feat(ST-510): add updateTodoAction — title, product_id, done bijwerken

Valideert eigenaarschap en product-toegang via productAccessFilter. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-25 20:00:48 +02:00 · 2026-04-25 20:00:48 +02:00 · f1384a87c1
commit f1384a87c1
parent 5dc8033b85
1 changed files with 34 additions and 0 deletions
--- a/actions/todos.ts
+++ b/actions/todos.ts
@ -59,6 +59,40 @@ export async function archiveCompletedTodosAction() {
  return { success: true }
 }

+export async function updateTodoAction(_prevState: unknown, formData: FormData) {
+  const session = await getSession()
+  if (!session.userId) return { error: 'Niet ingelogd' }
+  if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
+
+  const id = (formData.get('id') as string)?.trim()
+  const title = (formData.get('title') as string)?.trim()
+  const raw = (formData.get('productId') as string)?.trim()
+  const productId = raw || null
+  const done = formData.get('done') === 'on'
+
+  if (!id) return { error: 'Ongeldige todo' }
+  if (!title) return { error: 'Titel is verplicht' }
+
+  const todo = await prisma.todo.findFirst({
+    where: { id, user_id: session.userId },
+  })
+  if (!todo) return { error: 'Todo niet gevonden' }
+
+  if (productId) {
+    const product = await prisma.product.findFirst({
+      where: { id: productId, ...productAccessFilter(session.userId), archived: false },
+    })
+    if (!product) return { error: 'Product niet gevonden' }
+  }
+
+  await prisma.todo.update({
+    where: { id },
+    data: { title, product_id: productId, done },
+  })
+  revalidatePath('/todos')
+  return { success: true }
+}
+
 export async function archiveSelectedTodosAction(ids: string[]) {
  const session = await getSession()
  if (!session.userId) return { error: 'Niet ingelogd' }