gbanyan/usher-manage-stack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
86f22f2a7664675c5c904ea5638a476fa40d763b
usher-manage-stack/docs/API_ROUTES.md
gbanyan 13bc6db529 Initial commit
2025-11-20 23:21:05 +08:00

18 KiB
Raw Blame History

API Routes Documentation

Taiwan NPO Membership Management System

Last Updated: 2025-11-20

This document provides a complete routing table for the application.

Route Legend

Middleware:

  • auth - Requires authentication
  • admin - Requires admin role/permission (via EnsureUserIsAdmin)
  • verified - Requires email verification
  • paid - Requires active paid membership (via CheckPaidMembership)

HTTP Methods:

  • GET - Retrieve resource
  • POST - Create resource
  • PATCH - Update resource
  • DELETE - Delete resource

1. Public Routes

Method URI Name Controller@Method Middleware Description
GET / - Closure - Welcome page
GET /register/member register.member PublicMemberRegistrationController@create - Public member registration form
POST /register/member register.member.store PublicMemberRegistrationController@store - Process public registration

2. Authentication Routes

Provided by Laravel Breeze (routes/auth.php):

Method URI Name Description
GET /login login Login form
POST /login - Process login
POST /logout logout Logout
GET /register register Registration form (default Laravel)
POST /register - Process registration
GET /forgot-password password.request Password reset request
POST /forgot-password password.email Send reset email
GET /reset-password/{token} password.reset Password reset form
POST /reset-password password.update Update password
GET /verify-email verification.notice Email verification notice
GET /verify-email/{id}/{hash} verification.verify Verify email
POST /email/verification-notification verification.send Resend verification

3. Authenticated Member Routes

Middleware: auth

Method URI Name Controller@Method Description
GET /dashboard dashboard Closure Default dashboard
GET /my-membership member.dashboard MemberDashboardController@show Member dashboard
GET /member/submit-payment member.payments.create MemberPaymentController@create Payment submission form
POST /member/payments member.payments.store MemberPaymentController@store Submit payment
GET /profile profile.edit ProfileController@edit Edit profile
PATCH /profile profile.update ProfileController@update Update profile
DELETE /profile profile.destroy ProfileController@destroy Delete account

4. Admin Routes

Middleware: auth, admin Prefix: /admin Name Prefix: admin.

4.1 Dashboard

Method URI Name Controller@Method Description
GET /admin/dashboard admin.dashboard AdminDashboardController@index Admin dashboard

4.2 Member Management

Method URI Name Controller@Method Required Permission Description
GET /admin/members admin.members.index AdminMemberController@index - List members
GET /admin/members/create admin.members.create AdminMemberController@create - Create form
POST /admin/members admin.members.store AdminMemberController@store - Store member
GET /admin/members/{member} admin.members.show AdminMemberController@show - Show member
GET /admin/members/{member}/edit admin.members.edit AdminMemberController@edit - Edit form
PATCH /admin/members/{member} admin.members.update AdminMemberController@update - Update member
PATCH /admin/members/{member}/roles admin.members.roles.update AdminMemberController@updateRoles - Update member roles
GET /admin/members/{member}/activate admin.members.activate AdminMemberController@showActivate activate_memberships Activation form
POST /admin/members/{member}/activate admin.members.activate.store AdminMemberController@activate activate_memberships Activate membership
GET /admin/members/import admin.members.import-form AdminMemberController@importForm - Import form
POST /admin/members/import admin.members.import AdminMemberController@import - Import CSV
GET /admin/members/export admin.members.export AdminMemberController@export - Export CSV

4.3 Payment Management (Admin)

Method URI Name Controller@Method Description
GET /admin/members/{member}/payments/create admin.members.payments.create AdminPaymentController@create Create payment form
POST /admin/members/{member}/payments admin.members.payments.store AdminPaymentController@store Store payment
GET /admin/members/{member}/payments/{payment}/edit admin.members.payments.edit AdminPaymentController@edit Edit payment form
PATCH /admin/members/{member}/payments/{payment} admin.members.payments.update AdminPaymentController@update Update payment
DELETE /admin/members/{member}/payments/{payment} admin.members.payments.destroy AdminPaymentController@destroy Delete payment
GET /admin/members/{member}/payments/{payment}/receipt admin.members.payments.receipt AdminPaymentController@receipt Download receipt

4.4 Payment Verification

Method URI Name Controller@Method Required Permission Description
GET /admin/payment-verifications admin.payment-verifications.index PaymentVerificationController@index view_payment_verifications Dashboard
GET /admin/payment-verifications/{payment} admin.payment-verifications.show PaymentVerificationController@show view_payment_verifications Payment details
POST /admin/payment-verifications/{payment}/approve-cashier admin.payment-verifications.approve-cashier PaymentVerificationController@approveByCashier verify_payments_cashier Tier 1 approval
POST /admin/payment-verifications/{payment}/approve-accountant admin.payment-verifications.approve-accountant PaymentVerificationController@approveByAccountant verify_payments_accountant Tier 2 approval
POST /admin/payment-verifications/{payment}/approve-chair admin.payment-verifications.approve-chair PaymentVerificationController@approveByChair verify_payments_chair Tier 3 approval
POST /admin/payment-verifications/{payment}/reject admin.payment-verifications.reject PaymentVerificationController@reject verify_payments_* Reject payment
GET /admin/payment-verifications/{payment}/receipt admin.payment-verifications.download-receipt PaymentVerificationController@downloadReceipt view_payment_verifications Download receipt

4.5 Finance Documents

Method URI Name Controller@Method Description
GET /admin/finance-documents admin.finance.index FinanceDocumentController@index List documents
GET /admin/finance-documents/create admin.finance.create FinanceDocumentController@create Create form
POST /admin/finance-documents admin.finance.store FinanceDocumentController@store Store document
GET /admin/finance-documents/{financeDocument} admin.finance.show FinanceDocumentController@show Show document
POST /admin/finance-documents/{financeDocument}/approve admin.finance.approve FinanceDocumentController@approve Approve (multi-tier)
POST /admin/finance-documents/{financeDocument}/reject admin.finance.reject FinanceDocumentController@reject Reject
GET /admin/finance-documents/{financeDocument}/download admin.finance.download FinanceDocumentController@download Download attachment

4.6 Issue Tracking

Method URI Name Controller@Method Description
GET /admin/issues admin.issues.index IssueController@index List issues
GET /admin/issues/create admin.issues.create IssueController@create Create form
POST /admin/issues admin.issues.store IssueController@store Store issue
GET /admin/issues/{issue} admin.issues.show IssueController@show Show issue
GET /admin/issues/{issue}/edit admin.issues.edit IssueController@edit Edit form
PATCH /admin/issues/{issue} admin.issues.update IssueController@update Update issue
DELETE /admin/issues/{issue} admin.issues.destroy IssueController@destroy Delete issue
POST /admin/issues/{issue}/assign admin.issues.assign IssueController@assign Assign user
PATCH /admin/issues/{issue}/status admin.issues.update-status IssueController@updateStatus Update status
POST /admin/issues/{issue}/comments admin.issues.comments.store IssueController@addComment Add comment
POST /admin/issues/{issue}/attachments admin.issues.attachments.store IssueController@uploadAttachment Upload file
GET /admin/issues/attachments/{attachment}/download admin.issues.attachments.download IssueController@downloadAttachment Download file
DELETE /admin/issues/attachments/{attachment} admin.issues.attachments.destroy IssueController@deleteAttachment Delete file
POST /admin/issues/{issue}/time-logs admin.issues.time-logs.store IssueController@logTime Log time
POST /admin/issues/{issue}/watchers admin.issues.watchers.store IssueController@addWatcher Add watcher
DELETE /admin/issues/{issue}/watchers admin.issues.watchers.destroy IssueController@removeWatcher Remove watcher

4.7 Issue Labels

Method URI Name Controller@Method Description
GET /admin/issue-labels admin.issue-labels.index IssueLabelController@index List labels
GET /admin/issue-labels/create admin.issue-labels.create IssueLabelController@create Create form
POST /admin/issue-labels admin.issue-labels.store IssueLabelController@store Store label
GET /admin/issue-labels/{issueLabel}/edit admin.issue-labels.edit IssueLabelController@edit Edit form
PATCH /admin/issue-labels/{issueLabel} admin.issue-labels.update IssueLabelController@update Update label
DELETE /admin/issue-labels/{issueLabel} admin.issue-labels.destroy IssueLabelController@destroy Delete label

4.8 Issue Reports

Method URI Name Controller@Method Description
GET /admin/issue-reports admin.issue-reports.index IssueReportsController@index View reports

4.9 Budget Management

Method URI Name Controller@Method Description
GET /admin/budgets admin.budgets.index BudgetController@index List budgets
GET /admin/budgets/create admin.budgets.create BudgetController@create Create form
POST /admin/budgets admin.budgets.store BudgetController@store Store budget
GET /admin/budgets/{budget} admin.budgets.show BudgetController@show Show budget
GET /admin/budgets/{budget}/edit admin.budgets.edit BudgetController@edit Edit form
PATCH /admin/budgets/{budget} admin.budgets.update BudgetController@update Update budget
POST /admin/budgets/{budget}/submit admin.budgets.submit BudgetController@submit Submit for approval
POST /admin/budgets/{budget}/approve admin.budgets.approve BudgetController@approve Approve budget
POST /admin/budgets/{budget}/activate admin.budgets.activate BudgetController@activate Activate budget
POST /admin/budgets/{budget}/close admin.budgets.close BudgetController@close Close budget
DELETE /admin/budgets/{budget} admin.budgets.destroy BudgetController@destroy Delete budget

4.10 Transaction Management

Method URI Name Controller@Method Description
GET /admin/transactions admin.transactions.index TransactionController@index List transactions
GET /admin/transactions/create admin.transactions.create TransactionController@create Create form
POST /admin/transactions admin.transactions.store TransactionController@store Store transaction
GET /admin/transactions/{transaction} admin.transactions.show TransactionController@show Show transaction
GET /admin/transactions/{transaction}/edit admin.transactions.edit TransactionController@edit Edit form
PATCH /admin/transactions/{transaction} admin.transactions.update TransactionController@update Update transaction
DELETE /admin/transactions/{transaction} admin.transactions.destroy TransactionController@destroy Delete transaction

4.11 Roles & Permissions

Method URI Name Controller@Method Description
GET /admin/roles admin.roles.index AdminRoleController@index List roles
GET /admin/roles/create admin.roles.create AdminRoleController@create Create form
POST /admin/roles admin.roles.store AdminRoleController@store Store role
GET /admin/roles/{role} admin.roles.show AdminRoleController@show Show role
GET /admin/roles/{role}/edit admin.roles.edit AdminRoleController@edit Edit form
PATCH /admin/roles/{role} admin.roles.update AdminRoleController@update Update role
POST /admin/roles/{role}/assign-users admin.roles.assign-users AdminRoleController@assignUsers Assign users
DELETE /admin/roles/{role}/users/{user} admin.roles.remove-user AdminRoleController@removeUser Remove user

4.12 Audit Logs

Method URI Name Controller@Method Description
GET /admin/audit-logs admin.audit.index AdminAuditLogController@index List audit logs
GET /admin/audit-logs/export admin.audit.export AdminAuditLogController@export Export CSV

5. Route Count Summary

Category Routes Middleware
Public 3 None
Auth (Breeze) ~12 Varies
Member 7 auth
Admin Dashboard 1 auth, admin
Admin Members 12 auth, admin
Admin Payments 6 auth, admin
Payment Verification 7 auth, admin, permission-based
Finance Documents 7 auth, admin
Issues 16 auth, admin
Issue Labels 6 auth, admin
Issue Reports 1 auth, admin
Budgets 11 auth, admin
Transactions 7 auth, admin
Roles 8 auth, admin
Audit Logs 2 auth, admin
TOTAL ~106+ -

6. Permission Requirements

Payment Verification Permissions

Permission Description Can Perform
verify_payments_cashier Tier 1 approval Approve as cashier
verify_payments_accountant Tier 2 approval Approve as accountant
verify_payments_chair Tier 3 approval Approve as chair
activate_memberships Membership activation Activate members
view_payment_verifications View dashboard Access verification dashboard

Default Role Permissions

Role Has Permissions
admin All permissions (automatic)
payment_cashier verify_payments_cashier, view_payment_verifications
payment_accountant verify_payments_accountant, view_payment_verifications
payment_chair verify_payments_chair, view_payment_verifications
membership_manager activate_memberships, view_payment_verifications

7. Request/Response Examples

7.1 POST /member/payments (Submit Payment)

Request:

POST /member/payments HTTP/1.1
Content-Type: multipart/form-data

amount=1000
paid_at=2025-11-20
payment_method=bank_transfer
reference=ATM123456
receipt=[FILE]
notes=Annual membership fee

Response (Success):

HTTP/1.1 302 Found
Location: /my-membership
Session: status="Payment submitted successfully!"

7.2 POST /admin/payment-verifications/{id}/approve-cashier

Request:

POST /admin/payment-verifications/123/approve-cashier HTTP/1.1
Content-Type: application/x-www-form-urlencoded

notes=Receipt verified

Response (Success):

HTTP/1.1 302 Found
Location: /admin/payment-verifications
Session: status="Payment approved by cashier."

Response (Error - No Permission):

HTTP/1.1 403 Forbidden

7.3 GET /admin/issues (With Filters)

Request:

GET /admin/issues?status=open&priority=urgent&search=login HTTP/1.1

Response:

HTTP/1.1 200 OK
Content-Type: text/html

[Rendered Blade view with filtered issues]

8. CSRF Protection

All POST, PATCH, PUT, DELETE requests require CSRF token:

<form method="POST" action="/admin/members">
    @csrf
    <!-- form fields -->
</form>

Or via JavaScript:

fetch('/admin/members', {
    method: 'POST',
    headers: {
        'X-CSRF-TOKEN': document.querySelector('meta[name="csrf-token"]').content,
        'Content-Type': 'application/json',
    },
    body: JSON.stringify(data)
})

End of API Routes Documentation

Reference in New Issue View Git Blame Copy Permalink