boha_admin/app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
36a864c8526417b51366d982fca9ac014428065d
app/api/admin/attendance.php
Simon 5ef6fc8064 refactor: odstraneni PSR-1 SideEffects warningu 
- Handler funkce extrahovany z API souboru do api/admin/handlers/
- config.php rozdeleny na helpers.php (funkce) a constants.php (konstanty)
- require_once odstranen z class souboru (AuditLog, JWTAuth, LeaveNotification)
- vendor/autoload.php presunuto do config.php bootstrap
- totp-handlers.php: pridany use deklarace pro TwoFactorAuth
- phpstan.neon: bootstrapFiles, scanDirectories, dynamicConstantNames
- Opraveny chybejici routing bloky v totp.php a session.php

Vysledek: phpcs 0 errors 0 warnings, PHPStan 0 errors, ESLint 0 errors

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-12 14:29:21 +01:00

153 lines
7.0 KiB
PHP
Raw Blame History

<?php
/**
* BOHA Automation - Attendance API
*
* Endpoints:
* GET /api/admin/attendance.php - Get current shift status and today's shifts
* GET /api/admin/attendance.php?action=history - Get attendance history for month
* GET /api/admin/attendance.php?action=admin - Get all attendance records (admin)
* GET /api/admin/attendance.php?action=balances - Get leave balances (admin)
* GET /api/admin/attendance.php?action=workfund&year=YYYY - Get work fund overview (admin)
* GET /api/admin/attendance.php?action=location&id=X - Get location for record (admin)
* GET /api/admin/attendance.php?action=print - Get print data for attendance (admin)
* GET /api/admin/attendance.php?action=projects - Get active projects list
* GET /api/admin/attendance.php?action=project_report&month=YYYY-MM - Get project hours report (admin)
* GET /api/admin/attendance.php?action=project_logs&attendance_id=X - Get project logs for a shift
* POST /api/admin/attendance.php - Clock in/out/break actions
* POST /api/admin/attendance.php?action=update_address - Doplnit adresu k poslednimu zaznamu
* POST /api/admin/attendance.php?action=notes - Save notes for current shift
* POST /api/admin/attendance.php?action=switch_project - Switch active project on current shift
* POST /api/admin/attendance.php?action=leave - Add leave record
* POST /api/admin/attendance.php?action=save_project_logs - Save project logs for record (admin)
* POST /api/admin/attendance.php?action=create - Create attendance record (admin)
* POST /api/admin/attendance.php?action=bulk_attendance - Bulk add attendance for month (admin)
* POST /api/admin/attendance.php?action=balances - Update leave balance (admin)
* PUT /api/admin/attendance.php?id=X - Update attendance record (admin)
* DELETE /api/admin/attendance.php?id=X - Delete attendance record (admin)
*/
declare(strict_types=1);
require_once dirname(__DIR__) . '/config.php';
require_once dirname(__DIR__) . '/includes/JWTAuth.php';
require_once dirname(__DIR__) . '/includes/AuditLog.php';
require_once dirname(__DIR__) . '/includes/CzechHolidays.php';
require_once dirname(__DIR__) . '/includes/AttendanceHelpers.php';
require_once dirname(__DIR__) . '/includes/AttendanceAdmin.php';
require_once __DIR__ . '/handlers/attendance-handlers.php';
setCorsHeaders();
setSecurityHeaders();
setNoCacheHeaders();
header('Content-Type: application/json; charset=utf-8');
$authData = JWTAuth::requireAuth();
AuditLog::setUser($authData['user_id'], $authData['user']['username'] ?? 'unknown');
$method = $_SERVER['REQUEST_METHOD'];
$action = $_GET['action'] ?? '';
$recordId = isset($_GET['id']) ? (int) $_GET['id'] : null;
try {
$pdo = db();
$userId = $authData['user_id'];
$isAdmin = $authData['user']['is_admin'] ?? false;
switch ($method) {
case 'GET':
if ($action === 'history') {
requirePermission($authData, 'attendance.history');
handleGetHistory($pdo, $userId);
} elseif ($action === 'admin') {
requirePermission($authData, 'attendance.admin');
handleGetAdmin($pdo);
} elseif ($action === 'balances') {
requirePermission($authData, 'attendance.balances');
handleGetBalances($pdo);
} elseif ($action === 'location' && $recordId) {
requirePermission($authData, 'attendance.admin');
handleGetLocation($pdo, $recordId);
} elseif ($action === 'users') {
requirePermission($authData, 'attendance.admin');
handleGetUsers($pdo);
} elseif ($action === 'print') {
requirePermission($authData, 'attendance.admin');
handleGetPrint($pdo);
} elseif ($action === 'workfund') {
requirePermission($authData, 'attendance.balances');
handleGetWorkFund($pdo);
} elseif ($action === 'projects') {
handleGetProjects();
} elseif ($action === 'project_report') {
if (!hasPermission($authData, 'attendance.admin') && !hasPermission($authData, 'attendance.balances')) {
requirePermission($authData, 'attendance.admin');
}
handleGetProjectReport($pdo);
} elseif ($action === 'project_logs') {
handleGetProjectLogs($pdo, $userId, $authData);
} else {
requirePermission($authData, 'attendance.record');
handleGetCurrent($pdo, $userId);
}
break;
case 'POST':
if ($action === 'leave') {
requirePermission($authData, 'attendance.record');
handleAddLeave($pdo, $userId);
} elseif ($action === 'notes') {
requirePermission($authData, 'attendance.record');
handleSaveNotes($pdo, $userId);
} elseif ($action === 'switch_project') {
requirePermission($authData, 'attendance.record');
handleSwitchProject($pdo, $userId);
} elseif ($action === 'save_project_logs') {
requirePermission($authData, 'attendance.admin');
handleSaveProjectLogs($pdo);
} elseif ($action === 'create') {
requirePermission($authData, 'attendance.admin');
handleCreateAttendance($pdo);
} elseif ($action === 'bulk_attendance') {
requirePermission($authData, 'attendance.admin');
handleBulkAttendance($pdo);
} elseif ($action === 'balances') {
requirePermission($authData, 'attendance.balances');
handleUpdateBalance($pdo);
} elseif ($action === 'update_address') {
requirePermission($authData, 'attendance.record');
handleUpdateAddress($pdo, $userId);
} else {
requirePermission($authData, 'attendance.record');
handlePunch($pdo, $userId);
}
break;
case 'PUT':
requirePermission($authData, 'attendance.admin');
if (!$recordId) {
errorResponse('ID záznamu je povinné');
}
handleUpdateAttendance($pdo, $recordId);
break;
case 'DELETE':
requirePermission($authData, 'attendance.admin');
if (!$recordId) {
errorResponse('ID záznamu je povinné');
}
handleDeleteAttendance($pdo, $recordId);
break;
default:
errorResponse('Metoda není povolena', 405);
}
} catch (PDOException $e) {
error_log('Attendance API error: ' . $e->getMessage());
errorResponse('Chyba databáze', 500);
}
// ============================================================================
// User-facing handlers
// ============================================================================
Reference in New Issue View Git Blame Copy Permalink