카테고리 순서 변경 api
This commit is contained in:
mota
File diff suppressed because one or more lines are too long
|
Before Width: | Height: | Size: 795 KiB After Width: | Height: | Size: 795 KiB |
@@ -6,7 +6,11 @@ import { requirePermission } from "@/lib/rbac";
|
||||
export async function PATCH(req: Request, context: { params: Promise<{ id: string }> }) {
|
||||
const { id } = await context.params;
|
||||
const userId = getUserIdFromRequest(req);
|
||||
try {
|
||||
await requirePermission({ userId, resource: "ADMIN", action: "MODERATE" });
|
||||
} catch (e) {
|
||||
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
|
||||
}
|
||||
const body = await req.json().catch(() => ({}));
|
||||
const data: any = {};
|
||||
for (const k of ["name", "slug", "sortOrder", "status"]) {
|
||||
@@ -19,7 +23,11 @@ export async function PATCH(req: Request, context: { params: Promise<{ id: strin
|
||||
export async function DELETE(req: Request, context: { params: Promise<{ id: string }> }) {
|
||||
const { id } = await context.params;
|
||||
const userId = getUserIdFromRequest(req);
|
||||
try {
|
||||
await requirePermission({ userId, resource: "ADMIN", action: "MODERATE" });
|
||||
} catch (e) {
|
||||
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
|
||||
}
|
||||
await prisma.boardCategory.delete({ where: { id } });
|
||||
return NextResponse.json({ ok: true });
|
||||
}
|
||||
|
||||
@@ -20,7 +20,11 @@ const createSchema = z.object({
|
||||
|
||||
export async function POST(req: Request) {
|
||||
const userId = getUserIdFromRequest(req);
|
||||
try {
|
||||
await requirePermission({ userId, resource: "ADMIN", action: "MODERATE" });
|
||||
} catch (e) {
|
||||
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
|
||||
}
|
||||
const body = await req.json().catch(() => ({}));
|
||||
const parsed = createSchema.safeParse(body);
|
||||
if (!parsed.success) return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 });
|
||||
|
||||
@@ -24,7 +24,11 @@ const updateSchema = z.object({
|
||||
export async function PATCH(req: Request, context: { params: Promise<{ id: string }> }) {
|
||||
const { id } = await context.params;
|
||||
const userId = getUserIdFromRequest(req);
|
||||
try {
|
||||
await requirePermission({ userId, resource: "POST", action: "UPDATE" });
|
||||
} catch (e) {
|
||||
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
|
||||
}
|
||||
const body = await req.json();
|
||||
const parsed = updateSchema.safeParse(body);
|
||||
if (!parsed.success) return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 });
|
||||
@@ -35,7 +39,11 @@ export async function PATCH(req: Request, context: { params: Promise<{ id: strin
|
||||
export async function DELETE(req: Request, context: { params: Promise<{ id: string }> }) {
|
||||
const { id } = await context.params;
|
||||
const userId = getUserIdFromRequest(req);
|
||||
try {
|
||||
await requirePermission({ userId, resource: "POST", action: "DELETE" });
|
||||
} catch (e) {
|
||||
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
|
||||
}
|
||||
const post = await prisma.post.update({ where: { id }, data: { status: "deleted" } });
|
||||
return NextResponse.json({ post });
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user