prod push

db/migrations/20250918152536_add_reservations_table.ts

@@ -1,14 +1,6 @@
 import type { Knex } from "knex";
 
 export async function up(knex: Knex): Promise<void> {
-  await knex.schema.alterTable("locations", (table) => {
-    table.index("id");
-  });
-
-  await knex.schema.alterTable("teams", (table) => {
-    table.index("id");
-  });
-
   await knex.schema.createTable("reservations", (table) => {
     table.increments("id").primary().notNullable();
     table.bigInteger("start_time").unsigned().notNullable();
@@ -46,9 +38,4 @@ export async function up(knex: Knex): Promise<void> {
 
 export async function down(knex: Knex): Promise<void> {
   await knex.schema.dropTableIfExists("reservations");
-
-  // Remove the index we added
-  await knex.schema.alterTable("locations", (table) => {
-    table.dropIndex("id");
-  });
 }

package.json

@@ -91,7 +91,7 @@
     "rimraf": "^6.0.1",
     "source-map-support": "^0.5.21",
     "supertest": "^7.0.0",
-    "ts-jest": "29.4.4",
+    "ts-jest": "29.4.5",
     "ts-loader": "^9.5.1",
     "ts-node": "^10.9.2",
     "tsconfig-paths": "^4.2.0",

src/entities/reservation.entity.ts

@@ -11,24 +11,6 @@ export enum ReservationType {
 @Table({
   name: "reservations",
   hackathonId: "hackathonId",
-  relationMappings: {
-    location: {
-      relation: Entity.BelongsToOneRelation,
-      modelClass: "location.entity.js",
-      join: {
-        from: "reservations.locationId",
-        to: "locations.id",
-      },
-    },
-    hackathon: {
-      relation: Entity.BelongsToOneRelation,
-      modelClass: "hackathon.entity.js",
-      join: {
-        from: "reservations.hackathonId",
-        to: "hackathons.id",
-      },
-    },
-  },
 })
 export class Reservation extends Entity {
   @ApiProperty()

src/modules/inventory/inventory.controller.ts

@@ -4,8 +4,11 @@ import {
   Body,
   Controller,
   Delete,
+  ForbiddenException,
   Get,
+  NotFoundException,
   Param,
+  Patch,
   Post,
   Req,
   UsePipes,
@@ -60,6 +63,12 @@ class CreateItemDto extends IntersectionType(
   OptionalItemStatus,
 ) {}
 
+class UpdateItemDto extends OmitType(BaseCreateItemDto, [
+  "categoryId",
+  "holderLocationId",
+  "holderOrganizerId"
+] as const) {}
+
 // Movement
 class CreateMovementDto extends OmitType(InventoryMovementEntity, [
   "id",
@@ -164,6 +173,29 @@ export class InventoryController {
     return this.itemRepo.createOne(item).exec();
   }
 
+  @Patch("items/:id")
+  @Roles(Role.TEAM)
+  @ApiDoc({
+    summary: "Update an inventory item's name, asset tag, serial number, or note",
+    request: { body: { type: UpdateItemDto }, validate: true },
+    params: [{ name: "id" }],
+    response: { ok: { type: InventoryItemEntity } },
+    auth: Role.TEAM
+  })
+  async updateItem(@Param("id") id: string, @Body() dto: UpdateItemDto): Promise<InventoryItem> {
+    // Validate the dto: item should (at least) have one of the following: name, asset tag, serial number
+    if (!dto.name.trim() && !dto.assetTag.trim() && !dto.serialNumber.trim()) 
+      throw new ForbiddenException("Item must have a name, asset tag, or serial number");
+
+    // Get the item
+    const item = await this.itemRepo.findOne(id).exec();
+    if (!item) throw new NotFoundException("Item not found");
+
+    // Update the new values and patch
+    Object.assign(item, dto);
+    return this.itemRepo.patchOne(id, item).exec();
+  }
+
   @Delete("items/:id")
   @Roles(Role.TEAM)
   @ApiDoc({

src/modules/location/location.controller.ts

@@ -36,7 +36,7 @@ export class LocationController {
   ) {}
 
   @Get("/")
-  @Roles(Role.TEAM)
+  @Roles(Role.NONE)
   @ApiDoc({
     summary: "Find All Locations",
     response: {

src/modules/photo/photo.controller.ts

@@ -4,9 +4,12 @@ import {
   Get,
   InternalServerErrorException,
   Post,
+  Patch,
+  Param,
   UseInterceptors,
   Req,
   Body,
+  UnauthorizedException,
 } from "@nestjs/common";
 import { Request } from "express";
 import { ApiTags } from "@nestjs/swagger";
@@ -51,7 +54,11 @@ export class PhotoController {
       throw new BadRequestException("Photo is required");
     }
 
-    const userId = (req.user as any)?.uid;
+    if (!req.user || !("sub" in req.user)) {
+      throw new UnauthorizedException();
+    }
+
+    const userId = String(req.user.sub);
     const type = fileType || "default";
 
     try {
@@ -70,10 +77,10 @@ export class PhotoController {
   @Get("/")
   @Roles(Role.NONE)
   @ApiDoc({
-    summary: "Get all photos",
+    summary: "Get all approved photos",
     response: {
       ok: {
-        description: "List of all photos",
+        description: "List of all approved photos",
         schema: {
           type: "array",
           items: {
@@ -98,4 +105,110 @@ export class PhotoController {
       throw new InternalServerErrorException("Failed to fetch photos");
     }
   }
+
+  @Get("/pending")
+  @Roles(Role.TEAM)
+  @ApiDoc({
+    summary: "Get all photos with approval status (admin only)",
+    response: {
+      ok: {
+        description: "List of all photos with approval status",
+        schema: {
+          type: "array",
+          items: {
+            type: "object",
+            properties: {
+              name: { type: "string" },
+              url: { type: "string" },
+              createdAt: { type: "string", format: "date-time" },
+              uploadedBy: { type: "string" },
+              approvalStatus: { type: "string" },
+            },
+          },
+        },
+      },
+    },
+  })
+  async getAllPendingPhotos(): Promise<
+    {
+      name: string;
+      url: string;
+      createdAt: Date;
+      uploadedBy: string;
+      approvalStatus: string;
+    }[]
+  > {
+    try {
+      return await this.photoService.getAllPendingPhotos();
+    } catch (error) {
+      console.error("Error fetching pending photos:", error);
+      throw new InternalServerErrorException("Failed to fetch pending photos");
+    }
+  }
+
+  @Patch("/:filename/approve")
+  @Roles(Role.TEAM)
+  @ApiDoc({
+    summary: "Approve a photo (admin only)",
+    response: {
+      ok: {
+        description: "Photo approved successfully",
+      },
+    },
+  })
+  async approvePhoto(
+    @Param("filename") filename: string,
+    @Req() req: Request,
+  ): Promise<{ message: string }> {
+    if (!req.user || !("sub" in req.user)) {
+      throw new UnauthorizedException();
+    }
+
+    const adminId = String(req.user.sub);
+
+    try {
+      await this.photoService.updatePhotoApprovalStatus(
+        filename,
+        "approved",
+        adminId,
+      );
+      return { message: "Photo approved successfully" };
+    } catch (error) {
+      console.error("Error approving photo:", error);
+      throw new InternalServerErrorException("Failed to approve photo");
+    }
+  }
+
+  @Patch("/:filename/reject")
+  @Roles(Role.TEAM)
+  @ApiDoc({
+    summary: "Reject a photo (admin only)",
+    response: {
+      ok: {
+        description: "Photo rejected successfully",
+      },
+    },
+  })
+  async rejectPhoto(
+    @Param("filename") filename: string,
+    @Req() req: Request,
+  ): Promise<{ message: string }> {
+    if (!req.user || !("sub" in req.user)) {
+      throw new UnauthorizedException();
+    }
+
+    const adminId = String(req.user.sub);
+
+    try {
+      await this.photoService.updatePhotoApprovalStatus(
+        filename,
+        "rejected",
+        adminId,
+      );
+      return { message: "Photo rejected successfully" };
+    } catch (error) {
+      console.error("Error rejecting photo:", error);
+      throw new InternalServerErrorException("Failed to reject photo");
+    }
+  }
 }

src/modules/photo/photo.service.ts

@@ -43,7 +43,14 @@ export class PhotoService {
     const blob = this.photoBucket.file(filename);
 
     await blob.save(file.buffer, {
-      metadata: { contentType: file.mimetype },
+      metadata: {
+        contentType: file.mimetype,
+        metadata: {
+          approvalStatus: "pending",
+          uploadedBy: userId,
+          uploadedAt: new Date().toISOString(),
+        },
+      },
     });
 
     return { photoId, photoUrl: this.getPublicPhotoUrl(filename) };
@@ -54,12 +61,67 @@ export class PhotoService {
   > {
     const [files] = await this.photoBucket.getFiles();
 
+    // Filter to only show approved photos
+    const approvedFiles = files.filter((file) => {
+      const approvalStatus = file.metadata.metadata?.approvalStatus;
+      // If metadata is missing, treat as pending (backward compatibility)
+      // Only show if explicitly approved
+      return approvalStatus === "approved";
+    });
+
+    return approvedFiles.map((file) => ({
+      name: file.name,
+      url: this.getPublicPhotoUrl(file.name),
+      createdAt: file.metadata.timeCreated
+        ? new Date(file.metadata.timeCreated)
+        : new Date(),
+    }));
+  }
+
+  async getAllPendingPhotos(): Promise<
+    {
+      name: string;
+      url: string;
+      createdAt: Date;
+      uploadedBy: string;
+      approvalStatus: string;
+    }[]
+  > {
+    const [files] = await this.photoBucket.getFiles();
+
+    // Get all photos with their approval status
     return files.map((file) => ({
       name: file.name,
       url: this.getPublicPhotoUrl(file.name),
       createdAt: file.metadata.timeCreated
         ? new Date(file.metadata.timeCreated)
         : new Date(),
+      uploadedBy: String(file.metadata.metadata?.uploadedBy || "unknown"),
+      // If metadata is missing, treat as pending (backward compatibility)
+      approvalStatus: String(file.metadata.metadata?.approvalStatus || "pending"),
     }));
   }
+
+  async updatePhotoApprovalStatus(
+    filename: string,
+    status: "approved" | "rejected",
+    adminId: string,
+  ): Promise<void> {
+    const file = this.photoBucket.file(filename);
+    const [existingMetadata] = await file.getMetadata();
+
+    // Preserve existing metadata or create new structure
+    // This handles backward compatibility for photos without metadata
+    await file.setMetadata({
+      metadata: {
+        ...existingMetadata.metadata,
+        approvalStatus: status,
+        reviewedBy: adminId,
+        reviewedAt: new Date().toISOString(),
+        // If uploadedBy/uploadedAt are missing, set defaults for backward compatibility
+        uploadedBy: existingMetadata.metadata?.uploadedBy || "unknown",
+        uploadedAt: existingMetadata.metadata?.uploadedAt || existingMetadata.timeCreated || new Date().toISOString(),
+      },
+    });
+  }
 }