// File: src/modules/rfa/rfa.controller.ts import { Body, Controller, Get, Param, Post, Query, UseGuards, } from '@nestjs/common'; import { ApiTags, ApiOperation, ApiResponse, ApiBearerAuth, ApiParam, ApiBody, } from '@nestjs/swagger'; import { WorkflowActionDto } from '../correspondence/dto/workflow-action.dto'; import { User } from '../user/entities/user.entity'; import { CreateRfaDto } from './dto/create-rfa.dto'; import { SubmitRfaDto } from './dto/submit-rfa.dto'; import { SearchRfaDto } from './dto/search-rfa.dto'; import { RfaService } from './rfa.service'; import { Audit } from '../../common/decorators/audit.decorator'; import { CurrentUser } from '../../common/decorators/current-user.decorator'; import { RequirePermission } from '../../common/decorators/require-permission.decorator'; import { JwtAuthGuard } from '../../common/guards/jwt-auth.guard'; import { RbacGuard } from '../../common/guards/rbac.guard'; import { ParseUuidPipe } from '../../common/pipes/parse-uuid.pipe'; import { ProjectService } from '../project/project.service'; @ApiTags('RFA (Request for Approval)') @ApiBearerAuth() @UseGuards(JwtAuthGuard, RbacGuard) @Controller('rfas') export class RfaController { constructor( private readonly rfaService: RfaService, private readonly projectService: ProjectService ) {} @Post() @ApiOperation({ summary: 'Create new RFA (Draft)' }) @ApiBody({ type: CreateRfaDto }) @ApiResponse({ status: 201, description: 'RFA created successfully' }) @RequirePermission('rfa.create') @Audit('rfa.create', 'rfa') create(@Body() createDto: CreateRfaDto, @CurrentUser() user: User) { return this.rfaService.create(createDto, user); } @Post(':uuid/submit') @ApiOperation({ summary: 'Submit RFA to Workflow' }) @ApiParam({ name: 'uuid', description: 'RFA UUID (from correspondences.uuid)' }) @ApiBody({ type: SubmitRfaDto }) @ApiResponse({ status: 200, description: 'RFA submitted successfully' }) @RequirePermission('rfa.create') @Audit('rfa.submit', 'rfa') async submit( @Param('uuid', ParseUuidPipe) uuid: string, @Body() submitDto: SubmitRfaDto, @CurrentUser() user: User ) { // ADR-019: resolve UUID → internal INT id via findOneByUuidRaw const rfa = await this.rfaService.findOneByUuidRaw(uuid); return this.rfaService.submit(rfa.id, submitDto.templateId, user); } @Post(':uuid/action') @ApiOperation({ summary: 'Process Workflow Action (Approve/Reject)' }) @ApiParam({ name: 'uuid', description: 'RFA UUID (from correspondences.uuid)' }) @ApiBody({ type: WorkflowActionDto }) @ApiResponse({ status: 200, description: 'Workflow action processed successfully', }) @RequirePermission('workflow.action_review') @Audit('rfa.action', 'rfa') async processAction( @Param('uuid', ParseUuidPipe) uuid: string, @Body() actionDto: WorkflowActionDto, @CurrentUser() user: User ) { // ADR-019: resolve UUID → internal INT id const rfa = await this.rfaService.findOneByUuidRaw(uuid); return this.rfaService.processAction(rfa.id, actionDto, user); } @Get() @ApiOperation({ summary: 'List all RFAs with pagination' }) @ApiResponse({ status: 200, description: 'List of RFAs' }) @RequirePermission('document.view') async findAll(@Query() query: SearchRfaDto) { // ADR-019: resolve projectUuid → internal INT projectId const project = await this.projectService.findOneByUuid(query.projectUuid); query.projectId = project.id; return this.rfaService.findAll(query); } @Get(':uuid') @ApiOperation({ summary: 'Get RFA details with revisions and items' }) @ApiParam({ name: 'uuid', description: 'RFA UUID (from correspondences.uuid)' }) @ApiResponse({ status: 200, description: 'RFA details' }) @RequirePermission('document.view') findOne(@Param('uuid', ParseUuidPipe) uuid: string) { return this.rfaService.findOneByUuid(uuid); } }