Files for Todo_admin added

2025-12-30 19:44:14 +05:30
parent fd223884cd
commit eef41c105c
34 changed files with 7687 additions and 0 deletions
--- a/Backend/routes/todos.js
+++ b/Backend/routes/todos.js
@@ -0,0 +1,229 @@
+import express from 'express';
+import Todo from '../models/Todo.js';
+import User from '../models/User.js';
+import { requireAdmin } from '../middleware/auth.js';
+
+const router = express.Router();
+
+// Get todos - different behavior for admin vs user
+router.get('/', async (req, res) => {
+  try {
+    const { date, userId } = req.query;
+    let query = {};
+
+    if (req.user.role === 'admin') {
+      // Admin can see all todos or filter by userId
+      if (userId) {
+        query.userId = userId;
+      }
+    } else {
+      // Regular users only see their assigned tasks
+      query.userId = req.user._id;
+    }
+
+    if (date) {
+      const startDate = new Date(date);
+      const endDate = new Date(date);
+      endDate.setDate(endDate.getDate() + 1);
+      
+      query.dueDate = {
+        $gte: startDate,
+        $lt: endDate
+      };
+    }
+
+    const todos = await Todo.find(query)
+      .populate('userId', 'username email')
+      .populate('assignedBy', 'username email')
+      .sort({ createdAt: -1 });
+    
+    res.json(todos);
+  } catch (error) {
+    res.status(500).json({ message: 'Server error', error: error.message });
+  }
+});
+
+// Create new todo - only admins can assign tasks to others
+router.post('/', async (req, res) => {
+  try {
+    const { title, description, priority, dueDate, userId } = req.body;
+
+    let todoData = {
+      title,
+      description,
+      priority,
+      dueDate: new Date(dueDate)
+    };
+
+    if (req.user.role === 'admin') {
+      // Admin can assign tasks to any user
+      todoData.userId = userId || req.user._id;
+      todoData.assignedBy = req.user._id;
+    } else {
+      // Regular users can only create tasks for themselves
+      todoData.userId = req.user._id;
+    }
+
+    const todo = new Todo(todoData);
+    await todo.save();
+    
+    const populatedTodo = await Todo.findById(todo._id)
+      .populate('userId', 'username email')
+      .populate('assignedBy', 'username email');
+    
+    res.status(201).json(populatedTodo);
+  } catch (error) {
+    res.status(500).json({ message: 'Server error', error: error.message });
+  }
+});
+
+// Update todo - different permissions for admin vs user
+router.put('/:id', async (req, res) => {
+  try {
+    const { id } = req.params;
+    const updates = req.body;
+
+    console.log('Update request:', { id, updates, userRole: req.user.role });
+
+    let query = { _id: id };
+    let finalUpdates = { ...updates };
+    
+    if (req.user.role === 'admin') {
+      // Admin can update any todo
+      console.log('Admin updating todo');
+    } else {
+      // Regular users can only update their own todos
+      query.userId = req.user._id;
+      console.log('User updating own todo');
+      
+      // Users can only update status and submit tasks
+      const allowedUpdates = ['status'];
+      const filteredUpdates = {};
+      
+      allowedUpdates.forEach(field => {
+        if (updates[field] !== undefined) {
+          filteredUpdates[field] = updates[field];
+        }
+      });
+      
+      // Handle task submission
+      if (updates.status === 'submitted') {
+        filteredUpdates.submittedAt = new Date();
+      }
+      
+      finalUpdates = filteredUpdates;
+      console.log('Filtered updates for user:', finalUpdates);
+    }
+
+    const todo = await Todo.findOneAndUpdate(query, finalUpdates, { new: true })
+      .populate('userId', 'username email')
+      .populate('assignedBy', 'username email');
+
+    if (!todo) {
+      console.log('Todo not found with query:', query);
+      return res.status(404).json({ message: 'Todo not found or access denied' });
+    }
+
+    console.log('Todo updated successfully:', todo);
+    res.json(todo);
+  } catch (error) {
+    console.error('Update todo error:', error);
+    res.status(500).json({ message: 'Server error', error: error.message });
+  }
+});
+
+// Delete todo - only admins can delete
+router.delete('/:id', requireAdmin, async (req, res) => {
+  try {
+    const { id } = req.params;
+
+    const todo = await Todo.findByIdAndDelete(id);
+
+    if (!todo) {
+      return res.status(404).json({ message: 'Todo not found' });
+    }
+
+    res.json({ message: 'Todo deleted successfully' });
+  } catch (error) {
+    res.status(500).json({ message: 'Server error', error: error.message });
+  }
+});
+
+// Admin routes for user management
+router.get('/admin/users', requireAdmin, async (req, res) => {
+  try {
+    const users = await User.find({ role: 'user' }).select('-password');
+    res.json(users);
+  } catch (error) {
+    res.status(500).json({ message: 'Server error', error: error.message });
+  }
+});
+
+// Admin route to get all todos with user details
+router.get('/admin/all-todos', requireAdmin, async (req, res) => {
+  try {
+    const todos = await Todo.find()
+      .populate('userId', 'username email')
+      .populate('assignedBy', 'username email')
+      .sort({ createdAt: -1 });
+    
+    res.json(todos);
+  } catch (error) {
+    res.status(500).json({ message: 'Server error', error: error.message });
+  }
+});
+
+// Admin route to assign task to user
+router.post('/admin/assign', requireAdmin, async (req, res) => {
+  try {
+    const { title, description, priority, dueDate, userId } = req.body;
+
+    const todo = new Todo({
+      title,
+      description,
+      priority,
+      dueDate: new Date(dueDate),
+      userId,
+      assignedBy: req.user._id
+    });
+
+    await todo.save();
+    
+    const populatedTodo = await Todo.findById(todo._id)
+      .populate('userId', 'username email')
+      .populate('assignedBy', 'username email');
+    
+    res.status(201).json(populatedTodo);
+  } catch (error) {
+    res.status(500).json({ message: 'Server error', error: error.message });
+  }
+});
+
+// Admin route to mark task as completed
+router.put('/admin/complete/:id', requireAdmin, async (req, res) => {
+  try {
+    const { id } = req.params;
+
+    const todo = await Todo.findByIdAndUpdate(
+      id,
+      { 
+        status: 'completed',
+        completedAt: new Date()
+      },
+      { new: true }
+    ).populate('userId', 'username email')
+     .populate('assignedBy', 'username email');
+
+    if (!todo) {
+      return res.status(404).json({ message: 'Todo not found' });
+    }
+
+    res.json(todo);
+  } catch (error) {
+    res.status(500).json({ message: 'Server error', error: error.message });
+  }
+});
+
+
+
+export default router;