training

API routes
Feature Base route
EmployeeAdvance
api/v1/station/employee-advances
EmployeeExpenseClaim
api/v1/station/employee-expenses
Call them from CMS the same way you call other api/v1/station/... endpoints (through your API gateway / station-service host).

Authentication
CMS user logs in → use the Bearer token on each request.
Endpoints are gated by [RequirePermission], not a separate CMS-only API.
There is a Postman collection at docs/postman/employee-expense-advance-approval.postman_collection.json for the full approval workflow.
Permissions by CMS role
Permission Typical CMS roles
stations.expense.submit
Roles with station/accounting view (technicians, managers, etc.)
stations.expense.view_own
Same as above
stations.expense.view_all
tenant_admin, company_admin, manager
stations.expense.approve_manager
tenant_admin, company_admin, manager
stations.expense.approve_finance
tenant_admin, company_admin
stations.expense.post
tenant_admin, company_admin, manager
stations.expense.advance.manage
tenant_admin, company_admin
stations.expense.advance.view_own
Anyone who can submit expenses
If a CMS user gets 401/403, assign the right permission to their role in tenant role management.

Main endpoints for CMS UI
Employee expenses (EmployeeExpenseClaimController):

GET /employee-expenses — list + summary ledger
GET /employee-expenses/users — employee picker (role-scoped)
GET /employee-expenses/{id} — detail
POST /employee-expenses?draft_only=true|false — create/update (JSON or multipart with attachments)
POST .../submit, approve-manager, approve-finance, reject, post, cancel
Attachment presign/upload/download endpoints under /{claimId}/attachments/...
GET /employee-expenses/tech-visits/{techVisitId}/expense-stations — tech visit linkage
Employee advances (EmployeeAdvanceController):

GET /employee-advances/balance — imprest balance
GET /employee-advances — list
POST /employee-advances — create/update advance
POST .../submit, approve-manager, approve-finance, reject, post, cancel
GET/POST /employee-advances/remittances — cash remittances
CMS-specific behavior already built in
User picker visibility by role (tenant_admin → managers/technicians; manager → technicians; finance/admin → broader).
Tech visit filtering via tech_visit_id on expense list.
Multipart uploads for expense receipts (form field payload + attachments files).
Summary
You can wire these directly into CMS screens for expense claims, advances, approvals, and imprest balance — no separate API layer is required. Ensure each CMS role has the permissions above, and use the Postman collection or Swagger (non-production) to shape request/response DTOs for the UI.

If you want, I can map specific CMS screens (e.g. tech visit expenses, manager inbox, finance approval) to the exact endpoints and query params.