MOC APIs

These endpoints handle MOC creation, retrieval, modification, and deletion.

POST /api/newmoc

Creates a new MOC with an originator form and chat room.

Authentication: Required

File: src/app/api/newmoc/route.ts

Request body:

{
  "implementer": { "value": { "_id": "userId" } },
  "department-of-change": { "value": "Engineering" },
  "description-of-change": { "value": "<p>Rich text description</p>" },
  "reason-for-change": { "value": "Safety improvement" },
  "affected-departments": { "value": ["Fleet", "Operations"] },
  "departments-to-inform": { "value": ["HR", "Training"] }
}

Response:

{
  "data": { "_id": "...", "serial_num": "15-2026", "status": "b", ... },
  "status": 200
}

Side effects:

• Generates serial number in format {count}-{year}
• Creates originator form document
• Creates chat room
• Sends notification email to the assigned implementer

---

GET /api/newmoc

Fetches MOCs accessible to the current user.

Authentication: Required

File: src/app/api/newmoc/route.ts

Access control:

• Admin/HSEQ users — See all MOCs (excluding soft-deleted)
• Standard users — See only MOCs where they are in all_users

Response:

{
  "data": [
    {
      "_id": "...",
      "serial_num": "15-2026",
      "status": "b",
      "originator_form": { ... },
      "implementer_form": { ... },
      "all_users": [{ "name": "...", "email": "..." }],
      ...
    }
  ],
  "status": 200
}

All related documents are populated: originator_form, originator_id, implementer_id, approver_id, verifier_id, hseq_id, all_users, implementer_form, hseq_form, verifier_form, implementation, approver_form, logs.userId.

---

GET /api/singlemoc

Fetches a single MOC with all populated references.

Authentication: None (relies on route-level protection via middleware)

File: src/app/api/singlemoc/route.tsx

Query parameters:

Parameter	Type	Required	Description
moc_id	string	Yes	MongoDB ObjectId of the MOC

Response: Fully populated MOC document.

---

GET /api/getAllMoc

Fetches all MOCs with full population. Used by the archive table view.

Authentication: Required

File: src/app/api/getAllMoc/route.ts

Access control:

• Admin/HSEQ/full-access users — See all MOCs
• Standard users — See only completed MOCs

---

POST /api/cloneMoc

Creates a copy of an existing MOC with new IDs and serial number.

Authentication: Required

File: src/app/api/cloneMoc/route.ts

Request body:

{
  "old_moc": { "_id": "existingMocId" }
}

Response:

{
  "status": 200,
  "body": "MOC cloned successfully",
  "moc": { "_id": "newMocId", "serial_num": "16-2026", "cloned": true, ... }
}

What gets cloned:

• Originator form (new document with new ID)
• Implementer form (new document with new ID)
• Implementation (new document with new ID)
• New serial number generated
• cloned: true flag set
• Reference to the previous MOC stored
• Status set to "b"

---

DELETE /api/deleteMoC

Soft-deletes a MOC by setting isDeleted: true.

Authentication: None

File: src/app/api/deleteMoC/route.ts

Query parameters:

Parameter	Type	Required	Description
id	string	Yes	MOC ID

---

POST /api/addUser

Adds a user to a MOC in a specific workflow role.

Authentication: None

File: src/app/api/addUser/route.ts

Request body:

{
  "userId": "...",
  "mocId": "...",
  "role": "implementer"
}

Valid roles: "implementer", "approver", "verifier"

---

POST /api/impact

Creates or updates an impact assessment on a MOC.

Authentication: Required

File: src/app/api/impact/route.tsx

Request body:

{
  "moc_id": "...",
  "impact_assessment": [
    { "category": "Environmental", "hazards": ["Oil spill", "Air emissions"] }
  ]
}

---

POST /api/risk_assessment

Adds a risk assessment attachment URL to a MOC.

Authentication: None

File: src/app/api/risk_assessment/route.ts

Request body:

{
  "risk_assessment": "https://cloudinary.com/...",
  "moc_id": "..."
}

---

POST /api/actionTable

Updates the action plan on a MOC document.

Authentication: Required

File: src/app/api/actionTable/route.ts

Request body:

{
  "id": "mocId",
  "action": { ... }
}

---

POST /api/manualsPlan

Updates the manuals/drawings plan on a MOC.

Authentication: Required

File: src/app/api/manualsPlan/route.ts

Request body:

{
  "id": "mocId",
  "manual_plan": { ... }
}

---

Legacy MOC APIs

/api/oldMoc — Full CRUD for paper-based MOC records

File: src/app/api/oldMoc/route.ts

Method	Purpose
GET	Fetch all legacy MOC records
POST	Create a new legacy MOC record
PUT	Update a legacy MOC record
DELETE	Delete a legacy MOC record (query param id)

PATCH /api/oldMoc/[id]

Partial update of a legacy MOC record.

File: src/app/api/oldMoc/[id]/route.ts