import { auth } from "@/auth"; import { db } from "@/lib/db"; import { hasPermission } from "@/lib/permissions"; import { NextRequest, NextResponse } from "next/server"; import type { POStatus } from "@prisma/client"; const PO_STATUS_LABELS: Record = { DRAFT: "Draft", SUBMITTED: "Submitted", MGR_REVIEW: "Pending Approval", VENDOR_ID_PENDING: "Vendor ID Pending", EDITS_REQUESTED: "Edits Requested", REJECTED: "Rejected", MGR_APPROVED: "Approved", SENT_FOR_PAYMENT: "Sent for Payment", PAID_DELIVERED: "Paid / Delivered", CLOSED: "Closed", }; export async function GET(request: NextRequest) { const session = await auth(); if (!session?.user) { return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); } if (!hasPermission(session.user.role, "export_reports")) { return NextResponse.json({ error: "Forbidden" }, { status: 403 }); } const sp = request.nextUrl.searchParams; const format = sp.get("format") ?? "csv"; const dateFrom = sp.get("dateFrom"); const dateTo = sp.get("dateTo"); const costCentreRef = sp.get("costCentreRef") ?? sp.get("vesselId"); const status = sp.get("status"); const where: NonNullable[0]>["where"] = {}; if (dateFrom || dateTo) { const createdAt: { gte?: Date; lt?: Date } = {}; if (dateFrom) createdAt.gte = new Date(dateFrom); if (dateTo) { const end = new Date(dateTo); end.setDate(end.getDate() + 1); createdAt.lt = end; } where.createdAt = createdAt; } if (costCentreRef) { if (costCentreRef.startsWith("v:")) where.vesselId = costCentreRef.slice(2); else if (costCentreRef.startsWith("s:")) where.siteId = costCentreRef.slice(2); else where.vesselId = costCentreRef; // legacy plain vesselId } if (status) where.status = status as POStatus; const orders = await db.purchaseOrder.findMany({ where, include: { submitter: true, vessel: true, site: { select: { name: true } }, account: true, vendor: true }, orderBy: { createdAt: "desc" }, }); if (format === "pdf") { const rows = orders.map((po) => ` ${po.poNumber} ${po.title} ${PO_STATUS_LABELS[po.status] ?? po.status} ${po.vessel?.name ?? po.site?.name ?? "—"} ${po.submitter.name} ${po.vendor?.name ?? "—"} ${Number(po.totalAmount).toLocaleString("en-IN", { style: "currency", currency: "INR" })} ${po.createdAt.toLocaleDateString("en-IN")} `).join(""); const html = ` PO Export — PPMS

Purchase Order Report — PPMS

Generated: ${new Date().toLocaleString("en-IN")} · ${orders.length} orders

${rows}
PO NumberTitleStatusCost Centre SubmitterVendorAmountCreated
`; return new NextResponse(html, { headers: { "Content-Type": "text/html; charset=utf-8" }, }); } // Default: CSV const headers = ["PO Number", "Title", "Status", "Cost Centre", "Account", "Vendor", "Submitter", "Amount", "Currency", "Created"]; const csvRows = orders.map((po) => [ po.poNumber, `"${po.title.replace(/"/g, '""')}"`, po.status, po.vessel?.name ?? po.site?.name ?? "", po.account.name, po.vendor?.name ?? "", po.submitter.name, po.totalAmount.toString(), po.currency, po.createdAt.toISOString(), ]); const csv = [headers.join(","), ...csvRows.map((r) => r.join(","))].join("\n"); return new NextResponse(csv, { headers: { "Content-Type": "text/csv", "Content-Disposition": `attachment; filename="pelagia-po-export-${Date.now()}.csv"`, }, }); }