init-source

init-source/qms-update-3/pages/api/escapes/index.ts

@@ -0,0 +1,47 @@
+import type { NextApiRequest, NextApiResponse } from 'next'
+import { prisma } from '@/lib/prisma'
+import { requireAuth, logAction, generateRef, SHIPMENT_SEND_ROLES } from '@/lib/auth'
+import { EscapeStatus } from '@prisma/client'
+
+export default async function handler(req: NextApiRequest, res: NextApiResponse) {
+  const user = await requireAuth(req, res)
+  if (!user) return
+
+  if (req.method === 'GET') {
+    const { status } = req.query
+    const where: any = {}
+    if (status) where.status = status as EscapeStatus
+
+    const escapes = await prisma.qualityEscape.findMany({
+      where,
+      include: { shipment: true, capa: { select: { ref: true } } },
+      orderBy: { createdAt: 'desc' },
+    })
+    return res.json({ data: escapes })
+  }
+
+  if (req.method === 'POST') {
+    // Report access: Production leads, Logistics lead, Admin
+    const gated = await requireAuth(req, res, SHIPMENT_SEND_ROLES)
+    if (!gated) return
+
+    const { shipmentId, description, contact } = req.body
+    if (!shipmentId || !description) return res.status(400).json({ error: 'shipmentId and description required' })
+
+    const shipment = await prisma.shipment.findUnique({ where: { id: shipmentId } })
+    if (!shipment) return res.status(404).json({ error: 'Shipment not found' })
+
+    const count = await prisma.qualityEscape.count()
+    const ref = generateRef('ESC', count)
+
+    const escape = await prisma.qualityEscape.create({
+      data: { ref, shipmentId, description, contact },
+      include: { shipment: true },
+    })
+
+    await logAction(user.id, 'CREATE', 'QualityEscape', escape.id, null, { ref, shipmentRef: shipment.ref })
+    return res.status(201).json({ data: escape })
+  }
+
+  res.status(405).end()
+}