janpeter/Scrum4Me
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: ProductMember — team management for product backlogs

Browse source 
- Add ProductMember model (many-to-many User ↔ Product)
- Add productAccessFilter helper (owner OR member OR clause)
- Replace all ownership checks across actions and API routes
- Add addProductMemberAction / removeProductMemberAction / leaveProductAction
- Add TeamManager component in product settings (owner adds/removes Developers)
- Add LeaveProductButton in user settings (member leaves a product team)
- Regenerate Prisma Client after schema migration

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Janpeter Visser 2026-04-25 13:09:44 +02:00
parent fc12e3cc64
commit 357b1e32e8
18 changed files with 370 additions and 82 deletions
Download patch file Download diff file Expand all files Collapse all files

15
actions/pbis.ts
View file

@ -6,15 +6,12 @@ import { getIronSession } from 'iron-session'
import { z } from 'zod' import { z } from 'zod'
import { prisma } from '@/lib/prisma' import { prisma } from '@/lib/prisma'
import { SessionData, sessionOptions } from '@/lib/session' import { SessionData, sessionOptions } from '@/lib/session'
import { getAccessibleProduct } from '@/lib/product-access'
async function getSession() { async function getSession() {
return getIronSession<SessionData>(await cookies(), sessionOptions) return getIronSession<SessionData>(await cookies(), sessionOptions)
} }
async function verifyProductOwnership(productId: string, userId: string) {
return prisma.product.findFirst({ where: { id: productId, user_id: userId } })
}
const createPbiSchema = z.object({ const createPbiSchema = z.object({
productId: z.string(), productId: z.string(),
title: z.string().min(1, 'Titel is verplicht').max(200), title: z.string().min(1, 'Titel is verplicht').max(200),
@ -40,7 +37,7 @@ export async function createPbiAction(_prevState: unknown, formData: FormData) {
}) })
if (!parsed.success) return { error: parsed.error.flatten().fieldErrors } if (!parsed.success) return { error: parsed.error.flatten().fieldErrors }
const product = await verifyProductOwnership(parsed.data.productId, session.userId) const product = await getAccessibleProduct(parsed.data.productId, session.userId)
if (!product) return { error: 'Product niet gevonden' } if (!product) return { error: 'Product niet gevonden' }
const last = await prisma.pbi.findFirst({ const last = await prisma.pbi.findFirst({
@ -79,7 +76,9 @@ export async function updatePbiAction(_prevState: unknown, formData: FormData) {
where: { id: parsed.data.id }, where: { id: parsed.data.id },
include: { product: true }, include: { product: true },
}) })
if (!pbi || pbi.product.user_id !== session.userId) return { error: 'PBI niet gevonden' } if (!pbi) return { error: 'PBI niet gevonden' }
const accessible = await getAccessibleProduct(pbi.product_id, session.userId)
if (!accessible) return { error: 'PBI niet gevonden' }
await prisma.pbi.update({ await prisma.pbi.update({
where: { id: parsed.data.id }, where: { id: parsed.data.id },
@ -103,7 +102,9 @@ export async function deletePbiAction(id: string) {
where: { id }, where: { id },
include: { product: true }, include: { product: true },
}) })
if (!pbi || pbi.product.user_id !== session.userId) return { error: 'PBI niet gevonden' } if (!pbi) return { error: 'PBI niet gevonden' }
const accessible = await getAccessibleProduct(pbi.product_id, session.userId)
if (!accessible) return { error: 'PBI niet gevonden' }
await prisma.pbi.delete({ where: { id } }) await prisma.pbi.delete({ where: { id } })

62
actions/products.ts
View file

@ -7,6 +7,7 @@ import { getIronSession } from 'iron-session'
import { z } from 'zod' import { z } from 'zod'
import { prisma } from '@/lib/prisma' import { prisma } from '@/lib/prisma'
import { SessionData, sessionOptions } from '@/lib/session' import { SessionData, sessionOptions } from '@/lib/session'
import { Role } from '@prisma/client'
const productSchema = z.object({ const productSchema = z.object({
name: z.string().min(1, 'Naam is verplicht').max(100, 'Naam mag maximaal 100 tekens bevatten'), name: z.string().min(1, 'Naam is verplicht').max(100, 'Naam mag maximaal 100 tekens bevatten'),
@ -137,3 +138,64 @@ export async function restoreProductAction(id: string) {
revalidatePath('/dashboard') revalidatePath('/dashboard')
return { success: true } return { success: true }
} }
export async function addProductMemberAction(_prevState: unknown, formData: FormData) {
const session = await getSession()
if (!session.userId) return { error: 'Niet ingelogd' }
if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
const productId = formData.get('productId') as string
const username = (formData.get('username') as string)?.trim().toLowerCase()
if (!username) return { error: 'Gebruikersnaam is verplicht' }
const product = await prisma.product.findFirst({ where: { id: productId, user_id: session.userId } })
if (!product) return { error: 'Product niet gevonden of geen eigenaar' }
const targetUser = await prisma.user.findUnique({
where: { username },
include: { roles: true },
})
if (!targetUser) return { error: 'Gebruiker niet gevonden' }
if (targetUser.is_demo) return { error: 'Demo-gebruiker kan niet worden toegevoegd' }
if (targetUser.id === session.userId) return { error: 'Je bent al eigenaar van dit product' }
const hasDeveloperRole = targetUser.roles.some(r => r.role === Role.DEVELOPER)
if (!hasDeveloperRole) return { error: `Gebruiker "${username}" heeft geen Developer-rol` }
const existing = await prisma.productMember.findUnique({
where: { product_id_user_id: { product_id: productId, user_id: targetUser.id } },
})
if (existing) return { error: 'Gebruiker is al lid van dit product' }
await prisma.productMember.create({
data: { product_id: productId, user_id: targetUser.id },
})
revalidatePath(`/products/${productId}/settings`)
return { success: true }
}
export async function removeProductMemberAction(productId: string, memberId: string) {
const session = await getSession()
if (!session.userId) return { error: 'Niet ingelogd' }
if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
const product = await prisma.product.findFirst({ where: { id: productId, user_id: session.userId } })
if (!product) return { error: 'Product niet gevonden of geen eigenaar' }
await prisma.productMember.deleteMany({ where: { product_id: productId, user_id: memberId } })
revalidatePath(`/products/${productId}/settings`)
return { success: true }
}
export async function leaveProductAction(productId: string) {
const session = await getSession()
if (!session.userId) return { error: 'Niet ingelogd' }
await prisma.productMember.deleteMany({ where: { product_id: productId, user_id: session.userId } })
revalidatePath('/settings')
return { success: true }
}

30
actions/sprints.ts
View file

@ -6,17 +6,12 @@ import { getIronSession } from 'iron-session'
import { z } from 'zod' import { z } from 'zod'
import { prisma } from '@/lib/prisma' import { prisma } from '@/lib/prisma'
import { SessionData, sessionOptions } from '@/lib/session' import { SessionData, sessionOptions } from '@/lib/session'
import { getAccessibleProduct, productAccessFilter } from '@/lib/product-access'
async function getSession() { async function getSession() {
return getIronSession<SessionData>(await cookies(), sessionOptions) return getIronSession<SessionData>(await cookies(), sessionOptions)
} }
async function verifyProductOwnership(productId: string, userId: string) {
return prisma.product.findFirst({ where: { id: productId, user_id: userId } })
}
// --- Sprint ---
export async function createSprintAction(_prevState: unknown, formData: FormData) { export async function createSprintAction(_prevState: unknown, formData: FormData) {
const session = await getSession() const session = await getSession()
if (!session.userId) return { error: 'Niet ingelogd' } if (!session.userId) return { error: 'Niet ingelogd' }
@ -31,7 +26,7 @@ export async function createSprintAction(_prevState: unknown, formData: FormData
}) })
if (!parsed.success) return { error: parsed.error.flatten().fieldErrors } if (!parsed.success) return { error: parsed.error.flatten().fieldErrors }
const product = await verifyProductOwnership(parsed.data.productId, session.userId) const product = await getAccessibleProduct(parsed.data.productId, session.userId)
if (!product) return { error: 'Product niet gevonden' } if (!product) return { error: 'Product niet gevonden' }
const existing = await prisma.sprint.findFirst({ const existing = await prisma.sprint.findFirst({
@ -61,7 +56,7 @@ export async function updateSprintGoalAction(_prevState: unknown, formData: Form
if (!sprint_goal?.trim()) return { error: 'Sprint Goal is verplicht' } if (!sprint_goal?.trim()) return { error: 'Sprint Goal is verplicht' }
const sprint = await prisma.sprint.findFirst({ const sprint = await prisma.sprint.findFirst({
where: { id, product: { user_id: session.userId } }, where: { id, product: productAccessFilter(session.userId) },
}) })
if (!sprint) return { error: 'Sprint niet gevonden' } if (!sprint) return { error: 'Sprint niet gevonden' }
@ -76,16 +71,15 @@ export async function addStoryToSprintAction(sprintId: string, storyId: string)
if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' } if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
const sprint = await prisma.sprint.findFirst({ const sprint = await prisma.sprint.findFirst({
where: { id: sprintId, product: { user_id: session.userId } }, where: { id: sprintId, product: productAccessFilter(session.userId) },
}) })
if (!sprint) return { error: 'Sprint niet gevonden' } if (!sprint) return { error: 'Sprint niet gevonden' }
const story = await prisma.story.findFirst({ const story = await prisma.story.findFirst({
where: { id: storyId, product: { user_id: session.userId } }, where: { id: storyId, product: productAccessFilter(session.userId) },
}) })
if (!story) return { error: 'Story niet gevonden' } if (!story) return { error: 'Story niet gevonden' }
// Sort order = last in sprint + 1
const last = await prisma.story.findFirst({ const last = await prisma.story.findFirst({
where: { sprint_id: sprintId }, where: { sprint_id: sprintId },
orderBy: { sort_order: 'desc' }, orderBy: { sort_order: 'desc' },
@ -107,20 +101,18 @@ export async function removeStoryFromSprintAction(storyId: string) {
if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' } if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
const story = await prisma.story.findFirst({ const story = await prisma.story.findFirst({
where: { id: storyId, product: { user_id: session.userId } }, where: { id: storyId, product: productAccessFilter(session.userId) },
include: { sprint: true }, include: { sprint: true },
}) })
if (!story) return { error: 'Story niet gevonden' } if (!story) return { error: 'Story niet gevonden' }
const productId = story.product_id
await prisma.story.update({ await prisma.story.update({
where: { id: storyId }, where: { id: storyId },
data: { sprint_id: null, status: 'OPEN' }, data: { sprint_id: null, status: 'OPEN' },
}) })
revalidatePath(`/products/${productId}/sprint`) revalidatePath(`/products/${story.product_id}/sprint`)
revalidatePath(`/products/${productId}`) revalidatePath(`/products/${story.product_id}`)
return { success: true } return { success: true }
} }
@ -130,7 +122,7 @@ export async function reorderSprintStoriesAction(sprintId: string, orderedIds: s
if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' } if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
const sprint = await prisma.sprint.findFirst({ const sprint = await prisma.sprint.findFirst({
where: { id: sprintId, product: { user_id: session.userId } }, where: { id: sprintId, product: productAccessFilter(session.userId) },
}) })
if (!sprint) return { error: 'Sprint niet gevonden' } if (!sprint) return { error: 'Sprint niet gevonden' }
@ -153,12 +145,11 @@ export async function completeSprintAction(
if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' } if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
const sprint = await prisma.sprint.findFirst({ const sprint = await prisma.sprint.findFirst({
where: { id: sprintId, product: { user_id: session.userId } }, where: { id: sprintId, product: productAccessFilter(session.userId) },
}) })
if (!sprint) return { error: 'Sprint niet gevonden' } if (!sprint) return { error: 'Sprint niet gevonden' }
await prisma.$transaction([ await prisma.$transaction([
// Update all story statuses based on decisions
...Object.entries(decisions).map(([storyId, status]) => ...Object.entries(decisions).map(([storyId, status]) =>
prisma.story.update({ prisma.story.update({
where: { id: storyId }, where: { id: storyId },
@ -168,7 +159,6 @@ export async function completeSprintAction(
}, },
}) })
), ),
// Close the sprint
prisma.sprint.update({ prisma.sprint.update({
where: { id: sprintId }, where: { id: sprintId },
data: { status: 'COMPLETED', completed_at: new Date() }, data: { status: 'COMPLETED', completed_at: new Date() },

23
actions/stories.ts
View file

@ -6,14 +6,15 @@ import { getIronSession } from 'iron-session'
import { z } from 'zod' import { z } from 'zod'
import { prisma } from '@/lib/prisma' import { prisma } from '@/lib/prisma'
import { SessionData, sessionOptions } from '@/lib/session' import { SessionData, sessionOptions } from '@/lib/session'
import { getAccessibleProduct, productAccessFilter } from '@/lib/product-access'
async function getSession() { async function getSession() {
return getIronSession<SessionData>(await cookies(), sessionOptions) return getIronSession<SessionData>(await cookies(), sessionOptions)
} }
async function verifyStoryOwnership(storyId: string, userId: string) { async function verifyStoryAccess(storyId: string, userId: string) {
return prisma.story.findFirst({ return prisma.story.findFirst({
where: { id: storyId, product: { user_id: userId } }, where: { id: storyId, product: productAccessFilter(userId) },
include: { product: true }, include: { product: true },
}) })
} }
@ -46,9 +47,8 @@ export async function createStoryAction(_prevState: unknown, formData: FormData)
}) })
if (!parsed.success) return { error: parsed.error.flatten().fieldErrors } if (!parsed.success) return { error: parsed.error.flatten().fieldErrors }
// Verify ownership via product
const pbi = await prisma.pbi.findFirst({ const pbi = await prisma.pbi.findFirst({
where: { id: parsed.data.pbiId, product: { user_id: session.userId } }, where: { id: parsed.data.pbiId, product: productAccessFilter(session.userId) },
}) })
if (!pbi) return { error: 'PBI niet gevonden' } if (!pbi) return { error: 'PBI niet gevonden' }
@ -87,7 +87,7 @@ export async function updateStoryAction(_prevState: unknown, formData: FormData)
}) })
if (!parsed.success) return { error: parsed.error.flatten().fieldErrors } if (!parsed.success) return { error: parsed.error.flatten().fieldErrors }
const story = await verifyStoryOwnership(parsed.data.id, session.userId) const story = await verifyStoryAccess(parsed.data.id, session.userId)
if (!story) return { error: 'Story niet gevonden' } if (!story) return { error: 'Story niet gevonden' }
await prisma.story.update({ await prisma.story.update({
@ -109,7 +109,7 @@ export async function deleteStoryAction(id: string) {
if (!session.userId) return { error: 'Niet ingelogd' } if (!session.userId) return { error: 'Niet ingelogd' }
if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' } if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
const story = await verifyStoryOwnership(id, session.userId) const story = await verifyStoryAccess(id, session.userId)
if (!story) return { error: 'Story niet gevonden' } if (!story) return { error: 'Story niet gevonden' }
await prisma.story.delete({ where: { id } }) await prisma.story.delete({ where: { id } })
@ -123,9 +123,7 @@ export async function reorderPbisAction(productId: string, orderedIds: string[])
if (!session.userId) return { error: 'Niet ingelogd' } if (!session.userId) return { error: 'Niet ingelogd' }
if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' } if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
const product = await prisma.product.findFirst({ const product = await getAccessibleProduct(productId, session.userId)
where: { id: productId, user_id: session.userId },
})
if (!product) return { error: 'Product niet gevonden' } if (!product) return { error: 'Product niet gevonden' }
await prisma.$transaction( await prisma.$transaction(
@ -144,11 +142,10 @@ export async function updatePbiPriorityAction(pbiId: string, priority: number, p
if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' } if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
const pbi = await prisma.pbi.findFirst({ const pbi = await prisma.pbi.findFirst({
where: { id: pbiId, product: { user_id: session.userId } }, where: { id: pbiId, product: productAccessFilter(session.userId) },
}) })
if (!pbi) return { error: 'PBI niet gevonden' } if (!pbi) return { error: 'PBI niet gevonden' }
// Place at the end of the target priority group
const last = await prisma.pbi.findFirst({ const last = await prisma.pbi.findFirst({
where: { product_id: productId, priority }, where: { product_id: productId, priority },
orderBy: { sort_order: 'desc' }, orderBy: { sort_order: 'desc' },
@ -168,7 +165,7 @@ export async function getStoryLogsAction(storyId: string) {
if (!session.userId) return { error: 'Niet ingelogd' } if (!session.userId) return { error: 'Niet ingelogd' }
const story = await prisma.story.findFirst({ const story = await prisma.story.findFirst({
where: { id: storyId, product: { user_id: session.userId } }, where: { id: storyId, product: productAccessFilter(session.userId) },
include: { product: { select: { repo_url: true } } }, include: { product: { select: { repo_url: true } } },
}) })
if (!story) return { error: 'Story niet gevonden' } if (!story) return { error: 'Story niet gevonden' }
@ -204,7 +201,7 @@ export async function reorderStoriesAction(
if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' } if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
const pbi = await prisma.pbi.findFirst({ const pbi = await prisma.pbi.findFirst({
where: { id: pbiId, product: { user_id: session.userId } }, where: { id: pbiId, product: productAccessFilter(session.userId) },
}) })
if (!pbi) return { error: 'PBI niet gevonden' } if (!pbi) return { error: 'PBI niet gevonden' }

23
actions/tasks.ts
View file

@ -6,6 +6,7 @@ import { getIronSession } from 'iron-session'
import { z } from 'zod' import { z } from 'zod'
import { prisma } from '@/lib/prisma' import { prisma } from '@/lib/prisma'
import { SessionData, sessionOptions } from '@/lib/session' import { SessionData, sessionOptions } from '@/lib/session'
import { productAccessFilter } from '@/lib/product-access'
async function getSession() { async function getSession() {
return getIronSession<SessionData>(await cookies(), sessionOptions) return getIronSession<SessionData>(await cookies(), sessionOptions)
@ -33,7 +34,7 @@ export async function createTaskAction(_prevState: unknown, formData: FormData)
if (!parsed.success) return { error: parsed.error.flatten().fieldErrors } if (!parsed.success) return { error: parsed.error.flatten().fieldErrors }
const story = await prisma.story.findFirst({ const story = await prisma.story.findFirst({
where: { id: storyId, product: { user_id: session.userId } }, where: { id: storyId, product: productAccessFilter(session.userId) },
}) })
if (!story) return { error: 'Story niet gevonden' } if (!story) return { error: 'Story niet gevonden' }
@ -72,10 +73,10 @@ export async function updateTaskAction(_prevState: unknown, formData: FormData)
if (!parsed.success) return { error: parsed.error.flatten().fieldErrors } if (!parsed.success) return { error: parsed.error.flatten().fieldErrors }
const task = await prisma.task.findFirst({ const task = await prisma.task.findFirst({
where: { id }, where: { id, story: { product: productAccessFilter(session.userId) } },
include: { story: { include: { product: true } } }, include: { story: true },
}) })
if (!task || task.story.product.user_id !== session.userId) return { error: 'Taak niet gevonden' } if (!task) return { error: 'Taak niet gevonden' }
await prisma.task.update({ await prisma.task.update({
where: { id }, where: { id },
@ -92,10 +93,10 @@ export async function updateTaskStatusAction(id: string, status: 'TO_DO' | 'IN_P
if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' } if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
const task = await prisma.task.findFirst({ const task = await prisma.task.findFirst({
where: { id }, where: { id, story: { product: productAccessFilter(session.userId) } },
include: { story: { include: { product: true } } }, include: { story: true },
}) })
if (!task || task.story.product.user_id !== session.userId) return { error: 'Taak niet gevonden' } if (!task) return { error: 'Taak niet gevonden' }
await prisma.task.update({ where: { id }, data: { status } }) await prisma.task.update({ where: { id }, data: { status } })
@ -109,10 +110,10 @@ export async function deleteTaskAction(id: string) {
if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' } if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
const task = await prisma.task.findFirst({ const task = await prisma.task.findFirst({
where: { id }, where: { id, story: { product: productAccessFilter(session.userId) } },
include: { story: { include: { product: true } } }, include: { story: true },
}) })
if (!task || task.story.product.user_id !== session.userId) return { error: 'Taak niet gevonden' } if (!task) return { error: 'Taak niet gevonden' }
await prisma.task.delete({ where: { id } }) await prisma.task.delete({ where: { id } })
@ -126,7 +127,7 @@ export async function reorderTasksAction(storyId: string, orderedIds: string[])
if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' } if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
const story = await prisma.story.findFirst({ const story = await prisma.story.findFirst({
where: { id: storyId, product: { user_id: session.userId } }, where: { id: storyId, product: productAccessFilter(session.userId) },
}) })
if (!story) return { error: 'Story niet gevonden' } if (!story) return { error: 'Story niet gevonden' }

21
app/(app)/products/[id]/settings/page.tsx
View file

@ -5,6 +5,7 @@ import { SessionData, sessionOptions } from '@/lib/session'
import { prisma } from '@/lib/prisma' import { prisma } from '@/lib/prisma'
import { ProductForm } from '@/components/products/product-form' import { ProductForm } from '@/components/products/product-form'
import { ArchiveProductButton } from '@/components/products/archive-product-button' import { ArchiveProductButton } from '@/components/products/archive-product-button'
import { TeamManager } from '@/components/products/team-manager'
import { updateProductAction } from '@/actions/products' import { updateProductAction } from '@/actions/products'
import Link from 'next/link' import Link from 'next/link'
@ -20,9 +21,17 @@ export default async function ProductSettingsPage({ params }: Props) {
const product = await prisma.product.findFirst({ const product = await prisma.product.findFirst({
where: { id, user_id: session.userId }, where: { id, user_id: session.userId },
include: {
members: {
include: { user: { select: { id: true, username: true } } },
orderBy: { created_at: 'asc' },
},
},
}) })
if (!product) notFound() if (!product) notFound()
const members = product.members.map(m => ({ id: m.user.id, username: m.user.username }))
return ( return (
<div className="p-6 max-w-2xl mx-auto w-full"> <div className="p-6 max-w-2xl mx-auto w-full">
<div className="flex items-center gap-3 mb-6"> <div className="flex items-center gap-3 mb-6">
@ -45,7 +54,17 @@ export default async function ProductSettingsPage({ params }: Props) {
}} }}
/> />
<div className="mt-10 pt-6 border-t border-border"> <div className="mt-8 pt-6 border-t border-border space-y-3">
<div>
<h2 className="text-sm font-medium text-foreground">Team</h2>
<p className="text-xs text-muted-foreground mt-0.5">
Voeg Developers toe die aan dit product mogen werken. Alleen gebruikers met de rol Developer kunnen worden toegevoegd.
</p>
</div>
<TeamManager productId={id} members={members} />
</div>
<div className="mt-8 pt-6 border-t border-border">
<h2 className="text-sm font-medium text-foreground mb-3">Gevaarlijke zone</h2> <h2 className="text-sm font-medium text-foreground mb-3">Gevaarlijke zone</h2>
<div className="bg-error-container/30 border border-error/20 rounded-xl p-4 flex items-center justify-between gap-4"> <div className="bg-error-container/30 border border-error/20 rounded-xl p-4 flex items-center justify-between gap-4">
<div> <div>

30
app/(app)/settings/page.tsx
View file

@ -3,14 +3,20 @@ import { getIronSession } from 'iron-session'
import { SessionData, sessionOptions } from '@/lib/session' import { SessionData, sessionOptions } from '@/lib/session'
import { prisma } from '@/lib/prisma' import { prisma } from '@/lib/prisma'
import { RoleManager } from '@/components/settings/role-manager' import { RoleManager } from '@/components/settings/role-manager'
import { LeaveProductButton } from '@/components/settings/leave-product-button'
import Link from 'next/link' import Link from 'next/link'
export default async function SettingsPage() { export default async function SettingsPage() {
const session = await getIronSession<SessionData>(await cookies(), sessionOptions) const session = await getIronSession<SessionData>(await cookies(), sessionOptions)
const [user, userRoles] = await Promise.all([ const [user, userRoles, memberships] = await Promise.all([
prisma.user.findUnique({ where: { id: session.userId }, select: { username: true } }), prisma.user.findUnique({ where: { id: session.userId }, select: { username: true } }),
prisma.userRole.findMany({ where: { user_id: session.userId } }), prisma.userRole.findMany({ where: { user_id: session.userId } }),
prisma.productMember.findMany({
where: { user_id: session.userId },
include: { product: { select: { id: true, name: true, user: { select: { username: true } } } } },
orderBy: { created_at: 'asc' },
}),
]) ])
const currentRoles = userRoles.map(r => r.role as string) const currentRoles = userRoles.map(r => r.role as string)
@ -28,6 +34,28 @@ export default async function SettingsPage() {
<RoleManager currentRoles={currentRoles} isDemo={session.isDemo ?? false} /> <RoleManager currentRoles={currentRoles} isDemo={session.isDemo ?? false} />
{memberships.length > 0 && (
<div className="bg-surface-container-low border border-border rounded-xl p-5 space-y-3">
<div>
<h2 className="text-sm font-medium text-foreground">Mijn teams</h2>
<p className="text-xs text-muted-foreground mt-0.5">
Products waarbij je als Developer bent toegevoegd.
</p>
</div>
<ul className="space-y-2">
{memberships.map(m => (
<li key={m.product.id} className="flex items-center justify-between gap-3 rounded-lg bg-surface-container px-3 py-2">
<div>
<p className="text-sm font-medium text-foreground">{m.product.name}</p>
<p className="text-xs text-muted-foreground">Eigenaar: {m.product.user.username}</p>
</div>
{!session.isDemo && <LeaveProductButton productId={m.product.id} />}
</li>
))}
</ul>
</div>
)}
<div className="bg-surface-container-low border border-border rounded-xl p-5 space-y-3"> <div className="bg-surface-container-low border border-border rounded-xl p-5 space-y-3">
<div className="flex items-center justify-between"> <div className="flex items-center justify-between">
<h2 className="text-sm font-medium text-foreground">API Tokens</h2> <h2 className="text-sm font-medium text-foreground">API Tokens</h2>

3
app/api/products/[id]/next-story/route.ts
View file

@ -1,5 +1,6 @@
import { authenticateApiRequest } from '@/lib/api-auth' import { authenticateApiRequest } from '@/lib/api-auth'
import { prisma } from '@/lib/prisma' import { prisma } from '@/lib/prisma'
import { productAccessFilter } from '@/lib/product-access'
export async function GET( export async function GET(
request: Request, request: Request,
@ -13,7 +14,7 @@ export async function GET(
const { id } = await params const { id } = await params
const sprint = await prisma.sprint.findFirst({ const sprint = await prisma.sprint.findFirst({
where: { product_id: id, status: 'ACTIVE', product: { user_id: auth.userId } }, where: { product_id: id, status: 'ACTIVE', product: productAccessFilter(auth.userId) },
}) })
if (!sprint) { if (!sprint) {
return Response.json({ error: 'Geen actieve Sprint gevonden' }, { status: 404 }) return Response.json({ error: 'Geen actieve Sprint gevonden' }, { status: 404 })

3
app/api/sprints/[id]/tasks/route.ts
View file

@ -1,5 +1,6 @@
import { authenticateApiRequest } from '@/lib/api-auth' import { authenticateApiRequest } from '@/lib/api-auth'
import { prisma } from '@/lib/prisma' import { prisma } from '@/lib/prisma'
import { productAccessFilter } from '@/lib/product-access'
export async function GET( export async function GET(
request: Request, request: Request,
@ -16,7 +17,7 @@ export async function GET(
const limit = Math.min(Math.max(1, limitParam), 50) const limit = Math.min(Math.max(1, limitParam), 50)
const sprint = await prisma.sprint.findFirst({ const sprint = await prisma.sprint.findFirst({
where: { id, product: { user_id: auth.userId } }, where: { id, product: productAccessFilter(auth.userId) },
}) })
if (!sprint) { if (!sprint) {
return Response.json({ error: 'Sprint niet gevonden' }, { status: 404 }) return Response.json({ error: 'Sprint niet gevonden' }, { status: 404 })

3
app/api/stories/[id]/log/route.ts
View file

@ -1,5 +1,6 @@
import { authenticateApiRequest } from '@/lib/api-auth' import { authenticateApiRequest } from '@/lib/api-auth'
import { prisma } from '@/lib/prisma' import { prisma } from '@/lib/prisma'
import { productAccessFilter } from '@/lib/product-access'
import { z } from 'zod' import { z } from 'zod'
const logSchema = z.discriminatedUnion('type', [ const logSchema = z.discriminatedUnion('type', [
@ -35,7 +36,7 @@ export async function POST(
const { id: storyId } = await params const { id: storyId } = await params
const story = await prisma.story.findFirst({ const story = await prisma.story.findFirst({
where: { id: storyId, product: { user_id: auth.userId } }, where: { id: storyId, product: productAccessFilter(auth.userId) },
}) })
if (!story) { if (!story) {
return Response.json({ error: 'Story niet gevonden' }, { status: 404 }) return Response.json({ error: 'Story niet gevonden' }, { status: 404 })

3
app/api/stories/[id]/tasks/reorder/route.ts
View file

@ -1,5 +1,6 @@
import { authenticateApiRequest } from '@/lib/api-auth' import { authenticateApiRequest } from '@/lib/api-auth'
import { prisma } from '@/lib/prisma' import { prisma } from '@/lib/prisma'
import { productAccessFilter } from '@/lib/product-access'
import { z } from 'zod' import { z } from 'zod'
const bodySchema = z.object({ const bodySchema = z.object({
@ -27,7 +28,7 @@ export async function PATCH(
} }
const story = await prisma.story.findFirst({ const story = await prisma.story.findFirst({
where: { id: storyId, product: { user_id: auth.userId } }, where: { id: storyId, product: productAccessFilter(auth.userId) },
include: { tasks: { select: { id: true } } }, include: { tasks: { select: { id: true } } },
}) })
if (!story) { if (!story) {

31
app/api/tasks/[id]/route.ts
View file

@ -1,10 +1,16 @@
import { authenticateApiRequest } from '@/lib/api-auth' import { authenticateApiRequest } from '@/lib/api-auth'
import { prisma } from '@/lib/prisma' import { prisma } from '@/lib/prisma'
import { productAccessFilter } from '@/lib/product-access'
import { z } from 'zod' import { z } from 'zod'
const patchSchema = z.object({ const patchSchema = z
status: z.enum(['TO_DO', 'IN_PROGRESS', 'DONE']), .object({
}) status: z.enum(['TO_DO', 'IN_PROGRESS', 'DONE']).optional(),
implementation_plan: z.string().optional(),
})
.refine((data) => data.status !== undefined || data.implementation_plan !== undefined, {
message: 'Geef minimaal status of implementation_plan mee',
})
export async function PATCH( export async function PATCH(
request: Request, request: Request,
@ -21,15 +27,11 @@ export async function PATCH(
const { id } = await params const { id } = await params
const task = await prisma.task.findFirst({ const task = await prisma.task.findFirst({
where: { id }, where: { id, story: { product: productAccessFilter(auth.userId) } },
include: { story: { include: { product: true } } },
}) })
if (!task) { if (!task) {
return Response.json({ error: 'Taak niet gevonden' }, { status: 404 }) return Response.json({ error: 'Taak niet gevonden' }, { status: 404 })
} }
if (task.story.product.user_id !== auth.userId) {
return Response.json({ error: 'Geen toegang' }, { status: 403 })
}
const body = await request.json().catch(() => null) const body = await request.json().catch(() => null)
const parsed = patchSchema.safeParse(body) const parsed = patchSchema.safeParse(body)
@ -39,8 +41,17 @@ export async function PATCH(
const updated = await prisma.task.update({ const updated = await prisma.task.update({
where: { id }, where: { id },
data: { status: parsed.data.status }, data: {
...(parsed.data.status !== undefined && { status: parsed.data.status }),
...(parsed.data.implementation_plan !== undefined && {
implementation_plan: parsed.data.implementation_plan,
}),
},
}) })
return Response.json({ id: updated.id, status: updated.status }) return Response.json({
id: updated.id,
status: updated.status,
implementation_plan: updated.implementation_plan,
})
} }

75
components/products/team-manager.tsx Normal file
View file

@ -0,0 +1,75 @@
'use client'
import { useActionState, useState, useTransition } from 'react'
import { Button } from '@/components/ui/button'
import { Input } from '@/components/ui/input'
import { addProductMemberAction, removeProductMemberAction } from '@/actions/products'
interface Member {
id: string
username: string
}
interface TeamManagerProps {
productId: string
members: Member[]
}
export function TeamManager({ productId, members }: TeamManagerProps) {
const [state, formAction, isPending] = useActionState(addProductMemberAction, null)
const [removingId, setRemovingId] = useState<string | null>(null)
const [, startTransition] = useTransition()
function handleRemove(memberId: string) {
setRemovingId(memberId)
startTransition(async () => {
await removeProductMemberAction(productId, memberId)
setRemovingId(null)
})
}
return (
<div className="space-y-4">
{members.length === 0 ? (
<p className="text-sm text-muted-foreground">Nog geen teamleden toegevoegd.</p>
) : (
<ul className="space-y-2">
{members.map(m => (
<li key={m.id} className="flex items-center justify-between gap-3 rounded-lg bg-surface-container px-3 py-2">
<span className="text-sm font-medium text-foreground">{m.username}</span>
<Button
variant="ghost"
size="sm"
className="text-error hover:bg-error/10 h-7 px-2 text-xs"
disabled={removingId === m.id}
onClick={() => handleRemove(m.id)}
>
{removingId === m.id ? 'Verwijderen…' : 'Verwijder'}
</Button>
</li>
))}
</ul>
)}
<form action={formAction} className="flex gap-2">
<input type="hidden" name="productId" value={productId} />
<Input
name="username"
placeholder="Gebruikersnaam van Developer"
className="flex-1"
disabled={isPending}
/>
<Button type="submit" size="sm" disabled={isPending}>
{isPending ? 'Toevoegen…' : 'Toevoegen'}
</Button>
</form>
{state && 'error' in state && typeof state.error === 'string' && (
<p className="text-xs text-error">{state.error}</p>
)}
{state && 'success' in state && (
<p className="text-xs text-success">Teamlid toegevoegd.</p>
)}
</div>
)
}

44
components/settings/leave-product-button.tsx Normal file
View file

@ -0,0 +1,44 @@
'use client'
import { useState, useTransition } from 'react'
import { Button } from '@/components/ui/button'
import { leaveProductAction } from '@/actions/products'
interface LeaveProductButtonProps {
productId: string
}
export function LeaveProductButton({ productId }: LeaveProductButtonProps) {
const [confirming, setConfirming] = useState(false)
const [isPending, startTransition] = useTransition()
function handleLeave() {
startTransition(async () => {
await leaveProductAction(productId)
})
}
if (confirming) {
return (
<div className="flex gap-2 shrink-0">
<Button variant="destructive" size="sm" disabled={isPending} onClick={handleLeave}>
{isPending ? 'Bezig…' : 'Ja, verlaten'}
</Button>
<Button variant="ghost" size="sm" onClick={() => setConfirming(false)} disabled={isPending}>
Annuleren
</Button>
</div>
)
}
return (
<Button
variant="outline"
size="sm"
className="shrink-0 border-error/40 text-error hover:bg-error/10"
onClick={() => setConfirming(true)}
>
Verlaten
</Button>
)
}

18
lib/product-access.ts Normal file
View file

@ -0,0 +1,18 @@
import { prisma } from '@/lib/prisma'
const accessFilter = (userId: string) => ({
OR: [
{ user_id: userId },
{ members: { some: { user_id: userId } } },
],
})
export async function getAccessibleProduct(productId: string, userId: string) {
return prisma.product.findFirst({
where: { id: productId, ...accessFilter(userId) },
})
}
export function productAccessFilter(userId: string) {
return accessFilter(userId)
}

2
prisma/migrations/20260425102419_add_task_implementation_plan/migration.sql Normal file
View file

@ -0,0 +1,2 @@
-- AlterTable
ALTER TABLE "tasks" ADD COLUMN "implementation_plan" TEXT;

21
prisma/migrations/20260425110346_add_product_members/migration.sql Normal file
View file

@ -0,0 +1,21 @@
-- CreateTable
CREATE TABLE "product_members" (
"id" TEXT NOT NULL,
"product_id" TEXT NOT NULL,
"user_id" TEXT NOT NULL,
"created_at" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
CONSTRAINT "product_members_pkey" PRIMARY KEY ("id")
);
-- CreateIndex
CREATE INDEX "product_members_user_id_idx" ON "product_members"("user_id");
-- CreateIndex
CREATE UNIQUE INDEX "product_members_product_id_user_id_key" ON "product_members"("product_id", "user_id");
-- AddForeignKey
ALTER TABLE "product_members" ADD CONSTRAINT "product_members_product_id_fkey" FOREIGN KEY ("product_id") REFERENCES "products"("id") ON DELETE CASCADE ON UPDATE CASCADE;
-- AddForeignKey
ALTER TABLE "product_members" ADD CONSTRAINT "product_members_user_id_fkey" FOREIGN KEY ("user_id") REFERENCES "users"("id") ON DELETE CASCADE ON UPDATE CASCADE;

45
prisma/schema.prisma
View file

@ -41,16 +41,17 @@ enum SprintStatus {
} }
model User { model User {
id String @id @default(cuid()) id String @id @default(cuid())
username String @unique username String @unique
password_hash String password_hash String
is_demo Boolean @default(false) is_demo Boolean @default(false)
created_at DateTime @default(now()) created_at DateTime @default(now())
updated_at DateTime @updatedAt updated_at DateTime @updatedAt
roles UserRole[] roles UserRole[]
api_tokens ApiToken[] api_tokens ApiToken[]
products Product[] products Product[]
todos Todo[] todos Todo[]
product_members ProductMember[]
@@map("users") @@map("users")
} }
@ -79,20 +80,21 @@ model ApiToken {
} }
model Product { model Product {
id String @id @default(cuid()) id String @id @default(cuid())
user User @relation(fields: [user_id], references: [id], onDelete: Cascade) user User @relation(fields: [user_id], references: [id], onDelete: Cascade)
user_id String user_id String
name String name String
description String? description String?
repo_url String? repo_url String?
definition_of_done String definition_of_done String
archived Boolean @default(false) archived Boolean @default(false)
created_at DateTime @default(now()) created_at DateTime @default(now())
updated_at DateTime @updatedAt updated_at DateTime @updatedAt
pbis Pbi[] pbis Pbi[]
sprints Sprint[] sprints Sprint[]
stories Story[] stories Story[]
todos Todo[] todos Todo[]
members ProductMember[]
@@unique([user_id, name]) @@unique([user_id, name])
@@index([user_id, archived]) @@index([user_id, archived])
@ -190,6 +192,19 @@ model Task {
@@map("tasks") @@map("tasks")
} }
model ProductMember {
id String @id @default(cuid())
product Product @relation(fields: [product_id], references: [id], onDelete: Cascade)
product_id String
user User @relation(fields: [user_id], references: [id], onDelete: Cascade)
user_id String
created_at DateTime @default(now())
@@unique([product_id, user_id])
@@index([user_id])
@@map("product_members")
}
model Todo { model Todo {
id String @id @default(cuid()) id String @id @default(cuid())
user User @relation(fields: [user_id], references: [id], onDelete: Cascade) user User @relation(fields: [user_id], references: [id], onDelete: Cascade)