93 lines
2.6 KiB
TypeScript
93 lines
2.6 KiB
TypeScript
import { NextRequest, NextResponse } from "next/server";
|
|
import { getServerSession } from "next-auth/next";
|
|
import { authOptions } from "@/app/api/auth/options";
|
|
import { prisma } from "@/lib/prisma";
|
|
|
|
// Helper function to check if user can manage events in a mission calendar
|
|
async function canManageMissionCalendar(userId: string, calendarId: string): Promise<boolean> {
|
|
const calendar = await prisma.calendar.findUnique({
|
|
where: { id: calendarId },
|
|
include: {
|
|
mission: {
|
|
include: {
|
|
missionUsers: true
|
|
}
|
|
}
|
|
}
|
|
});
|
|
|
|
// If calendar is not linked to a mission, allow (it's a regular calendar)
|
|
if (!calendar?.missionId || !calendar.mission) {
|
|
return true;
|
|
}
|
|
|
|
const mission = calendar.mission;
|
|
|
|
// Check if user is the creator of the mission
|
|
if (mission.creatorId === userId) {
|
|
return true;
|
|
}
|
|
|
|
// Check if user is a gardien-temps (time guardian) for this mission
|
|
const isGardienTemps = mission.missionUsers.some(
|
|
(mu) => mu.userId === userId && mu.role === 'gardien-temps'
|
|
);
|
|
|
|
return isGardienTemps;
|
|
}
|
|
|
|
export async function DELETE(req: NextRequest, props: { params: Promise<{ id: string }> }) {
|
|
const params = await props.params;
|
|
const session = await getServerSession(authOptions);
|
|
|
|
if (!session?.user?.id) {
|
|
return NextResponse.json({ error: "Non authentifié" }, { status: 401 });
|
|
}
|
|
|
|
try {
|
|
// First, find the event and its associated calendar
|
|
const event = await prisma.event.findUnique({
|
|
where: { id: params.id },
|
|
include: { calendar: true },
|
|
});
|
|
|
|
if (!event) {
|
|
return NextResponse.json(
|
|
{ error: "Événement non trouvé" },
|
|
{ status: 404 }
|
|
);
|
|
}
|
|
|
|
// Verify that the user owns the calendar
|
|
if (event.calendar.userId !== session.user.id) {
|
|
return NextResponse.json(
|
|
{ error: "Non autorisé" },
|
|
{ status: 403 }
|
|
);
|
|
}
|
|
|
|
// If calendar is linked to a mission, check permissions
|
|
if (event.calendar.missionId) {
|
|
const canManage = await canManageMissionCalendar(session.user.id, event.calendarId);
|
|
if (!canManage) {
|
|
return NextResponse.json(
|
|
{ error: "Seul le créateur de la mission ou le gardien-temps peut supprimer des événements" },
|
|
{ status: 403 }
|
|
);
|
|
}
|
|
}
|
|
|
|
// Delete the event
|
|
await prisma.event.delete({
|
|
where: { id: params.id },
|
|
});
|
|
|
|
return new NextResponse(null, { status: 204 });
|
|
} catch (error) {
|
|
console.error("Erreur lors de la suppression de l'événement:", error);
|
|
return NextResponse.json(
|
|
{ error: "Erreur serveur" },
|
|
{ status: 500 }
|
|
);
|
|
}
|
|
}
|