import { json, error } from '@sveltejs/kit'; import type { RequestHandler } from './$types.js'; import { prisma } from '$lib/server/db.js'; import { columnSchema, moveColumnSchema } from '$lib/server/validation.js'; // Update column title export const PATCH: RequestHandler = async ({ params, request, locals }) => { const tenant = locals.tenant; if (!tenant) throw error(400, 'Unknown tenant'); if (!locals.user) throw error(401, 'Not authenticated'); const column = await prisma.column.findFirst({ where: { id: params.columnId, board: { id: params.boardId, tenantId: tenant.id } }, include: { board: { include: { members: true } } } }); if (!column) throw error(404, 'Column not found'); const member = column.board.members.find((m) => m.userId === locals.user!.id); const isAdmin = locals.user.globalRole === 'SITE_ADMIN' || locals.user.tenantRole === 'ADMIN'; if (!member && !isAdmin) throw error(403, 'Access denied'); if (member && member.role === 'VIEWER') throw error(403, 'Viewers cannot edit columns'); const body = await request.json(); // Allow both title update and position update if (body.position !== undefined) { const result = moveColumnSchema.safeParse(body); if (!result.success) { return json({ error: result.error.issues[0].message }, { status: 400 }); } const updated = await prisma.column.update({ where: { id: params.columnId }, data: { position: result.data.position } }); return json({ column: updated }); } const result = columnSchema.safeParse(body); if (!result.success) { return json({ error: result.error.issues[0].message }, { status: 400 }); } const updated = await prisma.column.update({ where: { id: params.columnId }, data: { title: result.data.title } }); return json({ column: updated }); }; // Delete column export const DELETE: RequestHandler = async ({ params, locals }) => { const tenant = locals.tenant; if (!tenant) throw error(400, 'Unknown tenant'); if (!locals.user) throw error(401, 'Not authenticated'); const column = await prisma.column.findFirst({ where: { id: params.columnId, board: { id: params.boardId, tenantId: tenant.id } }, include: { board: { include: { members: true } } } }); if (!column) throw error(404, 'Column not found'); const member = column.board.members.find((m) => m.userId === locals.user!.id); const isAdmin = locals.user.globalRole === 'SITE_ADMIN' || locals.user.tenantRole === 'ADMIN'; if (member?.role === 'VIEWER' && !isAdmin) throw error(403, 'Viewers cannot delete columns'); if (!member && !isAdmin) throw error(403, 'Access denied'); await prisma.column.delete({ where: { id: params.columnId } }); return json({ ok: true }); };