102 lines
4.8 KiB
JavaScript
102 lines
4.8 KiB
JavaScript
const express = require('express');
|
||
const db = require('../../db');
|
||
const { authenticate } = require('../../middleware/auth');
|
||
const router = express.Router();
|
||
const uid = req => req.user.id;
|
||
|
||
// Hilfsfunktion: Bestellung mit Items laden
|
||
const loadOrder = (id, userId) => {
|
||
const order = db.prepare('SELECT * FROM orders WHERE id=? AND user_id=?').get(id, userId);
|
||
if (!order) return null;
|
||
order.items = db.prepare('SELECT * FROM order_items WHERE order_id=? ORDER BY id').all(id);
|
||
return order;
|
||
};
|
||
|
||
// GET /api/tools/bestellungen – alle Bestellungen
|
||
router.get('/', authenticate, (req, res) => {
|
||
const orders = db.prepare(`
|
||
SELECT o.*,
|
||
COUNT(oi.id) as item_count
|
||
FROM orders o
|
||
LEFT JOIN order_items oi ON oi.order_id = o.id
|
||
WHERE o.user_id = ?
|
||
GROUP BY o.id
|
||
ORDER BY o.created_at DESC
|
||
`).all(uid(req));
|
||
res.json(orders);
|
||
});
|
||
|
||
// GET /api/tools/bestellungen/:id – einzelne Bestellung mit Items
|
||
router.get('/:id', authenticate, (req, res) => {
|
||
const order = loadOrder(req.params.id, uid(req));
|
||
if (!order) return res.status(404).json({ error: 'Nicht gefunden' });
|
||
res.json(order);
|
||
});
|
||
|
||
// POST /api/tools/bestellungen – neue Bestellung
|
||
router.post('/', authenticate, (req, res) => {
|
||
const { name, bemerkung = '', status = 'warteliste', custom_price = null } = req.body;
|
||
if (!name?.trim()) return res.status(400).json({ error: 'Name erforderlich' });
|
||
const r = db.prepare(`INSERT INTO orders (user_id,name,bemerkung,status,custom_price) VALUES (?,?,?,?,?)`)
|
||
.run(uid(req), name.trim(), bemerkung, status, custom_price);
|
||
res.json(loadOrder(r.lastInsertRowid, uid(req)));
|
||
});
|
||
|
||
// PUT /api/tools/bestellungen/:id – Bestellung aktualisieren
|
||
router.put('/:id', authenticate, (req, res) => {
|
||
const ex = db.prepare('SELECT * FROM orders WHERE id=? AND user_id=?').get(req.params.id, uid(req));
|
||
if (!ex) return res.status(404).json({ error: 'Nicht gefunden' });
|
||
const { name=ex.name, bemerkung=ex.bemerkung, status=ex.status, custom_price=ex.custom_price } = req.body;
|
||
db.prepare(`UPDATE orders SET name=?,bemerkung=?,status=?,custom_price=?,updated_at=CURRENT_TIMESTAMP WHERE id=? AND user_id=?`)
|
||
.run(name, bemerkung, status, custom_price, req.params.id, uid(req));
|
||
res.json(loadOrder(req.params.id, uid(req)));
|
||
});
|
||
|
||
// DELETE /api/tools/bestellungen/:id
|
||
router.delete('/:id', authenticate, (req, res) => {
|
||
const r = db.prepare('DELETE FROM orders WHERE id=? AND user_id=?').run(req.params.id, uid(req));
|
||
if (!r.changes) return res.status(404).json({ error: 'Nicht gefunden' });
|
||
res.json({ success: true });
|
||
});
|
||
|
||
// POST /api/tools/bestellungen/:id/items – Archiv-Eintrag hinzufügen
|
||
router.post('/:id/items', authenticate, (req, res) => {
|
||
const order = db.prepare('SELECT * FROM orders WHERE id=? AND user_id=?').get(req.params.id, uid(req));
|
||
if (!order) return res.status(404).json({ error: 'Bestellung nicht gefunden' });
|
||
|
||
const { calculation_id, stueckzahl = 1 } = req.body;
|
||
const calc = db.prepare('SELECT * FROM calculations WHERE id=? AND user_id=?').get(calculation_id, uid(req));
|
||
if (!calc) return res.status(404).json({ error: 'Archiv-Eintrag nicht gefunden' });
|
||
|
||
// Bereits vorhanden? → Stückzahl erhöhen
|
||
const existing = db.prepare('SELECT * FROM order_items WHERE order_id=? AND calculation_id=?').get(req.params.id, calculation_id);
|
||
if (existing) {
|
||
db.prepare('UPDATE order_items SET stueckzahl=? WHERE id=?').run(existing.stueckzahl + stueckzahl, existing.id);
|
||
} else {
|
||
db.prepare(`INSERT INTO order_items (order_id,calculation_id,calc_name,preis_freundschaft,preis_normal,preis_auftrag,stueckzahl)
|
||
VALUES (?,?,?,?,?,?,?)`)
|
||
.run(req.params.id, calc.id, calc.name, calc.preis_freundschaft, calc.preis_normal, calc.preis_auftrag, stueckzahl);
|
||
}
|
||
res.json(loadOrder(req.params.id, uid(req)));
|
||
});
|
||
|
||
// PUT /api/tools/bestellungen/:id/items/:itemId – Stückzahl ändern
|
||
router.put('/:id/items/:itemId', authenticate, (req, res) => {
|
||
const order = db.prepare('SELECT * FROM orders WHERE id=? AND user_id=?').get(req.params.id, uid(req));
|
||
if (!order) return res.status(404).json({ error: 'Nicht gefunden' });
|
||
const { stueckzahl } = req.body;
|
||
if (!stueckzahl || stueckzahl < 1) return res.status(400).json({ error: 'Ungültige Stückzahl' });
|
||
db.prepare('UPDATE order_items SET stueckzahl=? WHERE id=? AND order_id=?').run(stueckzahl, req.params.itemId, req.params.id);
|
||
res.json(loadOrder(req.params.id, uid(req)));
|
||
});
|
||
|
||
// DELETE /api/tools/bestellungen/:id/items/:itemId
|
||
router.delete('/:id/items/:itemId', authenticate, (req, res) => {
|
||
const order = db.prepare('SELECT * FROM orders WHERE id=? AND user_id=?').get(req.params.id, uid(req));
|
||
if (!order) return res.status(404).json({ error: 'Nicht gefunden' });
|
||
db.prepare('DELETE FROM order_items WHERE id=? AND order_id=?').run(req.params.itemId, req.params.id);
|
||
res.json(loadOrder(req.params.id, uid(req)));
|
||
});
|
||
|
||
module.exports = router;
|