motaju/msgapp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

2.4 페이지/컴포넌트 가드 훅 구현(usePermission)

Browse Source
This commit is contained in:
koreacomp5
2025-10-09 14:46:16 +09:00
parent c34a814d28
commit 03924c45b0
5 changed files with 85 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/app/api/posts/[id]/approve/route.ts
View File

@@ -1,8 +1,16 @@
import { NextResponse } from "next/server";
import prisma from "@/lib/prisma";
import { requirePermission } from "@/lib/rbac";
import { getUserIdFromRequest } from "@/lib/auth";
export async function POST(_: Request, context: { params: Promise<{ id: string }> }) {
export async function POST(req: Request, context: { params: Promise<{ id: string }> }) {
const { id } = await context.params;
const userId = getUserIdFromRequest(req);
try {
await requirePermission({ userId, resource: "BOARD", action: "MODERATE" });
} catch (e: any) {
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
}
const post = await prisma.post.update({
where: { id },
data: { status: "published" },

8
src/app/api/posts/[id]/pin/route.ts
View File

@@ -1,6 +1,8 @@
import { NextResponse } from "next/server";
import prisma from "@/lib/prisma";
import { z } from "zod";
import { requirePermission } from "@/lib/rbac";
import { getUserIdFromRequest } from "@/lib/auth";
const schema = z.object({ pinned: z.boolean(), order: z.number().int().nullable().optional() });
@@ -10,6 +12,12 @@ export async function POST(req: Request, context: { params: Promise<{ id: string
const parsed = schema.safeParse(body);
if (!parsed.success) return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 });
const { pinned, order } = parsed.data;
const userId = getUserIdFromRequest(req);
try {
await requirePermission({ userId, resource: "BOARD", action: "MODERATE" });
} catch (e: any) {
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
}
const post = await prisma.post.update({
where: { id },
data: { isPinned: pinned, pinnedOrder: pinned ? order ?? 0 : null },