create nurse routes and tests

Author: kpcode11

scripts/smoke-nurse-routes.ts

@@ -0,0 +1,133 @@
+/* smoke-nurse-routes.ts — quick runtime checks for nurse route handlers
+   - Mocks `requirePermission` and `prisma` methods used by the handlers
+   - Executes each handler and asserts expected shape/status
+*/
+import assert from 'assert';
+
+// import modules under test
+import * as bedsRoute from '@/app/api/nurse/beds/route';
+import * as bedsAvailableRoute from '@/app/api/nurse/beds/available/route';
+import * as bedStatusRoute from '@/app/api/nurse/beds/[bedId]/status/route';
+import * as assignmentsRoute from '@/app/api/nurse/bed-assignments/route';
+import * as dischargeRoute from '@/app/api/nurse/bed-assignments/[id]/discharge/route';
+import * as patientsRoute from '@/app/api/nurse/patients/[patientId]/route';
+import * as patientBedRoute from '@/app/api/nurse/patients/[patientId]/bed/route';
+import * as emrRoute from '@/app/api/nurse/patients/[patientId]/emr/route';
+import * as labRoute from '@/app/api/nurse/patients/[patientId]/lab-tests/route';
+import * as nursingRecordsRoute from '@/app/api/nurse/nursing-records/route';
+import * as wardAssignmentsRoute from '@/app/api/nurse/ward/assignments/route';
+import * as auditLogsRoute from '@/app/api/nurse/audit-logs/route';
+
+import * as authLib from '@/lib/authorization';
+import { prisma } from '@/lib/prisma';
+
+// helpers
+const jsonRequest = (body?: any) => new Request('http://localhost', { method: body ? 'POST' : 'GET', body: body ? JSON.stringify(body) : undefined });
+
+async function run() {
+  // stub authorization to an authorized nurse by default
+  (authLib as any).requirePermission = async (req: any, perm: string) => {
+    if (perm === 'beds.update' || perm === 'nursing.create') {
+      return { session: { user: { id: 'u-nurse' } } } as any;
+    }
+    return {} as any;
+  };
+
+  // ---- beds list ----
+  (prisma.bed as any).findMany = async (opts: any) => [ { id: 'b1', bedNumber: '1', ward: 'A', bedType: 'standard', status: 'AVAILABLE' } ];
+  let res: any = await bedsRoute.GET(jsonRequest());
+  let j = await res.json();
+  assert(Array.isArray(j) && j.length > 0 && j[0].bedNumber === '1');
+
+  // ---- available beds ----
+  (prisma.bed as any).findMany = async (opts: any) => [ { id: 'b1', bedNumber: '1', ward: 'A', bedType: 'standard', status: 'AVAILABLE' } ];
+  res = await bedsAvailableRoute.GET(jsonRequest());
+  j = await res.json();
+  assert(j.every((x: any) => x.status === 'AVAILABLE'));
+
+  // ---- update bed status (PATCH) ----
+  (prisma.bed as any).findUnique = async (q: any) => ({ id: 'b1', status: 'AVAILABLE' });
+  (prisma.bed as any).update = async (q: any) => ({ id: 'b1', status: q.data.status });
+  res = await bedStatusRoute.PATCH(new Request('http://localhost', { method: 'PATCH', body: JSON.stringify({ status: 'MAINTENANCE' }) }) as any, { params: { bedId: 'b1' } } as any);
+  j = await res.json();
+  assert(j.status === 'MAINTENANCE');
+
+  // ---- create bed-assignment (POST) ----
+  (prisma.bed as any).findUnique = async (q: any) => ({ id: 'b1', status: 'AVAILABLE' });
+  (prisma.nurse as any).findUnique = async (q: any) => ({ id: 'n1' });
+  const fakeAssign = { id: 'a1', bedId: 'b1', patientId: 'p1', nurseId: 'n1' };
+  (prisma as any).$transaction = async (ops: any[]) => [ fakeAssign, { id: 'b1', status: 'OCCUPIED' } ];
+
+  res = await assignmentsRoute.POST(jsonRequest({ bedId: 'b1', patientId: 'p1' }) as any);
+  j = await res.json();
+  assert(j.id === 'a1');
+
+  // ---- list active assignments ----
+  (prisma.bedAssignment as any).findMany = async (opts: any) => [ fakeAssign ];
+  res = await assignmentsRoute.GET(jsonRequest());
+  j = await res.json();
+  assert(Array.isArray(j));
+
+  // ---- discharge assignment ----
+  const existing = { id: 'a2', bedId: 'b2', dischargedAt: null, bed: { id: 'b2', status: 'OCCUPIED' } };
+  (prisma.bedAssignment as any).findUnique = async (q: any) => existing;
+  (prisma as any).$transaction = async (ops: any[]) => [ { ...existing, dischargedAt: new Date() }, { id: 'b2', status: 'AVAILABLE' } ];
+  res = await dischargeRoute.PATCH(jsonRequest() as any, { params: { id: 'a2' } } as any);
+  j = await res.json();
+  assert(j.assignment.dischargedAt);
+  assert(j.bed.status === 'AVAILABLE');
+
+  // ---- patient basic info ----
+  (prisma.patient as any).findUnique = async (q: any) => ({ id: 'p1', firstName: 'A', lastName: 'B', dateOfBirth: new Date(), gender: 'F', phone: 'x' });
+  res = await patientsRoute.GET(jsonRequest() as any, { params: { patientId: 'p1' } } as any);
+  j = await res.json();
+  assert(j.id === 'p1');
+
+  // ---- patient bed ----
+  (prisma.bedAssignment as any).findFirst = async (q: any) => ({ id: 'a1', bedId: 'b1', patientId: 'p1', bed: { id: 'b1', bedNumber: '1' } });
+  res = await patientBedRoute.GET(jsonRequest() as any, { params: { patientId: 'p1' } } as any);
+  j = await res.json();
+  assert(j.bed && j.patientId === 'p1');
+
+  // ---- EMR and lab-tests (read-only) ----
+  (prisma.eMR as any).findMany = async (q: any) => [{ id: 'e1', diagnosis: 'X' }];
+  res = await emrRoute.GET(jsonRequest() as any, { params: { patientId: 'p1' } } as any);
+  j = await res.json();
+  assert(Array.isArray(j));
+
+  (prisma.labTest as any).findMany = async (q: any) => [{ id: 'lt1', testType: 'CBC' }];
+  res = await labRoute.GET(jsonRequest() as any, { params: { patientId: 'p1' } } as any);
+  j = await res.json();
+  assert(Array.isArray(j));
+
+  // ---- nursing records GET/POST ----
+  (prisma.nursingRecord as any).findMany = async (q: any) => [{ id: 'nr1', nurseId: 'n1', vitals: {} }];
+  res = await nursingRecordsRoute.GET(new Request('http://localhost?patientName=foo') as any);
+  j = await res.json();
+  assert(Array.isArray(j));
+
+  (prisma.nursingRecord as any).create = async (q: any) => ({ id: 'nr2', ...q.data });
+  res = await nursingRecordsRoute.POST(jsonRequest({ nurseId: 'n1', patientName: 'p1', vitals: { bp: '120/80' } }) as any);
+  j = await res.json();
+  assert(j.id === 'nr2');
+
+  // ---- ward assignments ----
+  (prisma.nurse as any).findUnique = async (q: any) => ({ id: 'n1', department: 'Ward A' });
+  (prisma.bedAssignment as any).findMany = async (q: any) => [ { id: 'a1', bed: { ward: 'Ward A' }, patient: { id: 'p1' } } ];
+  res = await wardAssignmentsRoute.GET(new Request('http://localhost') as any);
+  j = await res.json();
+  assert(Array.isArray(j));
+
+  // ---- audit logs ----
+  (prisma.auditLog as any).findMany = async (q: any) => [ { id: 'al1', action: 'bed.assign' } ];
+  res = await auditLogsRoute.GET(new Request('http://localhost') as any);
+  j = await res.json();
+  assert(Array.isArray(j));
+
+  console.log('SMOKE: all nurse route handlers returned expected responses ✅');
+}
+
+run().catch(err => {
+  console.error('SMOKE FAILED —', err);
+  process.exitCode = 2;
+});

src/app/(dashboard)/receptionist/appointments/page.tsx

@@ -382,7 +382,7 @@ export default function AppointmentBooking() {
       string,
       "default" | "success" | "warning" | "destructive"
     > = {
-      SCHEDULED: "info",
+      SCHEDULED: "default",
       COMPLETED: "success",
       CANCELLED: "destructive",
       NO_SHOW: "warning",

src/app/api/nurse/audit-logs/route.ts

@@ -0,0 +1,23 @@
+import { NextResponse } from 'next/server';
+import { requirePermission } from '@/lib/authorization';
+import { prisma } from '@/lib/prisma';
+
+export async function GET(req: Request) {
+  try {
+    await requirePermission(req, 'audit.read');
+  } catch (err) {
+    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
+  }
+
+  const url = new URL(req.url);
+  const resource = url.searchParams.get('resource');
+  const actorId = url.searchParams.get('actorId');
+
+  const where: any = {};
+  if (resource) where.resource = resource;
+  if (actorId) where.actorId = actorId;
+
+  // limit and ordering consistent with other audit endpoints
+  const rows = await prisma.auditLog.findMany({ where, orderBy: { createdAt: 'desc' }, take: 200 });
+  return NextResponse.json(rows);
+}

src/app/api/nurse/bed-assignments/[id]/discharge/route.ts

@@ -0,0 +1,27 @@
+import { NextResponse } from 'next/server';
+import { requirePermission } from '@/lib/authorization';
+import { prisma } from '@/lib/prisma';
+import { createAudit } from '@/services/audit.service';
+
+export async function PATCH(req: Request, { params }: { params: { id: string } }) {
+  try {
+    const res = await requirePermission(req, 'beds.update');
+    const actorId = res.session?.user?.id ?? null;
+
+    const existing = await prisma.bedAssignment.findUnique({ where: { id: params.id }, include: { bed: true } });
+    if (!existing) return NextResponse.json({ error: 'Not found' }, { status: 404 });
+    if (existing.dischargedAt) return NextResponse.json({ error: 'Already discharged' }, { status: 409 });
+
+    const dischargedAt = new Date();
+    const [updatedAssignment, updatedBed] = await prisma.$transaction([
+      prisma.bedAssignment.update({ where: { id: params.id }, data: { dischargedAt } }),
+      prisma.bed.update({ where: { id: existing.bedId }, data: { status: 'AVAILABLE' } })
+    ]);
+
+    await createAudit({ actorId, action: 'bed.discharge', resource: 'BedAssignment', resourceId: params.id, before: existing, after: updatedAssignment });
+
+    return NextResponse.json({ assignment: updatedAssignment, bed: updatedBed });
+  } catch (err) {
+    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
+  }
+}

src/app/api/nurse/bed-assignments/route.ts

@@ -0,0 +1,51 @@
+import { NextResponse } from 'next/server';
+import { requirePermission } from '@/lib/authorization';
+import { prisma } from '@/lib/prisma';
+import { createAudit } from '@/services/audit.service';
+
+export async function GET(req: Request) {
+  try {
+    await requirePermission(req, 'beds.read');
+  } catch (err) {
+    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
+  }
+
+  const rows = await prisma.bedAssignment.findMany({ where: { dischargedAt: null }, include: { bed: true, patient: true, nurse: { select: { id: true, department: true } } }, orderBy: { assignedAt: 'desc' } });
+  return NextResponse.json(rows);
+}
+
+export async function POST(req: Request) {
+  try {
+    const res = await requirePermission(req, 'beds.update');
+    const actorId = res.session?.user?.id ?? null;
+    const body = await req.json();
+    const { bedId, patientId } = body || {};
+    if (!bedId || !patientId) return NextResponse.json({ error: 'bedId and patientId required' }, { status: 400 });
+
+    // ensure bed exists and is available
+    const bed = await prisma.bed.findUnique({ where: { id: bedId } });
+    if (!bed) return NextResponse.json({ error: 'bed not found' }, { status: 404 });
+    if (bed.status !== 'AVAILABLE') return NextResponse.json({ error: 'bed not available' }, { status: 409 });
+
+    // validate patient exists and is not already admitted
+    const patient = await prisma.patient.findUnique({ where: { id: patientId } });
+    if (!patient) return NextResponse.json({ error: 'patient not found' }, { status: 404 });
+    const existingAssignment = await prisma.bedAssignment.findFirst({ where: { patientId, dischargedAt: null } });
+    if (existingAssignment) return NextResponse.json({ error: 'patient already assigned to a bed' }, { status: 409 });
+
+    // resolve nurse entity from session if present
+    const userId = res.session?.user?.id ?? null;
+    const nurse = userId ? await prisma.nurse.findUnique({ where: { userId } }) : null;
+
+    const [assignment] = await prisma.$transaction([
+      prisma.bedAssignment.create({ data: { bedId, patientId, nurseId: nurse?.id ?? undefined } }),
+      prisma.bed.update({ where: { id: bedId }, data: { status: 'OCCUPIED' } })
+    ]);
+
+    await createAudit({ actorId, action: 'bed.assign', resource: 'BedAssignment', resourceId: assignment.id, after: assignment });
+
+    return NextResponse.json(assignment, { status: 201 });
+  } catch (err) {
+    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
+  }
+}

src/app/api/nurse/beds/[bedId]/status/route.ts

@@ -0,0 +1,32 @@
+import { NextResponse } from 'next/server';
+import { requirePermission } from '@/lib/authorization';
+import { prisma } from '@/lib/prisma';
+import { createAudit } from '@/services/audit.service';
+
+export async function PATCH(req: Request, { params }: { params: { bedId: string } }) {
+  try {
+    const res = await requirePermission(req, 'beds.update');
+    const actorId = res.session?.user?.id ?? null;
+    const { status } = await req.json();
+    if (!['AVAILABLE', 'OCCUPIED', 'MAINTENANCE'].includes(status)) {
+      return NextResponse.json({ error: 'invalid status' }, { status: 400 });
+    }
+
+    const before = await prisma.bed.findUnique({ where: { id: params.bedId } });
+    if (!before) return NextResponse.json({ error: 'Not found' }, { status: 404 });
+
+    // don't allow marking AVAILABLE if there's an active assignment for this bed
+    if (status === 'AVAILABLE') {
+      const active = await prisma.bedAssignment.findFirst({ where: { bedId: params.bedId, dischargedAt: null } });
+      if (active) return NextResponse.json({ error: 'bed has active assignment' }, { status: 409 });
+    }
+
+    const updated = await prisma.bed.update({ where: { id: params.bedId }, data: { status } });
+
+    await createAudit({ actorId, action: 'bed.status.update', resource: 'Bed', resourceId: params.bedId, before, after: updated });
+
+    return NextResponse.json(updated);
+  } catch (err) {
+    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
+  }
+}

src/app/api/nurse/beds/available/route.ts

@@ -0,0 +1,19 @@
+import { NextResponse } from 'next/server';
+import { requirePermission } from '@/lib/authorization';
+import { prisma } from '@/lib/prisma';
+
+export async function GET(req: Request) {
+  try {
+    await requirePermission(req, 'beds.read');
+  } catch (err) {
+    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
+  }
+
+  const rows = await prisma.bed.findMany({
+    where: { status: 'AVAILABLE' },
+    orderBy: { bedNumber: 'asc' },
+    select: { id: true, bedNumber: true, ward: true, bedType: true, status: true }
+  });
+
+  return NextResponse.json(rows);
+}

src/app/api/nurse/beds/route.ts

@@ -0,0 +1,19 @@
+import { NextResponse } from 'next/server';
+import { requirePermission } from '@/lib/authorization';
+import { prisma } from '@/lib/prisma';
+
+export async function GET(req: Request) {
+  try {
+    await requirePermission(req, 'beds.read');
+  } catch (err) {
+    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
+  }
+
+  const rows = await prisma.bed.findMany({
+    take: 1000,
+    orderBy: { bedNumber: 'asc' },
+    select: { id: true, bedNumber: true, ward: true, bedType: true, status: true, updatedAt: true }
+  });
+
+  return NextResponse.json(rows);
+}

src/app/api/nurse/nursing-records/[id]/route.ts

@@ -0,0 +1,36 @@
+import { NextResponse } from 'next/server';
+import { requirePermission } from '@/lib/authorization';
+import { prisma } from '@/lib/prisma';
+import { createAudit } from '@/services/audit.service';
+
+export async function GET(req: Request, { params }: { params: { id: string } }) {
+  try {
+    await requirePermission(req, 'nursing.read');
+  } catch (err) {
+    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
+  }
+
+  const rec = await prisma.nursingRecord.findUnique({ where: { id: params.id } });
+  if (!rec) return NextResponse.json({ error: 'Not found' }, { status: 404 });
+  return NextResponse.json(rec);
+}
+
+export async function PATCH(req: Request, { params }: { params: { id: string } }) {
+  try {
+    const res = await requirePermission(req, 'nursing.update');
+    const actorId = res.session?.user?.id ?? null;
+    const body = await req.json();
+    const before = await prisma.nursingRecord.findUnique({ where: { id: params.id } });
+    if (!before) return NextResponse.json({ error: 'Not found' }, { status: 404 });
+
+    const allowed: any = {};
+    if (body.vitals) allowed.vitals = body.vitals;
+    if (typeof body.notes === 'string') allowed.notes = body.notes;
+
+    const updated = await prisma.nursingRecord.update({ where: { id: params.id }, data: allowed });
+    await createAudit({ actorId, action: 'nursing.record.update', resource: 'NursingRecord', resourceId: params.id, before, after: updated });
+    return NextResponse.json(updated);
+  } catch (err) {
+    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
+  }
+}

src/app/api/nurse/nursing-records/route.ts

@@ -0,0 +1,39 @@
+import { NextResponse } from 'next/server';
+import { requirePermission } from '@/lib/authorization';
+import { prisma } from '@/lib/prisma';
+import { Prisma } from '@prisma/client';
+import { createAudit } from '@/services/audit.service';
+
+export async function GET(req: Request) {
+  try {
+    await requirePermission(req, 'nursing.read');
+  } catch (err) {
+    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
+  }
+
+  const url = new URL(req.url);
+  const patientName = url.searchParams.get('patientName');
+  const where: Prisma.NursingRecordWhereInput = patientName
+    ? { patientName: { contains: patientName, mode: Prisma.QueryMode.insensitive } }
+    : {};
+
+  const rows = await prisma.nursingRecord.findMany({ where, orderBy: { createdAt: 'desc' }, take: 200 });
+  return NextResponse.json(rows);
+}
+
+export async function POST(req: Request) {
+  try {
+    const res = await requirePermission(req, 'nursing.create');
+    const actorId = res.session?.user?.id ?? null;
+    const body = await req.json();
+    if (!body.vitals || !body.nurseId) return NextResponse.json({ error: 'nurseId and vitals required' }, { status: 400 });
+
+    const rec = await prisma.nursingRecord.create({ data: { nurseId: body.nurseId, patientName: body.patientName ?? '', vitals: body.vitals ?? {}, notes: body.notes ?? null } });
+
+    await createAudit({ actorId, action: 'nursing.record.create', resource: 'NursingRecord', resourceId: rec.id, after: rec });
+
+    return NextResponse.json(rec, { status: 201 });
+  } catch (err) {
+    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
+  }
+}