3.8 KiB
Staff Awards Reviews Backend
Purpose
staff_awards_reviews stores Awards Earned & Reviews page records for campus staff. It is a dedicated table instead of user_progress because the workflow is not self-only: staff can maintain their own records, and users with MANAGE_AWARDS_REVIEWS can list scoped staff and create, update, or delete records for those staff users.
Slice Files
- Route:
src/routes/staff_awards_reviews.ts(GET /staff,GET /,POST /,PUT /:id,DELETE /:id). - Controller:
src/api/controllers/staff_awards_reviews.controller.ts. - Service:
src/services/staff_awards_reviews.ts. - Model:
src/db/models/staff_awards_reviews.ts. - Migration:
src/db/migrations/20260626110000-staff-support-content.ts. - Seeder:
src/db/seeders/20260613060000-staff-awards-reviews.ts.
API
Mounted at /api/staff_awards_reviews behind JWT authentication and active-scope resolution.
GET /stafflists staff visible in the current scope. RequiresREAD_AWARDS_REVIEWSandMANAGE_AWARDS_REVIEWS.GET /?staffUserId=<id>lists records for the selected staff user when the caller can manage, otherwise it lists the current user's records.POST /creates a record. Staff users create for themselves; managers may passstaffUserId.PUT /:idupdates a record in scope.DELETE /:idsoft-deletes a record in scope.
Access Rules
- Page read requires
READ_AWARDS_REVIEWS. - Staff list and cross-staff mutation require
MANAGE_AWARDS_REVIEWS. - Scope is derived from the current effective role scope, including drill-down active scope:
- organization scope sees organization staff;
- school scope sees school and descendant campus/class staff;
- campus and class scopes see the resolved campus staff;
- non-managers are restricted to their own
staffUserId.
- Staff classification for the staff picker is based on first-class role names (
director,office_manager,teacher,support_staff) as data classification, not as a feature-access fallback.
Seeded role permissions:
- Read:
system_admin,owner,superintendent,principal,director,office_manager,teacher, andsupport_staff. - Manage:
system_admin,owner,superintendent,principal,director, andoffice_manager. registraris intentionally excluded from this staff-support surface even though it has other school-level audit reads.
Data Contract
Columns:
title,record_type(awardorreview),year_label,notes;- optional attachment metadata:
file_name,file_url,file_is_image; - tenant/scope columns:
organizationId,schoolId,campusId,staffUserId; - audit columns:
createdById,updatedById, timestamps,deletedAt.
Attachments are uploaded through POST /api/file/upload/staff-awards-reviews/attachments; the awards/reviews row stores the returned private URL.
Seeded Defaults
The demo and rival seed tenants each receive Awards Earned & Reviews rows for their seeded teacher and support staff users. Each seeded staff user receives:
Teacher of the Year(award,2025-2026);Annual Director Review(review,2025-2026);Perfect Attendance Award(award,2024-2025).
The seeder uses stable UUIDs and skips rows that already exist, so reseeding is idempotent and does not overwrite user-created records.
Tests
src/services/staff_awards_reviews.test.tscovers self-service reads, management-only staff lists, school/campus scope filtering, and manager-created record tenant/campus ownership.src/db/seeders/user-roles.test.tscovers the seeded read/manage permission matrix, including registrar exclusion.- Frontend API route construction is covered by
frontend/src/shared/api/staffAwardsReviews.test.ts.
Related
- Content pages backed by
content_catalog:autism-support-steps,para-certifications. - Frontend:
frontend/docs/staff-support-pages.md.