Add lessons Phase 3: enrollments with capacity and time conflict checks

Links members to schedule slots via enrollments. Enforces max_students
capacity on slots and prevents members from double-booking the same
day/time. Supports status transitions and filtering. 11 new tests
(51 total lessons tests).

packages/backend/src/routes/v1/lessons.ts

@@ -7,8 +7,11 @@ import {
   LessonTypeUpdateSchema,
   ScheduleSlotCreateSchema,
   ScheduleSlotUpdateSchema,
+  EnrollmentCreateSchema,
+  EnrollmentUpdateSchema,
+  EnrollmentStatusUpdateSchema,
 } from '@lunarfront/shared/schemas'
-import { InstructorService, LessonTypeService, ScheduleSlotService } from '../../services/lesson.service.js'
+import { InstructorService, LessonTypeService, ScheduleSlotService, EnrollmentService } from '../../services/lesson.service.js'
 
 export const lessonRoutes: FastifyPluginAsync = async (app) => {
   // --- Instructors ---
@@ -147,4 +150,60 @@ export const lessonRoutes: FastifyPluginAsync = async (app) => {
     if (!slot) return reply.status(404).send({ error: { message: 'Schedule slot not found', statusCode: 404 } })
     return reply.send(slot)
   })
+
+  // --- Enrollments ---
+
+  app.post('/enrollments', { preHandler: [app.authenticate, app.requirePermission('lessons.edit')] }, async (request, reply) => {
+    const parsed = EnrollmentCreateSchema.safeParse(request.body)
+    if (!parsed.success) {
+      return reply.status(400).send({ error: { message: 'Validation failed', details: parsed.error.flatten(), statusCode: 400 } })
+    }
+    const result = await EnrollmentService.create(app.db, parsed.data)
+    if ('error' in result) {
+      return reply.status(409).send({ error: { message: result.error, statusCode: 409 } })
+    }
+    return reply.status(201).send(result)
+  })
+
+  app.get('/enrollments', { preHandler: [app.authenticate, app.requirePermission('lessons.view')] }, async (request, reply) => {
+    const query = request.query as Record<string, string | undefined>
+    const params = PaginationSchema.parse(query)
+    const filters = {
+      memberId: query.memberId,
+      accountId: query.accountId,
+      instructorId: query.instructorId,
+      status: query.status?.split(',').filter(Boolean),
+    }
+    const result = await EnrollmentService.list(app.db, params, filters)
+    return reply.send(result)
+  })
+
+  app.get('/enrollments/:id', { preHandler: [app.authenticate, app.requirePermission('lessons.view')] }, async (request, reply) => {
+    const { id } = request.params as { id: string }
+    const enrollment = await EnrollmentService.getById(app.db, id)
+    if (!enrollment) return reply.status(404).send({ error: { message: 'Enrollment not found', statusCode: 404 } })
+    return reply.send(enrollment)
+  })
+
+  app.patch('/enrollments/:id', { preHandler: [app.authenticate, app.requirePermission('lessons.edit')] }, async (request, reply) => {
+    const { id } = request.params as { id: string }
+    const parsed = EnrollmentUpdateSchema.safeParse(request.body)
+    if (!parsed.success) {
+      return reply.status(400).send({ error: { message: 'Validation failed', details: parsed.error.flatten(), statusCode: 400 } })
+    }
+    const enrollment = await EnrollmentService.update(app.db, id, parsed.data)
+    if (!enrollment) return reply.status(404).send({ error: { message: 'Enrollment not found', statusCode: 404 } })
+    return reply.send(enrollment)
+  })
+
+  app.post('/enrollments/:id/status', { preHandler: [app.authenticate, app.requirePermission('lessons.edit')] }, async (request, reply) => {
+    const { id } = request.params as { id: string }
+    const parsed = EnrollmentStatusUpdateSchema.safeParse(request.body)
+    if (!parsed.success) {
+      return reply.status(400).send({ error: { message: 'Validation failed', details: parsed.error.flatten(), statusCode: 400 } })
+    }
+    const enrollment = await EnrollmentService.updateStatus(app.db, id, parsed.data.status)
+    if (!enrollment) return reply.status(404).send({ error: { message: 'Enrollment not found', statusCode: 404 } })
+    return reply.send(enrollment)
+  })
 }