janpeter/Scrum4Me
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ST-1240: Verwijder backend todo-code (server actions + API route) (#135)

Browse source 
* feat(cleanup): verwijder Todo's navlink en todo-referenties uit marketing page [cmotto5ia000nx3178lq6xk8d]

- nav-bar.tsx: Todo's navLink verwijderd; Ideas-link blijft staan
- app/page.tsx: /todos quick-access link, feature-entry en /api/todos API-doc verwijderd

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* feat(cleanup): verwijder app/(app)/todos/ en components/todos/ [cmottjvzo000cx3172472cu4g]

* test(cleanup): verwijder POST /api/todos import en describe-block uit security.test.ts [cmotto5jn000px317kjqlba89]

- Import 'POST as postTodo' uit verwijderde todos-route verwijderd
- describe('POST /api/todos') sectie (3 tests) verwijderd
- 73 testfiles / 561 tests groen

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* test(cleanup): verwijder __tests__/api/todos.test.ts en __tests__/actions/todos-promote-idea.test.ts [cmottjw1u000fx317igq27mh5]

* feat(cleanup): verwijder actions/todos.ts en app/api/todos/route.ts; verplaats updateRolesAction naar actions/settings.ts [cmottjvy9000ax3173sgfjcqs]

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Janpeter Visser 2026-05-06 12:24:48 +02:00 committed by GitHub
parent 52c610b11c
commit c18d17108c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 21 additions and 370 deletions
Download patch file Download diff file Expand all files Collapse all files

20
actions/settings.ts
View file

@ -11,6 +11,26 @@ async function getSession() {
return getIronSession<SessionData>(await cookies(), sessionOptions) return getIronSession<SessionData>(await cookies(), sessionOptions)
} }
export async function updateRolesAction(roles: string[]) {
const session = await getSession()
if (!session.userId) return { error: 'Niet ingelogd' }
if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
const validRoles = ['PRODUCT_OWNER', 'SCRUM_MASTER', 'DEVELOPER']
const filtered = roles.filter(r => validRoles.includes(r))
if (filtered.length === 0) return { error: 'Minimaal één rol is verplicht' }
await prisma.$transaction([
prisma.userRole.deleteMany({ where: { user_id: session.userId } }),
prisma.userRole.createMany({
data: filtered.map(role => ({ user_id: session.userId, role: role as 'PRODUCT_OWNER' | 'SCRUM_MASTER' | 'DEVELOPER' })),
}),
])
revalidatePath('/settings')
return { success: true }
}
export async function updateMinQuotaPctAction(value: number) { export async function updateMinQuotaPctAction(value: number) {
const session = await getSession() const session = await getSession()
if (!session.userId) return { error: 'Niet ingelogd' } if (!session.userId) return { error: 'Niet ingelogd' }

316
actions/todos.ts
View file

@ -1,316 +0,0 @@
'use server'
import { revalidatePath } from 'next/cache'
import { cookies } from 'next/headers'
import { getIronSession } from 'iron-session'
import { z } from 'zod'
import { prisma } from '@/lib/prisma'
import { SessionData, sessionOptions } from '@/lib/session'
import { productAccessFilter } from '@/lib/product-access'
import { generateNextPbiCode, generateNextStoryCode } from '@/lib/code-server'
import { enforceUserRateLimit } from '@/lib/rate-limit'
async function getSession() {
return getIronSession<SessionData>(await cookies(), sessionOptions)
}
export async function createTodoAction(_prevState: unknown, formData: FormData) {
const session = await getSession()
if (!session.userId) return { error: 'Niet ingelogd' }
if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
const limited = enforceUserRateLimit('create-todo', session.userId)
if (limited) return limited
const title = (formData.get('title') as string)?.trim()
const description = (formData.get('description') as string)?.trim() || null
const raw = (formData.get('productId') as string)?.trim()
const productId = (raw && raw !== 'all') ? raw : null
if (!title) return { error: 'Titel is verplicht' }
if (description && description.length > 2000) return { error: 'Beschrijving is langer dan 2000 tekens' }
if (productId) {
const product = await prisma.product.findFirst({
where: { id: productId, ...productAccessFilter(session.userId), archived: false },
})
if (!product) return { error: 'Product niet gevonden' }
}
await prisma.todo.create({
data: { user_id: session.userId, product_id: productId, title, description },
})
revalidatePath('/todos')
return { success: true }
}
export async function toggleTodoAction(id: string, done: boolean) {
const session = await getSession()
if (!session.userId) return { error: 'Niet ingelogd' }
if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
const todo = await prisma.todo.findFirst({ where: { id, user_id: session.userId } })
if (!todo) return { error: 'Todo niet gevonden' }
await prisma.todo.update({ where: { id }, data: { done } })
revalidatePath('/todos')
return { success: true }
}
export async function archiveCompletedTodosAction() {
const session = await getSession()
if (!session.userId) return { error: 'Niet ingelogd' }
if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
await prisma.todo.updateMany({
where: { user_id: session.userId, done: true, archived: false },
data: { archived: true },
})
revalidatePath('/todos')
return { success: true }
}
export async function updateTodoAction(_prevState: unknown, formData: FormData) {
const session = await getSession()
if (!session.userId) return { error: 'Niet ingelogd' }
if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
const id = (formData.get('id') as string)?.trim()
const title = (formData.get('title') as string)?.trim()
const description = (formData.get('description') as string)?.trim() || null
const raw = (formData.get('productId') as string)?.trim()
const productId = raw || null
const done = formData.get('done') === 'on'
if (!id) return { error: 'Ongeldige todo' }
if (!title) return { error: 'Titel is verplicht' }
if (description && description.length > 2000) return { error: 'Beschrijving is langer dan 2000 tekens' }
const todo = await prisma.todo.findFirst({
where: { id, user_id: session.userId },
})
if (!todo) return { error: 'Todo niet gevonden' }
if (productId) {
const product = await prisma.product.findFirst({
where: { id: productId, ...productAccessFilter(session.userId), archived: false },
})
if (!product) return { error: 'Product niet gevonden' }
}
await prisma.todo.update({
where: { id },
data: { title, description, product_id: productId, done },
})
revalidatePath('/todos')
return { success: true }
}
export async function archiveSelectedTodosAction(ids: string[]) {
const session = await getSession()
if (!session.userId) return { error: 'Niet ingelogd' }
if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
if (!ids.length) return { error: 'Geen todos geselecteerd' }
const owned = await prisma.todo.findMany({
where: { id: { in: ids }, user_id: session.userId },
select: { id: true },
})
if (owned.length !== ids.length) return { error: 'Ongeldige selectie' }
await prisma.todo.updateMany({
where: { id: { in: ids }, user_id: session.userId },
data: { archived: true },
})
revalidatePath('/todos')
return { success: true }
}
const promotePbiSchema = z.object({
todoId: z.string(),
productId: z.string(),
title: z.string().min(1).max(200),
priority: z.coerce.number().int().min(1).max(4),
})
export async function promoteTodoToPbiAction(_prevState: unknown, formData: FormData) {
const session = await getSession()
if (!session.userId) return { error: 'Niet ingelogd' }
if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
const parsed = promotePbiSchema.safeParse({
todoId: formData.get('todoId'),
productId: formData.get('productId'),
title: formData.get('title'),
priority: formData.get('priority'),
})
if (!parsed.success) return { error: parsed.error.flatten().fieldErrors }
const product = await prisma.product.findFirst({
where: { id: parsed.data.productId, ...productAccessFilter(session.userId) },
})
if (!product) return { error: 'Product niet gevonden' }
const todo = await prisma.todo.findFirst({
where: { id: parsed.data.todoId, user_id: session.userId },
})
if (!todo) return { error: 'Todo niet gevonden' }
const last = await prisma.pbi.findFirst({
where: { product_id: parsed.data.productId, priority: parsed.data.priority },
orderBy: { sort_order: 'desc' },
})
const pbiCode = await generateNextPbiCode(parsed.data.productId)
await prisma.$transaction([
prisma.pbi.create({
data: {
product_id: parsed.data.productId,
code: pbiCode,
title: parsed.data.title,
priority: parsed.data.priority,
sort_order: (last?.sort_order ?? 0) + 1.0,
},
}),
prisma.todo.deleteMany({ where: { id: parsed.data.todoId, user_id: session.userId } }),
])
revalidatePath('/todos')
revalidatePath(`/products/${parsed.data.productId}`)
return { success: true }
}
const promoteStorySchema = z.object({
todoId: z.string(),
productId: z.string(),
pbiId: z.string(),
title: z.string().min(1).max(200),
priority: z.coerce.number().int().min(1).max(4),
})
export async function promoteTodoToStoryAction(_prevState: unknown, formData: FormData) {
const session = await getSession()
if (!session.userId) return { error: 'Niet ingelogd' }
if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
const parsed = promoteStorySchema.safeParse({
todoId: formData.get('todoId'),
productId: formData.get('productId'),
pbiId: formData.get('pbiId'),
title: formData.get('title'),
priority: formData.get('priority'),
})
if (!parsed.success) return { error: parsed.error.flatten().fieldErrors }
const todo = await prisma.todo.findFirst({
where: { id: parsed.data.todoId, user_id: session.userId },
})
if (!todo) return { error: 'Todo niet gevonden' }
const pbi = await prisma.pbi.findFirst({
where: { id: parsed.data.pbiId, product: productAccessFilter(session.userId) },
})
if (!pbi) return { error: 'PBI niet gevonden' }
if (todo.product_id !== null && todo.product_id !== pbi.product_id) return { error: 'Todo hoort niet bij dit product' }
const last = await prisma.story.findFirst({
where: { pbi_id: parsed.data.pbiId, priority: parsed.data.priority },
orderBy: { sort_order: 'desc' },
})
const storyCode = await generateNextStoryCode(pbi.product_id)
await prisma.$transaction([
prisma.story.create({
data: {
pbi_id: parsed.data.pbiId,
product_id: pbi.product_id,
code: storyCode,
title: parsed.data.title,
priority: parsed.data.priority,
sort_order: (last?.sort_order ?? 0) + 1.0,
status: 'OPEN',
},
}),
prisma.todo.deleteMany({ where: { id: parsed.data.todoId, user_id: session.userId } }),
])
revalidatePath('/todos')
revalidatePath(`/products/${pbi.product_id}`)
return { success: true }
}
// M12: promote a Todo into a DRAFT Idea. Anders dan Todo→PBI/Story (die de
// todo deleteert) ARCHIVEREN we de todo hier — het idee houdt zelf de
// planningsgeschiedenis bij, en de archived todo bewaart het oorspronkelijke
// vertrekpunt.
export async function promoteTodoToIdeaAction(todoId: string): Promise<
{ success: true; idea_id: string; idea_code: string } | { error: string; code?: number }
> {
const session = await getSession()
if (!session.userId) return { error: 'Niet ingelogd', code: 401 }
if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus', code: 403 }
if (!todoId) return { error: 'todoId is verplicht', code: 422 }
const todo = await prisma.todo.findFirst({
where: { id: todoId, user_id: session.userId },
select: { id: true, title: true, description: true, product_id: true, archived: true },
})
if (!todo) return { error: 'Todo niet gevonden', code: 404 }
if (todo.archived) return { error: 'Todo is al gearchiveerd', code: 422 }
const userId = session.userId
// Lazy-import om dit server-only bestand niet te dwingen in een client bundle.
const { nextIdeaCode } = await import('@/lib/idea-code-server')
const idea = await prisma.$transaction(async (tx) => {
const code = await nextIdeaCode(userId, tx)
const created = await tx.idea.create({
data: {
user_id: userId,
product_id: todo.product_id,
code,
title: todo.title,
description: todo.description ?? null,
status: 'DRAFT',
},
select: { id: true, code: true },
})
await tx.todo.update({ where: { id: todoId }, data: { archived: true } })
await tx.ideaLog.create({
data: {
idea_id: created.id,
type: 'NOTE',
content: `Promoted from Todo ${todoId}`,
metadata: { source_todo_id: todoId },
},
})
return created
})
revalidatePath('/ideas')
revalidatePath('/todos')
return { success: true, idea_id: idea.id, idea_code: idea.code }
}
export async function updateRolesAction(roles: string[]) {
const session = await getSession()
if (!session.userId) return { error: 'Niet ingelogd' }
if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
const validRoles = ['PRODUCT_OWNER', 'SCRUM_MASTER', 'DEVELOPER']
const filtered = roles.filter(r => validRoles.includes(r))
if (filtered.length === 0) return { error: 'Minimaal één rol is verplicht' }
await prisma.$transaction([
prisma.userRole.deleteMany({ where: { user_id: session.userId } }),
prisma.userRole.createMany({
data: filtered.map(role => ({ user_id: session.userId, role: role as 'PRODUCT_OWNER' | 'SCRUM_MASTER' | 'DEVELOPER' })),
}),
])
revalidatePath('/settings')
return { success: true }
}

53
app/api/todos/route.ts
View file

@ -1,53 +0,0 @@
import { authenticateApiRequest } from '@/lib/api-auth'
import { prisma } from '@/lib/prisma'
import { z } from 'zod'
const bodySchema = z.object({
title: z.string().min(1, 'Titel is verplicht').max(500),
description: z.string().max(2000, 'Beschrijving mag maximaal 2000 tekens bevatten').optional(),
product_id: z.string().min(1, 'Product is verplicht'),
})
export async function POST(request: Request) {
const auth = await authenticateApiRequest(request)
if ('error' in auth) {
return Response.json({ error: auth.error }, { status: auth.status })
}
if (auth.isDemo) {
return Response.json({ error: 'Niet beschikbaar in demo-modus' }, { status: 403 })
}
let body: unknown
try {
body = await request.json()
} catch {
return Response.json({ error: 'Malformed JSON' }, { status: 400 })
}
const parsed = bodySchema.safeParse(body)
if (!parsed.success) {
return Response.json({ error: parsed.error.flatten() }, { status: 422 })
}
const product = await prisma.product.findFirst({
where: { id: parsed.data.product_id, user_id: auth.userId, archived: false },
})
if (!product) {
return Response.json({ error: 'Product niet gevonden' }, { status: 404 })
}
const description = parsed.data.description?.trim() || null
const todo = await prisma.todo.create({
data: {
user_id: auth.userId,
product_id: parsed.data.product_id,
title: parsed.data.title,
description,
},
})
return Response.json(
{ id: todo.id, title: todo.title, description: todo.description, created_at: todo.created_at },
{ status: 201 },
)
}

2
components/settings/role-manager.tsx
View file

@ -4,7 +4,7 @@ import { useState, useTransition } from 'react'
import { toast } from 'sonner' import { toast } from 'sonner'
import { Button } from '@/components/ui/button' import { Button } from '@/components/ui/button'
import { DemoTooltip } from '@/components/shared/demo-tooltip' import { DemoTooltip } from '@/components/shared/demo-tooltip'
import { updateRolesAction } from '@/actions/todos' import { updateRolesAction } from '@/actions/settings'
const ALL_ROLES = [ const ALL_ROLES = [
{ value: 'PRODUCT_OWNER', label: 'Product Owner' }, { value: 'PRODUCT_OWNER', label: 'Product Owner' },