어드민 페이지 작업업

2025-10-31 00:02:36 +09:00
parent 293e4a20b9
commit d4aab34e43
4 changed files with 300 additions and 235 deletions
--- a/src/app/api/admin/categories/[id]/route.ts
+++ b/src/app/api/admin/categories/[id]/route.ts
@@ -1,16 +1,8 @@
 import { NextResponse } from "next/server";
 import prisma from "@/lib/prisma";
-import { getUserIdFromRequest } from "@/lib/auth";
-import { requirePermission } from "@/lib/rbac";

 export async function PATCH(req: Request, context: { params: Promise<{ id: string }> }) {
  const { id } = await context.params;
-  const userId = getUserIdFromRequest(req);
-  try {
-    await requirePermission({ userId, resource: "ADMIN", action: "MODERATE" });
-  } catch (e) {
-    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
-  }
  const body = await req.json().catch(() => ({}));
  const data: any = {};
  for (const k of ["name", "slug", "sortOrder", "status"]) {
@@ -22,12 +14,6 @@ export async function PATCH(req: Request, context: { params: Promise<{ id: strin

 export async function DELETE(req: Request, context: { params: Promise<{ id: string }> }) {
  const { id } = await context.params;
-  const userId = getUserIdFromRequest(req);
-  try {
-    await requirePermission({ userId, resource: "ADMIN", action: "MODERATE" });
-  } catch (e) {
-    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
-  }
  await prisma.boardCategory.delete({ where: { id } });
  return NextResponse.json({ ok: true });
 }
--- a/src/app/api/admin/categories/route.ts
+++ b/src/app/api/admin/categories/route.ts
@@ -1,8 +1,6 @@
 import { NextResponse } from "next/server";
 import prisma from "@/lib/prisma";
 import { z } from "zod";
-import { getUserIdFromRequest } from "@/lib/auth";
-import { requirePermission } from "@/lib/rbac";

 export async function GET() {
  const categories = await prisma.boardCategory.findMany({
@@ -19,12 +17,6 @@ const createSchema = z.object({
 });

 export async function POST(req: Request) {
-  const userId = getUserIdFromRequest(req);
-  try {
-    await requirePermission({ userId, resource: "ADMIN", action: "MODERATE" });
-  } catch (e) {
-    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
-  }
  const body = await req.json().catch(() => ({}));
  const parsed = createSchema.safeParse(body);
  if (!parsed.success) return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 });