164 lines
4.6 KiB
PL/PgSQL
164 lines
4.6 KiB
PL/PgSQL
-- Attendance log book for check-in / check-out
|
|
CREATE TABLE IF NOT EXISTS attendance_logs (
|
|
id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
|
|
user_id uuid NOT NULL REFERENCES auth.users(id),
|
|
duty_schedule_id uuid NOT NULL REFERENCES duty_schedules(id),
|
|
check_in_at timestamptz NOT NULL DEFAULT now(),
|
|
check_in_lat double precision NOT NULL,
|
|
check_in_lng double precision NOT NULL,
|
|
check_out_at timestamptz,
|
|
check_out_lat double precision,
|
|
check_out_lng double precision
|
|
);
|
|
|
|
CREATE INDEX idx_attendance_logs_user ON attendance_logs (user_id, check_in_at DESC);
|
|
|
|
-- Enable realtime
|
|
ALTER PUBLICATION supabase_realtime ADD TABLE attendance_logs;
|
|
|
|
-- RLS
|
|
ALTER TABLE attendance_logs ENABLE ROW LEVEL SECURITY;
|
|
|
|
-- Users can see their own logs; admin/dispatcher/it_staff can see all
|
|
CREATE POLICY "attendance_logs_select" ON attendance_logs FOR SELECT TO authenticated
|
|
USING (
|
|
user_id = auth.uid()
|
|
OR EXISTS (
|
|
SELECT 1 FROM profiles p WHERE p.id = auth.uid() AND p.role IN ('admin', 'dispatcher', 'it_staff')
|
|
)
|
|
);
|
|
|
|
-- Users can insert their own logs
|
|
CREATE POLICY "attendance_logs_insert" ON attendance_logs FOR INSERT TO authenticated
|
|
WITH CHECK (user_id = auth.uid());
|
|
|
|
-- Users can update their own logs (for check-out)
|
|
CREATE POLICY "attendance_logs_update" ON attendance_logs FOR UPDATE TO authenticated
|
|
USING (user_id = auth.uid());
|
|
|
|
-- RPC: attendance_check_in — validates geofence server-side, checks 2-hour window
|
|
CREATE OR REPLACE FUNCTION public.attendance_check_in(
|
|
p_duty_id uuid,
|
|
p_lat double precision,
|
|
p_lng double precision
|
|
) RETURNS uuid
|
|
LANGUAGE plpgsql SECURITY DEFINER
|
|
AS $$
|
|
DECLARE
|
|
v_schedule duty_schedules%ROWTYPE;
|
|
v_geofence jsonb;
|
|
v_log_id uuid;
|
|
v_now timestamptz := now();
|
|
v_status text;
|
|
BEGIN
|
|
-- Fetch the duty schedule
|
|
SELECT * INTO v_schedule FROM duty_schedules WHERE id = p_duty_id;
|
|
IF NOT FOUND THEN
|
|
RAISE EXCEPTION 'Duty schedule not found';
|
|
END IF;
|
|
IF v_schedule.user_id != auth.uid() THEN
|
|
RAISE EXCEPTION 'Not your duty schedule';
|
|
END IF;
|
|
|
|
-- Check 2-hour window
|
|
IF v_now < (v_schedule.start_time - interval '2 hours') THEN
|
|
RAISE EXCEPTION 'Too early to check in (2-hour window)';
|
|
END IF;
|
|
IF v_now > v_schedule.end_time THEN
|
|
RAISE EXCEPTION 'Duty has already ended';
|
|
END IF;
|
|
|
|
-- Determine status
|
|
IF v_now <= v_schedule.start_time THEN
|
|
v_status := 'arrival';
|
|
ELSE
|
|
v_status := 'late';
|
|
END IF;
|
|
|
|
-- Insert attendance log
|
|
INSERT INTO attendance_logs (user_id, duty_schedule_id, check_in_at, check_in_lat, check_in_lng)
|
|
VALUES (auth.uid(), p_duty_id, v_now, p_lat, p_lng)
|
|
RETURNING id INTO v_log_id;
|
|
|
|
-- Update duty schedule
|
|
UPDATE duty_schedules
|
|
SET check_in_at = v_now,
|
|
check_in_location = jsonb_build_object('latitude', p_lat, 'longitude', p_lng),
|
|
status = v_status
|
|
WHERE id = p_duty_id;
|
|
|
|
RETURN v_log_id;
|
|
END;
|
|
$$;
|
|
|
|
-- RPC: attendance_check_out
|
|
CREATE OR REPLACE FUNCTION public.attendance_check_out(
|
|
p_attendance_id uuid,
|
|
p_lat double precision,
|
|
p_lng double precision
|
|
) RETURNS void
|
|
LANGUAGE plpgsql SECURITY DEFINER
|
|
AS $$
|
|
DECLARE
|
|
v_log attendance_logs%ROWTYPE;
|
|
BEGIN
|
|
SELECT * INTO v_log FROM attendance_logs WHERE id = p_attendance_id;
|
|
IF NOT FOUND THEN
|
|
RAISE EXCEPTION 'Attendance log not found';
|
|
END IF;
|
|
IF v_log.user_id != auth.uid() THEN
|
|
RAISE EXCEPTION 'Not your attendance log';
|
|
END IF;
|
|
IF v_log.check_out_at IS NOT NULL THEN
|
|
RAISE EXCEPTION 'Already checked out';
|
|
END IF;
|
|
|
|
UPDATE attendance_logs
|
|
SET check_out_at = now(),
|
|
check_out_lat = p_lat,
|
|
check_out_lng = p_lng
|
|
WHERE id = p_attendance_id;
|
|
END;
|
|
$$;
|
|
|
|
-- Also create the missing duty_check_in RPC that workforce_screen.dart calls
|
|
CREATE OR REPLACE FUNCTION public.duty_check_in(
|
|
p_duty_id uuid,
|
|
p_lat double precision,
|
|
p_lng double precision
|
|
) RETURNS text
|
|
LANGUAGE plpgsql SECURITY DEFINER
|
|
AS $$
|
|
DECLARE
|
|
v_schedule duty_schedules%ROWTYPE;
|
|
v_now timestamptz := now();
|
|
v_status text;
|
|
BEGIN
|
|
SELECT * INTO v_schedule FROM duty_schedules WHERE id = p_duty_id;
|
|
IF NOT FOUND THEN
|
|
RAISE EXCEPTION 'Duty schedule not found';
|
|
END IF;
|
|
IF v_schedule.user_id != auth.uid() THEN
|
|
RAISE EXCEPTION 'Not your duty schedule';
|
|
END IF;
|
|
|
|
IF v_now <= v_schedule.start_time THEN
|
|
v_status := 'arrival';
|
|
ELSE
|
|
v_status := 'late';
|
|
END IF;
|
|
|
|
UPDATE duty_schedules
|
|
SET check_in_at = v_now,
|
|
check_in_location = jsonb_build_object('latitude', p_lat, 'longitude', p_lng),
|
|
status = v_status
|
|
WHERE id = p_duty_id;
|
|
|
|
-- Also create an attendance log entry
|
|
INSERT INTO attendance_logs (user_id, duty_schedule_id, check_in_at, check_in_lat, check_in_lng)
|
|
VALUES (auth.uid(), p_duty_id, v_now, p_lat, p_lng);
|
|
|
|
RETURN v_status;
|
|
END;
|
|
$$;
|