import express from 'express'; import Todo from '../models/Todo.js'; import User from '../models/User.js'; import { requireAdmin } from '../middleware/auth.js'; const router = express.Router(); // Get todos - different behavior for admin vs user router.get('/', async (req, res) => { try { const { date, userId } = req.query; let query = {}; if (req.user.role === 'admin') { // Admin can see all todos or filter by userId if (userId) { query.userId = userId; } } else { // Regular users only see their assigned tasks query.userId = req.user._id; } if (date) { const startDate = new Date(date); const endDate = new Date(date); endDate.setDate(endDate.getDate() + 1); query.dueDate = { $gte: startDate, $lt: endDate }; } const todos = await Todo.find(query) .populate('userId', 'username email') .populate('assignedBy', 'username email') .sort({ createdAt: -1 }); res.json(todos); } catch (error) { res.status(500).json({ message: 'Server error', error: error.message }); } }); // Create new todo - only admins can assign tasks to others router.post('/', async (req, res) => { try { const { title, description, priority, dueDate, userId } = req.body; let todoData = { title, description, priority, dueDate: new Date(dueDate) }; if (req.user.role === 'admin') { // Admin can assign tasks to any user todoData.userId = userId || req.user._id; todoData.assignedBy = req.user._id; } else { // Regular users can only create tasks for themselves todoData.userId = req.user._id; } const todo = new Todo(todoData); await todo.save(); const populatedTodo = await Todo.findById(todo._id) .populate('userId', 'username email') .populate('assignedBy', 'username email'); res.status(201).json(populatedTodo); } catch (error) { res.status(500).json({ message: 'Server error', error: error.message }); } }); // Update todo - different permissions for admin vs user router.put('/:id', async (req, res) => { try { const { id } = req.params; const updates = req.body; console.log('Update request:', { id, updates, userRole: req.user.role }); let query = { _id: id }; let finalUpdates = { ...updates }; if (req.user.role === 'admin') { // Admin can update any todo console.log('Admin updating todo'); } else { // Regular users can only update their own todos query.userId = req.user._id; console.log('User updating own todo'); // Users can only update status and submit tasks const allowedUpdates = ['status']; const filteredUpdates = {}; allowedUpdates.forEach(field => { if (updates[field] !== undefined) { filteredUpdates[field] = updates[field]; } }); // Handle task submission if (updates.status === 'submitted') { filteredUpdates.submittedAt = new Date(); } finalUpdates = filteredUpdates; console.log('Filtered updates for user:', finalUpdates); } const todo = await Todo.findOneAndUpdate(query, finalUpdates, { new: true }) .populate('userId', 'username email') .populate('assignedBy', 'username email'); if (!todo) { console.log('Todo not found with query:', query); return res.status(404).json({ message: 'Todo not found or access denied' }); } console.log('Todo updated successfully:', todo); res.json(todo); } catch (error) { console.error('Update todo error:', error); res.status(500).json({ message: 'Server error', error: error.message }); } }); // Delete todo - only admins can delete router.delete('/:id', requireAdmin, async (req, res) => { try { const { id } = req.params; const todo = await Todo.findByIdAndDelete(id); if (!todo) { return res.status(404).json({ message: 'Todo not found' }); } res.json({ message: 'Todo deleted successfully' }); } catch (error) { res.status(500).json({ message: 'Server error', error: error.message }); } }); // Admin routes for user management router.get('/admin/users', requireAdmin, async (req, res) => { try { const users = await User.find({ role: 'user' }).select('-password'); res.json(users); } catch (error) { res.status(500).json({ message: 'Server error', error: error.message }); } }); // Admin route to get all todos with user details router.get('/admin/all-todos', requireAdmin, async (req, res) => { try { const todos = await Todo.find() .populate('userId', 'username email') .populate('assignedBy', 'username email') .sort({ createdAt: -1 }); res.json(todos); } catch (error) { res.status(500).json({ message: 'Server error', error: error.message }); } }); // Admin route to assign task to user router.post('/admin/assign', requireAdmin, async (req, res) => { try { const { title, description, priority, dueDate, userId } = req.body; const todo = new Todo({ title, description, priority, dueDate: new Date(dueDate), userId, assignedBy: req.user._id }); await todo.save(); const populatedTodo = await Todo.findById(todo._id) .populate('userId', 'username email') .populate('assignedBy', 'username email'); res.status(201).json(populatedTodo); } catch (error) { res.status(500).json({ message: 'Server error', error: error.message }); } }); // Admin route to mark task as completed router.put('/admin/complete/:id', requireAdmin, async (req, res) => { try { const { id } = req.params; const todo = await Todo.findByIdAndUpdate( id, { status: 'completed', completedAt: new Date() }, { new: true } ).populate('userId', 'username email') .populate('assignedBy', 'username email'); if (!todo) { return res.status(404).json({ message: 'Todo not found' }); } res.json(todo); } catch (error) { res.status(500).json({ message: 'Server error', error: error.message }); } }); export default router;