100 lines
2.9 KiB
TypeScript
100 lines
2.9 KiB
TypeScript
import { NextRequest, NextResponse } from "next/server";
|
|
import { getServerSession } from "next-auth/next";
|
|
import { authOptions } from "@/app/api/auth/[...nextauth]/route";
|
|
import { prisma } from "@/lib/prisma";
|
|
|
|
// GET - Retrieve a specific announcement
|
|
export async function GET(
|
|
req: NextRequest,
|
|
{ params }: { params: { id: string } }
|
|
) {
|
|
try {
|
|
const session = await getServerSession(authOptions);
|
|
|
|
if (!session) {
|
|
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
|
|
}
|
|
|
|
const { id } = params;
|
|
|
|
// Find announcement by ID
|
|
const announcement = await prisma.announcement.findUnique({
|
|
where: { id },
|
|
include: {
|
|
author: {
|
|
select: {
|
|
id: true,
|
|
email: true
|
|
}
|
|
}
|
|
}
|
|
});
|
|
|
|
if (!announcement) {
|
|
return NextResponse.json({ error: "Announcement not found" }, { status: 404 });
|
|
}
|
|
|
|
// Check if user has access to this announcement
|
|
const userRole = session.user.role || [];
|
|
const roles = Array.isArray(userRole) ? userRole : [userRole];
|
|
|
|
const hasAccess =
|
|
announcement.targetRoles.includes("all") ||
|
|
announcement.targetRoles.some(role => roles.includes(role));
|
|
|
|
if (!hasAccess) {
|
|
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
|
|
}
|
|
|
|
return NextResponse.json(announcement);
|
|
} catch (error) {
|
|
console.error("Error fetching announcement:", error);
|
|
return NextResponse.json({ error: "Failed to fetch announcement" }, { status: 500 });
|
|
}
|
|
}
|
|
|
|
// DELETE - Remove an announcement
|
|
export async function DELETE(
|
|
req: NextRequest,
|
|
{ params }: { params: { id: string } }
|
|
) {
|
|
try {
|
|
const session = await getServerSession(authOptions);
|
|
|
|
if (!session) {
|
|
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
|
|
}
|
|
|
|
// Check if user has admin, entrepreneurship, or communication role
|
|
const userRole = session.user.role || [];
|
|
const roles = Array.isArray(userRole) ? userRole : [userRole];
|
|
const hasAdminAccess = roles.some(role =>
|
|
["admin", "entrepreneurship", "communication"].includes(role)
|
|
);
|
|
|
|
if (!hasAdminAccess) {
|
|
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
|
|
}
|
|
|
|
const { id } = params;
|
|
|
|
// Check if announcement exists
|
|
const announcement = await prisma.announcement.findUnique({
|
|
where: { id }
|
|
});
|
|
|
|
if (!announcement) {
|
|
return NextResponse.json({ error: "Announcement not found" }, { status: 404 });
|
|
}
|
|
|
|
// Delete the announcement
|
|
await prisma.announcement.delete({
|
|
where: { id }
|
|
});
|
|
|
|
return NextResponse.json({ message: "Announcement deleted successfully" });
|
|
} catch (error) {
|
|
console.error("Error deleting announcement:", error);
|
|
return NextResponse.json({ error: "Failed to delete announcement" }, { status: 500 });
|
|
}
|
|
} |