feat(ST-509): add archiveSelectedTodosAction with ownership validation
Validates all provided IDs belong to the session user before bulk-archiving. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
5dd89739ce
commit
6fa768aabe
1 changed files with 20 additions and 0 deletions
|
|
@ -59,6 +59,26 @@ export async function archiveCompletedTodosAction() {
|
||||||
return { success: true }
|
return { success: true }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
export async function archiveSelectedTodosAction(ids: string[]) {
|
||||||
|
const session = await getSession()
|
||||||
|
if (!session.userId) return { error: 'Niet ingelogd' }
|
||||||
|
if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
|
||||||
|
if (!ids.length) return { error: 'Geen todos geselecteerd' }
|
||||||
|
|
||||||
|
const owned = await prisma.todo.findMany({
|
||||||
|
where: { id: { in: ids }, user_id: session.userId },
|
||||||
|
select: { id: true },
|
||||||
|
})
|
||||||
|
if (owned.length !== ids.length) return { error: 'Ongeldige selectie' }
|
||||||
|
|
||||||
|
await prisma.todo.updateMany({
|
||||||
|
where: { id: { in: ids }, user_id: session.userId },
|
||||||
|
data: { archived: true },
|
||||||
|
})
|
||||||
|
revalidatePath('/todos')
|
||||||
|
return { success: true }
|
||||||
|
}
|
||||||
|
|
||||||
const promotePbiSchema = z.object({
|
const promotePbiSchema = z.object({
|
||||||
todoId: z.string(),
|
todoId: z.string(),
|
||||||
productId: z.string(),
|
productId: z.string(),
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue