Expense Reimbursement System (ERS) API

The Expense Reimbursement System (ERS) will manage the process of reimbursing employees for expenses incurred while on company time. All employees in the company can login and submit requests for reimbursement and view their past tickets and pending requests. Finance managers can log in and view all reimbursement requests and past history for all employees in the company. Finance managers are authorized to approve and deny requests for expense reimbursement.

Models

User
The User model keeps track of users information.

{
  userId: number, // primary key           user(hasownproperty)
	username: string, // not null, unique
	password: string, // not null
	firstName: string, // not null
	lastName: string, // not null
	email: string, // not null
	role: Role // not null
}

Role
The Role model is used to track what permissions a user has

{
  roleId: number, // primary key
  role: string // not null, unique
}

Reimbursement
The Reimbursement model is used to represent a single reimbursement that an employee would submit

{
  reimbursementId: number, // primary key
	author: number,  // foreign key -> User, not null
	amount: number,  // not null
  dateSubmitted: number, // not null
  dateResolved: number, // not null
  description: string, // not null
  resolver: number, // foreign key -> User
  status: number, // foreign ey -> ReimbursementStatus, not null
  type: number // foreign key -> ReimbursementType
}

ReimbursementStatus
The ReimbursementStatus model is used to track the status of reimbursements. Status possibilities are Pending, Approved, or Denied.

{
  statusId: number, // primary key
  status: string // not null, unique
}

ReimbursementType
The ReimbursementType model is used to track what kind of reimbursement is being submitted. Type possibilities are Lodging, Travel, Food, or Other.

{
  typeId: number, // primary key
  type: string, // not null, unique
}

Endpoints

Security

Security should be handled through session storage. If a user does not have permission to access a particular endpoint it should return the following:

Status Code: 401 UNAUTHORIZED
Content:
```
{
  "message": "The incoming token has expired"
}
```
Occurs if they do not have the appropriate permissions.

Available Endpoints

Retreives users from the database

Login

URL /login
Method: POST

Request:

{
  username: string,
  password: string
}

Response:
```
  User
```
Error Response
- Status Code: 400 BAD REQUEST
```
{
  message: "Invalid Credentials"
}
```

Find Users

URL /users
Method: GET
Allowed Roles finance-manager
Response:
```
[
  User
]
```

Find Users By Id

URL /users/:id
Method: GET
Allowed Roles finance-manager or if the id provided matches the id of the current user
Response:
```
[
  User
]
```

Update User

URL /users
Method: PATCH
Allowed Roles admin
Request The userId must be presen as well as all fields to update, any field left undefined will not be updated.
```
  User
```
Response:
```
  User
```

Find Reimbursements By Status

Reimbursements should be ordered by date

URL /reimbursements/status/:statusId
For a challenge you could do this instead:
/reimbursements/status/:statudId/date-submitted?start=:startDate&end=:endDate
Method: GET
Allowed Roles finance-manager
Response:
```
[
  Reimbursement
]
```

Find Reimbursements By User