('SELECT * FROM active_cpas_scores WHERE employee_id = ?').get(req.params.id);
  res.json(row || { employee_id: req.params.id, active_points: 0, violation_count: 0 });
 });

+// ── Expiration Timeline ───────────────────────────────────────────────────────
+// GET /api/employees/:id/expiration — active violations sorted by roll-off date
+// Returns each active violation with days_remaining until it exits the 90-day window.
+app.get('/api/employees/:id/expiration', (req, res) => {
+  const rows = db.prepare(`
+    SELECT
+      v.id,
+      v.violation_name,
+      v.violation_type,
+      v.category,
+      v.points,
+      v.incident_date,
+      DATE(v.incident_date, '+90 days')                          AS expires_on,
+      CAST(
+        JULIANDAY(DATE(v.incident_date, '+90 days')) -
+        JULIANDAY(DATE('now'))
+        AS INTEGER
+      )                                                           AS days_remaining
+    FROM violations v
+    WHERE v.employee_id = ?
+      AND v.negated = 0
+      AND v.incident_date >= DATE('now', '-90 days')
+    ORDER BY v.incident_date ASC
+  `).all(req.params.id);
+  res.json(rows);
+});
+
 // Dashboard
 app.get('/api/dashboard', (req, res) => {
  const rows = db.prepare(`