motaju/msgapp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

카테고리 순서 변경 api

Browse Source
This commit is contained in:
mota
2025-10-30 20:18:59 +09:00
parent 16b01a2c51
commit 293e4a20b9
4 changed files with 26 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
public/erd.svg
View File

File diff suppressed because one or more lines are too long
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 795 KiB

After

Width:  |  Height:  |  Size: 795 KiB

12
src/app/api/admin/categories/[id]/route.ts
View File

@@ -6,7 +6,11 @@ import { requirePermission } from "@/lib/rbac";
export async function PATCH(req: Request, context: { params: Promise<{ id: string }> }) { export async function PATCH(req: Request, context: { params: Promise<{ id: string }> }) {
const { id } = await context.params; const { id } = await context.params;
const userId = getUserIdFromRequest(req); const userId = getUserIdFromRequest(req);
await requirePermission({ userId, resource: "ADMIN", action: "MODERATE" }); try {
await requirePermission({ userId, resource: "ADMIN", action: "MODERATE" });
} catch (e) {
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
}
const body = await req.json().catch(() => ({})); const body = await req.json().catch(() => ({}));
const data: any = {}; const data: any = {};
for (const k of ["name", "slug", "sortOrder", "status"]) { for (const k of ["name", "slug", "sortOrder", "status"]) {
@@ -19,7 +23,11 @@ export async function PATCH(req: Request, context: { params: Promise<{ id: strin
export async function DELETE(req: Request, context: { params: Promise<{ id: string }> }) { export async function DELETE(req: Request, context: { params: Promise<{ id: string }> }) {
const { id } = await context.params; const { id } = await context.params;
const userId = getUserIdFromRequest(req); const userId = getUserIdFromRequest(req);
await requirePermission({ userId, resource: "ADMIN", action: "MODERATE" }); try {
await requirePermission({ userId, resource: "ADMIN", action: "MODERATE" });
} catch (e) {
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
}
await prisma.boardCategory.delete({ where: { id } }); await prisma.boardCategory.delete({ where: { id } });
return NextResponse.json({ ok: true }); return NextResponse.json({ ok: true });
} }

6
src/app/api/admin/categories/route.ts
View File

@@ -20,7 +20,11 @@ const createSchema = z.object({
export async function POST(req: Request) { export async function POST(req: Request) {
const userId = getUserIdFromRequest(req); const userId = getUserIdFromRequest(req);
await requirePermission({ userId, resource: "ADMIN", action: "MODERATE" }); try {
await requirePermission({ userId, resource: "ADMIN", action: "MODERATE" });
} catch (e) {
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
}
const body = await req.json().catch(() => ({})); const body = await req.json().catch(() => ({}));
const parsed = createSchema.safeParse(body); const parsed = createSchema.safeParse(body);
if (!parsed.success) return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 }); if (!parsed.success) return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 });

12
src/app/api/posts/[id]/route.ts
View File

@@ -24,7 +24,11 @@ const updateSchema = z.object({
export async function PATCH(req: Request, context: { params: Promise<{ id: string }> }) { export async function PATCH(req: Request, context: { params: Promise<{ id: string }> }) {
const { id } = await context.params; const { id } = await context.params;
const userId = getUserIdFromRequest(req); const userId = getUserIdFromRequest(req);
await requirePermission({ userId, resource: "POST", action: "UPDATE" }); try {
await requirePermission({ userId, resource: "POST", action: "UPDATE" });
} catch (e) {
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
}
const body = await req.json(); const body = await req.json();
const parsed = updateSchema.safeParse(body); const parsed = updateSchema.safeParse(body);
if (!parsed.success) return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 }); if (!parsed.success) return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 });
@@ -35,7 +39,11 @@ export async function PATCH(req: Request, context: { params: Promise<{ id: strin
export async function DELETE(req: Request, context: { params: Promise<{ id: string }> }) { export async function DELETE(req: Request, context: { params: Promise<{ id: string }> }) {
const { id } = await context.params; const { id } = await context.params;
const userId = getUserIdFromRequest(req); const userId = getUserIdFromRequest(req);
await requirePermission({ userId, resource: "POST", action: "DELETE" }); try {
await requirePermission({ userId, resource: "POST", action: "DELETE" });
} catch (e) {
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
}
const post = await prisma.post.update({ where: { id }, data: { status: "deleted" } }); const post = await prisma.post.update({ where: { id }, data: { status: "deleted" } });
return NextResponse.json({ post }); return NextResponse.json({ post });
} }