| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134 |
- import { NextRequest, NextResponse } from "next/server";
- import { z } from "zod";
- import { getSupabaseServerClient } from "@/lib/supabase/server";
- import { getSupabaseAdminClient } from "@/lib/supabase/admin";
- import { groupNameSchema } from "@/lib/groups/validation";
- import { deleteGroupAndData } from "@/lib/groups/delete-group";
- const renameSchema = z.object({ name: groupNameSchema });
- /** GET /api/groups/[id] — Get group details */
- export async function GET(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
- try {
- const { id } = await params;
- const supabase = await getSupabaseServerClient();
- const {
- data: { user },
- } = await supabase.auth.getUser();
- if (!user) {
- return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
- }
- const admin = getSupabaseAdminClient();
- const [{ data: membership }, { data: group, error }] = await Promise.all([
- admin
- .from("group_members")
- .select("role")
- .eq("group_id", id)
- .eq("user_id", user.id)
- .maybeSingle(),
- admin.from("groups").select("*").eq("id", id).single(),
- ]);
- if (!membership) {
- return NextResponse.json({ error: "Not a member of this group" }, { status: 403 });
- }
- if (error || !group) {
- return NextResponse.json({ error: "Group not found" }, { status: 404 });
- }
- return NextResponse.json({ group, role: membership.role });
- } catch {
- return NextResponse.json({ error: "Internal server error" }, { status: 500 });
- }
- }
- /** PATCH /api/groups/[id] — Rename group (admin only) */
- export async function PATCH(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
- try {
- const { id } = await params;
- const supabase = await getSupabaseServerClient();
- const {
- data: { user },
- } = await supabase.auth.getUser();
- if (!user) {
- return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
- }
- const admin = getSupabaseAdminClient();
- const { data: membership } = await admin
- .from("group_members")
- .select("role")
- .eq("group_id", id)
- .eq("user_id", user.id)
- .maybeSingle();
- if (!membership || membership.role !== "admin") {
- return NextResponse.json({ error: "Admin access required" }, { status: 403 });
- }
- const body = await request.json();
- const parsed = renameSchema.safeParse(body);
- if (!parsed.success) {
- return NextResponse.json({ error: parsed.error.issues[0].message }, { status: 400 });
- }
- const { data: group, error } = await admin
- .from("groups")
- .update({ name: parsed.data.name })
- .eq("id", id)
- .select()
- .single();
- if (error || !group) {
- return NextResponse.json({ error: "Failed to rename group" }, { status: 500 });
- }
- return NextResponse.json({ group });
- } catch {
- return NextResponse.json({ error: "Internal server error" }, { status: 500 });
- }
- }
- /** DELETE /api/groups/[id] — Delete group (admin only) */
- export async function DELETE(
- _request: NextRequest,
- { params }: { params: Promise<{ id: string }> },
- ) {
- try {
- const { id } = await params;
- const supabase = await getSupabaseServerClient();
- const {
- data: { user },
- } = await supabase.auth.getUser();
- if (!user) {
- return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
- }
- const admin = getSupabaseAdminClient();
- const { data: membership } = await admin
- .from("group_members")
- .select("role")
- .eq("group_id", id)
- .eq("user_id", user.id)
- .maybeSingle();
- if (!membership || membership.role !== "admin") {
- return NextResponse.json({ error: "Admin access required" }, { status: 403 });
- }
- await deleteGroupAndData(id);
- return NextResponse.json({ success: true });
- } catch {
- return NextResponse.json({ error: "Internal server error" }, { status: 500 });
- }
- }
|