Pages corrections pages missions
This commit is contained in:
parent
9db972b80a
commit
4e26b958fe
@ -19,11 +19,13 @@ const missionsS3Client = new S3Client({
|
||||
const MISSIONS_BUCKET = 'missions';
|
||||
|
||||
// Helper function to check if user can manage files (creator or gardien)
|
||||
async function checkCanManage(userId: string, missionId: string): Promise<boolean> {
|
||||
// Also checks if mission is closed (closed missions cannot be modified)
|
||||
async function checkCanManage(userId: string, missionId: string): Promise<{ canManage: boolean; isClosed: boolean }> {
|
||||
const mission = await prisma.mission.findFirst({
|
||||
where: { id: missionId },
|
||||
select: {
|
||||
creatorId: true,
|
||||
isClosed: true,
|
||||
missionUsers: {
|
||||
where: { userId },
|
||||
select: { role: true }
|
||||
@ -31,14 +33,20 @@ async function checkCanManage(userId: string, missionId: string): Promise<boolea
|
||||
}
|
||||
});
|
||||
|
||||
if (!mission) return false;
|
||||
if (!mission) return { canManage: false, isClosed: false };
|
||||
|
||||
// If mission is closed, no one can manage files
|
||||
if (mission.isClosed) {
|
||||
return { canManage: false, isClosed: true };
|
||||
}
|
||||
|
||||
// Creator can always manage
|
||||
if (mission.creatorId === userId) return true;
|
||||
if (mission.creatorId === userId) return { canManage: true, isClosed: false };
|
||||
|
||||
// Gardiens can manage
|
||||
const userRole = mission.missionUsers[0]?.role;
|
||||
return userRole === 'gardien-temps' || userRole === 'gardien-parole' || userRole === 'gardien-memoire';
|
||||
const canManage = userRole === 'gardien-temps' || userRole === 'gardien-parole' || userRole === 'gardien-memoire';
|
||||
return { canManage, isClosed: false };
|
||||
}
|
||||
|
||||
export async function POST(
|
||||
@ -54,8 +62,11 @@ export async function POST(
|
||||
const { missionId } = await params;
|
||||
const userId = session.user.id;
|
||||
|
||||
// Check if user can manage files
|
||||
const canManage = await checkCanManage(userId, missionId);
|
||||
// Check if user can manage files and if mission is closed
|
||||
const { canManage, isClosed } = await checkCanManage(userId, missionId);
|
||||
if (isClosed) {
|
||||
return NextResponse.json({ error: 'Mission is closed: folders cannot be created in closed missions' }, { status: 403 });
|
||||
}
|
||||
if (!canManage) {
|
||||
return NextResponse.json({ error: 'Forbidden: You do not have permission to create folders' }, { status: 403 });
|
||||
}
|
||||
|
||||
@ -34,11 +34,13 @@ async function checkMissionAccess(userId: string, missionId: string): Promise<bo
|
||||
}
|
||||
|
||||
// Helper function to check if user can manage files (creator or gardien)
|
||||
async function checkCanManage(userId: string, missionId: string): Promise<boolean> {
|
||||
// Also checks if mission is closed (closed missions cannot be modified)
|
||||
async function checkCanManage(userId: string, missionId: string): Promise<{ canManage: boolean; isClosed: boolean }> {
|
||||
const mission = await prisma.mission.findFirst({
|
||||
where: { id: missionId },
|
||||
select: {
|
||||
creatorId: true,
|
||||
isClosed: true,
|
||||
missionUsers: {
|
||||
where: { userId },
|
||||
select: { role: true }
|
||||
@ -46,14 +48,20 @@ async function checkCanManage(userId: string, missionId: string): Promise<boolea
|
||||
}
|
||||
});
|
||||
|
||||
if (!mission) return false;
|
||||
if (!mission) return { canManage: false, isClosed: false };
|
||||
|
||||
// If mission is closed, no one can manage files
|
||||
if (mission.isClosed) {
|
||||
return { canManage: false, isClosed: true };
|
||||
}
|
||||
|
||||
// Creator can always manage
|
||||
if (mission.creatorId === userId) return true;
|
||||
if (mission.creatorId === userId) return { canManage: true, isClosed: false };
|
||||
|
||||
// Gardiens can manage
|
||||
const userRole = mission.missionUsers[0]?.role;
|
||||
return userRole === 'gardien-temps' || userRole === 'gardien-parole' || userRole === 'gardien-memoire';
|
||||
const canManage = userRole === 'gardien-temps' || userRole === 'gardien-parole' || userRole === 'gardien-memoire';
|
||||
return { canManage, isClosed: false };
|
||||
}
|
||||
|
||||
// Helper function to stream to string
|
||||
@ -323,8 +331,11 @@ export async function DELETE(
|
||||
const { missionId } = await params;
|
||||
const userId = session.user.id;
|
||||
|
||||
// Check if user can manage files
|
||||
const canManage = await checkCanManage(userId, missionId);
|
||||
// Check if user can manage files and if mission is closed
|
||||
const { canManage, isClosed } = await checkCanManage(userId, missionId);
|
||||
if (isClosed) {
|
||||
return NextResponse.json({ error: 'Mission is closed: files cannot be deleted from closed missions' }, { status: 403 });
|
||||
}
|
||||
if (!canManage) {
|
||||
return NextResponse.json({ error: 'Forbidden: You do not have permission to delete files' }, { status: 403 });
|
||||
}
|
||||
|
||||
@ -5,11 +5,13 @@ import { prisma } from '@/lib/prisma';
|
||||
import { uploadMissionAttachment } from '@/lib/mission-uploads';
|
||||
|
||||
// Helper function to check if user can manage files (creator or gardien)
|
||||
async function checkCanManage(userId: string, missionId: string): Promise<boolean> {
|
||||
// Also checks if mission is closed (closed missions cannot be modified)
|
||||
async function checkCanManage(userId: string, missionId: string): Promise<{ canManage: boolean; isClosed: boolean }> {
|
||||
const mission = await prisma.mission.findFirst({
|
||||
where: { id: missionId },
|
||||
select: {
|
||||
creatorId: true,
|
||||
isClosed: true,
|
||||
missionUsers: {
|
||||
where: { userId },
|
||||
select: { role: true }
|
||||
@ -17,14 +19,20 @@ async function checkCanManage(userId: string, missionId: string): Promise<boolea
|
||||
}
|
||||
});
|
||||
|
||||
if (!mission) return false;
|
||||
if (!mission) return { canManage: false, isClosed: false };
|
||||
|
||||
// If mission is closed, no one can manage files
|
||||
if (mission.isClosed) {
|
||||
return { canManage: false, isClosed: true };
|
||||
}
|
||||
|
||||
// Creator can always manage
|
||||
if (mission.creatorId === userId) return true;
|
||||
if (mission.creatorId === userId) return { canManage: true, isClosed: false };
|
||||
|
||||
// Gardiens can manage
|
||||
const userRole = mission.missionUsers[0]?.role;
|
||||
return userRole === 'gardien-temps' || userRole === 'gardien-parole' || userRole === 'gardien-memoire';
|
||||
const canManage = userRole === 'gardien-temps' || userRole === 'gardien-parole' || userRole === 'gardien-memoire';
|
||||
return { canManage, isClosed: false };
|
||||
}
|
||||
|
||||
export async function POST(
|
||||
@ -40,8 +48,11 @@ export async function POST(
|
||||
const { missionId } = await params;
|
||||
const userId = session.user.id;
|
||||
|
||||
// Check if user can manage files
|
||||
const canManage = await checkCanManage(userId, missionId);
|
||||
// Check if user can manage files and if mission is closed
|
||||
const { canManage, isClosed } = await checkCanManage(userId, missionId);
|
||||
if (isClosed) {
|
||||
return NextResponse.json({ error: 'Mission is closed: files cannot be uploaded to closed missions' }, { status: 403 });
|
||||
}
|
||||
if (!canManage) {
|
||||
return NextResponse.json({ error: 'Forbidden: You do not have permission to upload files' }, { status: 403 });
|
||||
}
|
||||
|
||||
@ -30,6 +30,7 @@ export async function GET(
|
||||
id: true,
|
||||
name: true,
|
||||
creatorId: true,
|
||||
isClosed: true,
|
||||
creator: {
|
||||
select: {
|
||||
id: true,
|
||||
|
||||
@ -708,6 +708,7 @@ export default function CarnetPage() {
|
||||
id: missionData.id,
|
||||
name: missionData.name,
|
||||
creatorId: missionData.creatorId || missionData.creator?.id,
|
||||
isClosed: missionData.isClosed || false,
|
||||
missionUsers: missionData.missionUsers || []
|
||||
});
|
||||
} else {
|
||||
@ -1182,6 +1183,7 @@ export default function CarnetPage() {
|
||||
id: selectedMission.id,
|
||||
name: selectedMission.name,
|
||||
creatorId: selectedMission.creatorId || '',
|
||||
isClosed: selectedMission.isClosed || false,
|
||||
missionUsers: selectedMission.missionUsers || []
|
||||
}}
|
||||
currentUserId={session.user.id}
|
||||
|
||||
@ -21,6 +21,7 @@ interface Mission {
|
||||
id: string;
|
||||
name: string;
|
||||
creatorId: string;
|
||||
isClosed?: boolean;
|
||||
missionUsers?: MissionUser[];
|
||||
}
|
||||
|
||||
@ -50,7 +51,8 @@ export const MissionFilesManager: React.FC<MissionFilesManagerProps> = ({
|
||||
const isCreator = mission.creatorId === currentUserId;
|
||||
const userRole = mission.missionUsers?.find(mu => mu.userId === currentUserId)?.role;
|
||||
const isGardien = userRole === 'gardien-temps' || userRole === 'gardien-parole' || userRole === 'gardien-memoire';
|
||||
const canManage = isCreator || isGardien;
|
||||
const isClosed = mission.isClosed || false;
|
||||
const canManage = (isCreator || isGardien) && !isClosed; // Cannot manage if mission is closed
|
||||
|
||||
const fetchFiles = async () => {
|
||||
try {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user