refactor(dnd): remove drag-and-drop reorder for stories and tasks

- Remove reorderStoriesAction, reorderTasksAction, reorderSprintStoriesAction - Delete REST route app/api/stories/[id]/tasks/reorder/route.ts - Remove DnD from backlog story-panel and task-panel (flat list) - Remove reorder-within-sprint branch from sprint-board-client handleDragEnd - Switch SortableSprintRow to plain SprintRow using useDraggable (membership drag kept) - Remove all DnD from task-list (status toggle + edit kept) - Remove story-order/task-order/sprint-story-order/sprint-task-order mutation types and store handlers - Remove related tests for deleted reorder route; fix sprint store tests
2026-05-14 16:29:56 +02:00 · 2026-05-14 16:29:56 +02:00 · f68d985c2c
commit f68d985c2c
parent b816cbe710
16 changed files with 52 additions and 816 deletions
--- a/tests/api/security.test.ts
+++ b/tests/api/security.test.ts
@ -54,7 +54,6 @@ import { authenticateApiRequest } from '@/lib/api-auth'
 import { GET as getProducts } from '@/app/api/products/route'
 import { GET as getNextStory } from '@/app/api/products/[id]/next-story/route'
 import { GET as getSprintTasks } from '@/app/api/sprints/[id]/tasks/route'
-import { PATCH as patchReorder } from '@/app/api/stories/[id]/tasks/reorder/route'
 import { POST as postStoryLog } from '@/app/api/stories/[id]/log/route'
 import { PATCH as patchTask } from '@/app/api/tasks/[id]/route'

@ -276,56 +275,6 @@ describe('GET /api/sprints/:id/tasks', () => {
  })
 })

-// ─── PATCH /api/stories/:id/tasks/reorder ────────────────────────────────────
-
-describe('PATCH /api/stories/:id/tasks/reorder', () => {
-  const VALID_BODY = { task_ids: ['task-x'] }
-
-  // TC-RO-01
-  it('returns 401 when no valid token provided', async () => {
-    mockAuth.mockResolvedValue(UNAUTHORIZED)
-    const res = await patchReorder(
-      makePatch('http://localhost/api/stories/story-1/tasks/reorder', VALID_BODY),
-      routeCtx('story-1')
-    )
-    expect(res.status).toBe(401)
-  })
-
-  // TC-RO-03
-  it('returns 403 for demo users', async () => {
-    mockAuth.mockResolvedValue(DEMO_AUTH)
-    const res = await patchReorder(
-      makePatch('http://localhost/api/stories/story-1/tasks/reorder', VALID_BODY),
-      routeCtx('story-1')
-    )
-    expect(res.status).toBe(403)
-    const data = await res.json()
-    expect(data.error).toBe('Niet beschikbaar in demo-modus')
-  })
-
-  // TC-RO-04 / TC-RO-05
-  it('returns 404 when story is not accessible to the authenticated user', async () => {
-    mockAuth.mockResolvedValue(USER_2_AUTH)
-    mockPrisma.story.findFirst.mockResolvedValue(null)
-
-    const res = await patchReorder(
-      makePatch('http://localhost/api/stories/story-1/tasks/reorder', VALID_BODY),
-      routeCtx('story-1')
-    )
-    expect(res.status).toBe(404)
-    expect(mockPrisma.story.findFirst).toHaveBeenCalledWith(
-      expect.objectContaining({
-        where: expect.objectContaining({
-          id: 'story-1',
-          product: expect.objectContaining({
-            OR: expect.arrayContaining([{ user_id: 'user-2' }]),
-          }),
-        }),
-      })
-    )
-  })
-})
-
 // ─── POST /api/stories/:id/log ────────────────────────────────────────────────

 describe('POST /api/stories/:id/log', () => {