Double_X_Attendance/apis/ClockIn/EditAttendanceItems.js

const API = require("../../lib/API");
const { BaseStdResponse } = require("../../BaseStdResponse");
const db = require("../../plugin/DataBase/db");
const AccessControl = require("../../lib/AccessControl");

class EditAttendanceItems extends API {
    constructor() {
        super();
        this.setPath('/Attendance');
        this.setMethod('PUT');
    }

    async onRequest(data, res) {
        this.setAllowCORS(res);
        let {
            uuid,
            session,
            id,
            name,
            user,
            day_of_week,
            loopy,
            begintime,
            endtime,
            position,
            radius,
            address,
            admin
        } = data;

        // 检查必需的参数是否缺失
        if ([uuid, session, id, name, user, day_of_week, loopy, begintime, endtime, position, radius].some(value => value === '' || value === null || value === undefined)) {
            res.json({
                ...BaseStdResponse.MISSING_PARAMETER,
                endpoint: 1513123
            });
            return;
        }

        // 检查 session 是否有效
        if (!await AccessControl.checkSession(uuid, session)) {
            res.json({
                ...BaseStdResponse.ACCESS_DENIED,
                endpoint: 48153145
            });
            return;
        }

        // 获取考勤项目
        const sqlGetProject = 'SELECT user, createUser, begintime, loopy, day_of_week, admin FROM kq_items WHERE id = ?';
        let [projectResult] = await db.query(sqlGetProject, [id]);

        if (!projectResult || projectResult.length === 0) {
            res.json({
                ...BaseStdResponse.DATABASE_ERR,
                endpoint: 154754511
            });
            return;
        }

        let projectData = projectResult[0];

        // 检查用户权限
        let permission = await AccessControl.getPermission(uuid);
        if (projectData.createUser !== uuid && !permission.includes('admin') && !Array.isArray(projectData.admin) && !JSON.parse(projectData.admin).includes(uuid)) {
            return res.json({
                ...BaseStdResponse.PERMISSION_DENIED,
                endpoint: 481454,
                msg: '你不是该考勤项目管理员，无操作权限'
            });
        }

        user = user.split('|');
        admin = admin.split('|');

        let uuids, admins;
        try {
            uuids = await AccessControl.checkUser(user);
            admins = await AccessControl.checkUser(admin);
        } catch (error) {
            return res.json({
                ...BaseStdResponse.ERR,
                endpoint: 513513,
                msg: error.message
            });
        }

        // 更新考勤项目
        const sqlUpdateProject = `
            UPDATE kq_items 
            SET 
                name = ?,
                user = ?,
                day_of_week = ?,
                loopy = ?,
                begintime = ?,
                endtime = ?,
                position = ?,
                radius = ?,
                address = ?,
                admin = ?
            WHERE id = ?
        `;
        let [updateResult] = await db.query(sqlUpdateProject, [
            name,
            JSON.stringify(uuids),
            day_of_week,
            loopy,
            begintime,
            endtime,
            JSON.stringify(position),
            radius,
            address,
            JSON.stringify(admins),
            id
        ]);

        if (updateResult.affectedRows !== 1) {
            res.json({
                ...BaseStdResponse.DATABASE_ERR,
                endpoint: 513513
            });
            return;
        }

        res.json({
            ...BaseStdResponse.OK
        });
    }
}

module.exports.EditAttendanceItems = EditAttendanceItems;