feat(appointment): Update appointment status to 'pending' on creation and add soft delete functionality

feat(chat): Enhance conversation user retrieval with optional role filtering and improved response structure
feat(appointment): Add validation for appointment creation and update schemas to support multiple ID formats

Author: Dave-code-creater

src/controllers/appointment.controller.js

@@ -202,7 +202,8 @@ class AppointmentController {
 
         // Override patient_id to their own record (security)
         appointmentData.patient_id = patient.id;
-        appointmentData.status = appointmentData.status || 'scheduled';
+        // Patient bookings start as 'pending' until doctor confirms
+        appointmentData.status = appointmentData.status || 'pending';
         appointmentData.location = appointmentData.location || 'main_office';
 
         api.info('👤 Patient self-booking (security override):', {

src/controllers/chat.controller.js

@@ -227,14 +227,32 @@ class ChatController {
   /**
    * Get users for creating conversations with role filtering
    * GET /chat/conversations/users?role=doctor&search_term=smith&per_page=50
+   * If no role is provided, returns all available users based on current user's permissions
    */
   static async getConversationUsers(req, res) {
     try {
       const { role } = req.query;
 
-      // Validate role parameter is provided
+      // If no role is provided, get all available users
       if (!role) {
-        throw new ErrorResponse('Role parameter is required. Must be one of: doctor, staff, admin, patient', 400, '4001');
+        api.info('🔍 getConversationUsers: No role filter, fetching all available users');
+        const users = await ChatService.getAvailableUsersForChat(req.user, req.query);
+
+        const { per_page = 100, search_term = '' } = req.query;
+        const meta = {
+          role_filter: 'all',
+          total_count: users.length,
+          per_page: parseInt(per_page),
+          search_applied: !!search_term,
+          context: 'conversation_creation'
+        };
+
+        return new SuccessResponse(
+          'Available users for conversations retrieved successfully',
+          200,
+          users,
+          meta
+        ).send(res);
       }
 
       // Validate role parameter value

src/repositories/appointment.repository.js

@@ -91,6 +91,32 @@ class AppointmentRepository extends BaseRepository {
     }
   }
 
+  /**
+   * Delete (soft delete) appointment by setting status to cancelled
+   * @param {number} appointmentId - Appointment ID
+   * @param {string} reason - Cancellation reason
+   * @returns {Object|null} Cancelled appointment or null
+   */
+  async deleteAppointment(appointmentId, reason = null) {
+    try {
+      const updateData = {
+        status: 'cancelled',
+        cancelled_at: new Date()
+      };
+
+      if (reason) {
+        updateData.cancellation_reason = reason;
+      }
+
+      const appointment = await this.updateById(appointmentId, updateData);
+      api.info('Appointment soft-deleted (cancelled):', { id: appointmentId });
+      return appointment;
+    } catch (error) {
+      api.error('Error deleting appointment:', error);
+      throw error;
+    }
+  }
+
   /**
    * Get appointments with filtering and pagination
    * @param {Object} conditions - Filter conditions
@@ -104,7 +130,10 @@ class AppointmentRepository extends BaseRepository {
       // Build where clause for complex conditions
       const whereConditions = {};
 
-      if (conditions.doctor_id) whereConditions.doctor_id = conditions.doctor_id;
+      // Support both single values and arrays for doctor_id (for role-based filtering)
+      if (conditions.doctor_id) {
+        whereConditions.doctor_id = conditions.doctor_id;
+      }
       if (conditions.patient_id) whereConditions.patient_id = conditions.patient_id;
       if (conditions.status) whereConditions.status = conditions.status;
       if (conditions.location) whereConditions.location = conditions.location;
@@ -167,7 +196,11 @@ class AppointmentRepository extends BaseRepository {
     try {
       const whereConditions = {};
 
-      if (conditions.doctor_id) whereConditions.doctor_id = conditions.doctor_id;
+      // Support both single values and arrays for doctor_id
+      if (conditions.doctor_id) {
+        whereConditions.doctor_id = conditions.doctor_id;
+      }
+      if (conditions.patient_id) whereConditions.patient_id = conditions.patient_id;
       if (conditions.status) whereConditions.status = conditions.status;
       if (conditions.location) whereConditions.location = conditions.location;
 

src/routes/appointment.routes.js

@@ -3,6 +3,8 @@ const AppointmentController = require('../controllers/appointment.controller');
 const ClinicalNotesController = require('../controllers/clinical-notes.controller');
 const asyncHandler = require('../utils/asyncHandler');
 const { authenticate, authorize, authorizeAppointmentAccess, authorizePatientAppointments } = require('../middleware/auth.middleware');
+const { validateBody } = require('../middleware/validation.middleware');
+const { appointmentCreateSchema, appointmentUpdateSchema } = require('../validators/appointment.validator');
 const { clinicalNotesValidator } = require('../validators');
 
 const router = express.Router();
@@ -176,7 +178,7 @@ router.get('/doctors/:doctor_id/availability', asyncHandler(AppointmentControlle
  *         name: status
  *         schema:
  *           type: string
- *           enum: [scheduled, confirmed, in-progress, completed, cancelled, no-show]
+ *           enum: [pending, scheduled, confirmed, in-progress, completed, cancelled, no-show]
  *         description: Filter by appointment status
  *       - in: query
  *         name: doctor_id
@@ -196,7 +198,13 @@ router.get('/doctors/:doctor_id/availability', asyncHandler(AppointmentControlle
  *             schema:
  *               $ref: '#/components/schemas/PaginatedResponse'
  */
-router.post('/', authenticate, authorize('doctor', 'admin', 'staff', 'patient'), asyncHandler(AppointmentController.createAppointment));
+router.post(
+  '/',
+  authenticate,
+  authorize('doctor', 'admin', 'staff', 'patient'),
+  validateBody(appointmentCreateSchema),
+  asyncHandler(AppointmentController.createAppointment)
+);
 /**
  * @swagger
  * /appointments/check-availability:
@@ -280,7 +288,7 @@ router.post('/check-availability', authenticate, asyncHandler(AppointmentControl
  *         name: status
  *         schema:
  *           type: string
- *           enum: [scheduled, confirmed, in-progress, completed, cancelled, no-show]
+ *           enum: [pending, scheduled, confirmed, in-progress, completed, cancelled, no-show]
  *     responses:
  *       200:
  *         description: Patient appointments retrieved successfully
@@ -322,7 +330,7 @@ router.get('/me', authenticate, authorize('patient'), asyncHandler(AppointmentCo
  *         name: status
  *         schema:
  *           type: string
- *           enum: [scheduled, confirmed, in-progress, completed, cancelled, no-show]
+ *           enum: [pending, scheduled, confirmed, in-progress, completed, cancelled, no-show]
  *     responses:
  *       200:
  *         description: Appointments retrieved successfully
@@ -431,7 +439,7 @@ router.get('/', authenticate, authorize('doctor', 'admin', 'staff'), asyncHandle
  *                 example: "14:00"
  *               status:
  *                 type: string
- *                 enum: [scheduled, confirmed, in-progress, completed, cancelled, no-show]
+ *                 enum: [pending, scheduled, confirmed, in-progress, completed, cancelled, no-show]
  *               location:
  *                 type: string
  *               reason_for_visit:
@@ -467,7 +475,13 @@ router.get('/', authenticate, authorize('doctor', 'admin', 'staff'), asyncHandle
  *         description: Appointment not found
  */
 router.get('/:id', authenticate, authorizeAppointmentAccess, asyncHandler(AppointmentController.getAppointmentById));
-router.put('/:id', authenticate, authorizeAppointmentAccess, asyncHandler(AppointmentController.updateAppointment));
+router.put(
+  '/:id',
+  authenticate,
+  authorizeAppointmentAccess,
+  validateBody(appointmentUpdateSchema),
+  asyncHandler(AppointmentController.updateAppointment)
+);
 /**
  * @swagger
  * /appointments/{id}/reschedule:
@@ -546,7 +560,7 @@ router.use(
  *         name: status
  *         schema:
  *           type: string
- *           enum: [scheduled, confirmed, in-progress, completed, cancelled, no-show]
+ *           enum: [pending, scheduled, confirmed, in-progress, completed, cancelled, no-show]
  *     responses:
  *       200:
  *         description: Nested appointments retrieved successfully
@@ -614,7 +628,7 @@ patientAppointmentsRouter.get('/', asyncHandler(AppointmentController.getPatient
  *                 type: string
  *               status:
  *                 type: string
- *                 enum: [scheduled, confirmed, in-progress, completed, cancelled, no-show]
+ *                 enum: [pending, scheduled, confirmed, in-progress, completed, cancelled, no-show]
  *               location:
  *                 type: string
  *               reason_for_visit:
@@ -654,6 +668,7 @@ patientAppointmentsRouter.put(
   '/:appointment_id',
   mapNestedAppointmentId,
   authorizeAppointmentAccess,
+  validateBody(appointmentUpdateSchema),
   asyncHandler(AppointmentController.updateAppointment)
 );
 

src/routes/chat.routes.js

@@ -69,8 +69,9 @@ router.post('/conversations',
  *         name: role
  *         schema:
  *           type: string
- *           enum: [doctor, staff, admin]
- *         description: Filter by user role
+ *           enum: [doctor, staff, admin, patient]
+ *         required: false
+ *         description: Filter by user role. If omitted, returns all available users based on permissions.
  *       - in: query
  *         name: search_term
  *         schema:
@@ -80,7 +81,7 @@ router.post('/conversations',
  *         name: per_page
  *         schema:
  *           type: integer
- *           default: 25
+ *           default: 100
  *     responses:
  *       200:
  *         description: Users retrieved successfully

src/services/chat.service.js

@@ -1279,6 +1279,7 @@ class ChatService {
     return {
       id: message.id,
       conversation_id: message.conversation_id,
+      // Nested sender object (structured format)
       sender: {
         id: message.sender_id,
         type: message.sender_type,
@@ -1287,12 +1288,21 @@ class ChatService {
         last_name: senderLastName,
         email: message.sender_email || null
       },
+      // Flat sender fields (for backward compatibility and frontend isFromCurrentUser)
+      sender_id: message.sender_id,
+      sender_type: message.sender_type,
+      sender_name: senderFullName,
       content: message.content,
+      message_content: message.content, // Alias for compatibility
       message_type: message.message_type,
       attachment,
       delivery_status: message.delivery_status || message.status || 'sent',
       is_read: typeof message.is_read === 'boolean' ? message.is_read : Boolean(message.read_at),
+      is_delivered: message.is_delivered || false,
+      read_at: message.read_at || null,
+      delivered_at: message.delivered_at || null,
       sent_at: message.sent_at,
+      created_at: message.created_at || message.sent_at,
       updated_at: message.updated_at
     };
   }

src/validators/appointment.validator.js

@@ -1,24 +1,54 @@
 const Joi = require('joi');
 
 // Appointment validation schemas - simplified for small clinic
+// Supports both traditional (doctor_id/patient_id) and modern (sender_id/recipient_id) formats
 const appointmentCreateSchema = Joi.object({
-  doctor_id: Joi.number().integer().positive().required(),
-  patient_id: Joi.number().integer().positive().required(),
+  // Traditional format
+  doctor_id: Joi.number().integer().positive(),
+  patient_id: Joi.number().integer().positive(),
+
+  // Modern format (alternative)
+  sender_id: Joi.number().integer().positive(),
+  recipient_id: Joi.number().integer().positive(),
+
+  // Appointment details
   appointment_date: Joi.string().required(), // Can be "Thursday, June 26, 2025" or "2025-06-26"
+  date: Joi.string(), // Alternative field name for frontend compatibility
   appointment_time: Joi.string().required(), // Can be "11:30 AM" or "14:30"
+  time: Joi.string(), // Alternative field name for frontend compatibility
+
   location: Joi.string().max(100).default('main_office'),
   reason_for_visit: Joi.string().max(500).optional(),
   additional_notes: Joi.string().max(1000).optional(),
-  status: Joi.string().valid('scheduled', 'confirmed', 'in-progress', 'completed', 'cancelled', 'no-show').default('scheduled')
-});
+  notes: Joi.string().max(1000).optional(), // Alternative field name
+  status: Joi.string().valid('pending', 'scheduled', 'confirmed', 'in-progress', 'completed', 'cancelled', 'no-show').default('pending'),
+
+  // Metadata
+  created_by: Joi.number().integer().positive().optional(),
+  updated_by: Joi.number().integer().positive().optional()
+})
+  // Require at least one ID format (traditional OR modern)
+  .or('doctor_id', 'sender_id')
+  .or('patient_id', 'recipient_id')
+  // Require at least one date/time format
+  .or('appointment_date', 'date')
+  .or('appointment_time', 'time');
 
 const appointmentUpdateSchema = Joi.object({
   appointment_date: Joi.string().optional(),
+  date: Joi.string().optional(),
   appointment_time: Joi.string().optional(),
+  time: Joi.string().optional(),
   location: Joi.string().max(100).optional(),
   reason_for_visit: Joi.string().max(500).optional(),
   additional_notes: Joi.string().max(1000).optional(),
-  status: Joi.string().valid('scheduled', 'confirmed', 'in-progress', 'completed', 'cancelled', 'no-show').optional()
+  notes: Joi.string().max(1000).optional(),
+  status: Joi.string().valid('pending', 'scheduled', 'confirmed', 'in-progress', 'completed', 'cancelled', 'no-show').optional(),
+
+  // Metadata
+  updated_by: Joi.number().integer().positive().optional(),
+  cancelled_at: Joi.date().optional(),
+  cancellation_reason: Joi.string().max(500).optional()
 });
 
 module.exports = {