PCR APIs

These endpoints handle PCR creation, retrieval, signature collection, and lifecycle management.

POST `/api/pcr`

Creates a new PCR.

Authentication: Required

File: src/app/api/pcr/route.ts

Request body:

{
  "form": {
    "originator": "userId",
    "new-suggestion": true,
    "procedure-change": true,
    "safety-critical": false,
    "manual-procedure": "<p>Reference text</p>",
    "suggestion-details": "<p>Details</p>",
    "reason-for-change": "<p>Reason</p>"
  },
  "affectedParties": [
    { "Name": { "value": "userId" }, "Signature": false, "Comments": "" }
  ],
  "signatures": [
    { "Name": "Change Originator", "Signature": false, "signatureDate": null, "Comments": "" },
    { "Name": "VP Fleet Management", "Signature": false, "signatureDate": null, "Comments": "" },
    { "Name": "HSEQ Coordinator", "Signature": false, "signatureDate": null, "Comments": "" },
    { "Name": "Group HSEQ Manager", "Signature": false, "signatureDate": null, "Comments": "" },
    { "Name": "Director HSEQ", "Signature": false, "signatureDate": null, "Comments": "" },
    { "Name": "President", "Signature": false, "signatureDate": null, "Comments": "" }
  ]
}

Response:

{
  "success": true,
  "data": { "_id": "...", "serial_num": "5-2026", "status": "pending", ... }
}

Side effects:

Generates serial number in format {pcrCount}-{year}
Sends initiation emails to VP Fleet Management, all admins, and affected parties

PUT `/api/pcr?id={id}`

Updates an existing PCR.

Authentication: Required

File: src/app/api/pcr/route.ts

Query parameters:

Parameter	Type	Required	Description
`id`	string	Yes	PCR ID

Request body: Partial PCR data to merge into the existing document.

DELETE `/api/pcr?id={id}`

Deletes a PCR permanently.

Authentication: Required

File: src/app/api/pcr/route.ts

GET `/api/pcr/[id]`

Fetches a single PCR by ID with access control.

Authentication: Required

File: src/app/api/pcr/[id]/route.ts

Access control: User must be one of:

Have an authorized role (VP Fleet Management, HSEQ Coordinator, Group HSEQ Manager, Director HSEQ, President)
Have access === "full"
Have an HSEQ email address
Be the originator
Be an affected party member

Returns 403 if the user has no access.

GET `/api/allPcr`

Fetches all PCRs the current user has access to.

Authentication: Required

File: src/app/api/allPcr/route.tsx

Access control:

Authorized roles / admin / HSEQ — See all PCRs
Standard users — See only PCRs where they are the originator or in affected parties

GET `/api/getAllPcr`

Fetches all PCRs based on user role. Used by the archive table view.

Authentication: Required

File: src/app/api/getAllPcr/route.ts

GET `/api/pcr/summary`

Fetches lightweight PCR summary data using MongoDB aggregation.

Authentication: Required

File: src/app/api/pcr/summary/route.ts

Response: Projected fields only: _id, serial_num, chatId, status, createdAt, cloned, signatures, affected parties, and originator info.

POST `/api/pcr/signatures`

Updates PCR signature statuses and triggers sequential email notifications.

Authentication: None (relies on frontend access control)

File: src/app/api/pcr/signatures/route.ts

Request body:

{
  "pcrId": "...",
  "signatures": [
    { "Name": "Change Originator", "Signature": "signatureData", "signatureDate": "2026-02-15", "Comments": "Approved" },
    { "Name": "VP Fleet Management", "Signature": null, "signatureDate": null, "Comments": "" }
  ]
}

Business logic:

Processes signature updates while preserving array indexes
Comment without signature is treated as null signature
After each signature, emails the next role in the signing chain
When all signatures and all affected party signatures are collected → sets status: "finished" and sends completion emails

POST `/api/pcr/affectedParties`

Updates PCR affected party signatures.

Authentication: None (relies on frontend access control)

File: src/app/api/pcr/affectedParties/route.ts

Request body:

{
  "pcrId": "...",
  "affectedParties": [
    { "Name": { "value": "userId" }, "Signature": "signatureData", "Comments": "Acknowledged" }
  ]
}

Same completion-check logic as the signatures endpoint.

POST `/api/clonePcr`

Creates a copy of an existing PCR with reset signatures.

Authentication: Required

File: src/app/api/clonePcr/route.ts

Request body:

{
  "old_pcr": {
    "form": { ... },
    "affectedParties": [ ... ],
    "originator_id": "...",
    "signatures": [ ... ],
    "serial_num": "5-2026"
  }
}

What gets reset:

All signatures reset to false
All affected party signatures reset to false
New serial number generated
cloned: true flag set
Previous serial number stored

GET `/api/singlePcr?id={id}`

Fetches a single PCR by ID.

Authentication: None

File: src/app/api/singlePcr/route.ts

Legacy PCR APIs

`/api/oldPcr` — Full CRUD for paper-based PCR records

File: src/app/api/oldPcr/route.ts

Method	Purpose
GET	Fetch all legacy PCR records
POST	Create a new legacy PCR record
PUT	Update a legacy PCR record
DELETE	Delete a legacy PCR record

PATCH `/api/oldPcr/[id]`

Partial update of a legacy PCR record.

File: src/app/api/oldPcr/[id]/route.ts

POST /api/pcr​

PUT /api/pcr?id={id}​

DELETE /api/pcr?id={id}​

GET /api/pcr/[id]​

GET /api/allPcr​

GET /api/getAllPcr​

GET /api/pcr/summary​

POST /api/pcr/signatures​

POST /api/pcr/affectedParties​

POST /api/clonePcr​

GET /api/singlePcr?id={id}​

Legacy PCR APIs​

/api/oldPcr — Full CRUD for paper-based PCR records​

PATCH /api/oldPcr/[id]​

POST `/api/pcr`

PUT `/api/pcr?id={id}`

DELETE `/api/pcr?id={id}`

GET `/api/pcr/[id]`

GET `/api/allPcr`

GET `/api/getAllPcr`

GET `/api/pcr/summary`

POST `/api/pcr/signatures`

POST `/api/pcr/affectedParties`

POST `/api/clonePcr`

GET `/api/singlePcr?id={id}`

Legacy PCR APIs

`/api/oldPcr` — Full CRUD for paper-based PCR records

PATCH `/api/oldPcr/[id]`