Scrum4Me/app/api/tasks/[id]/route.ts

import { authenticateApiRequest } from '@/lib/api-auth'
import { prisma } from '@/lib/prisma'
import { z } from 'zod'
import { TASK_STATUS_API_VALUES, taskStatusFromApi, taskStatusToApi } from '@/lib/task-status'

const patchSchema = z
  .object({
    status: z.enum(TASK_STATUS_API_VALUES as [string, ...string[]]).optional(),
    implementation_plan: z.string().optional(),
  })
  .refine((data) => data.status !== undefined || data.implementation_plan !== undefined, {
    message: 'Geef minimaal status of implementation_plan mee',
  })

export async function PATCH(
  request: Request,
  { params }: { params: Promise<{ id: string }> }
) {
  const auth = await authenticateApiRequest(request)
  if ('error' in auth) {
    return Response.json({ error: auth.error }, { status: auth.status })
  }
  if (auth.isDemo) {
    return Response.json({ error: 'Niet beschikbaar in demo-modus' }, { status: 403 })
  }

  const { id } = await params

  const task = await prisma.task.findFirst({
    where: { id },
    include: {
      story: {
        include: {
          product: {
            include: {
              members: {
                where: { user_id: auth.userId },
                select: { id: true },
              },
            },
          },
        },
      },
    },
  })
  if (!task) {
    return Response.json({ error: 'Taak niet gevonden' }, { status: 404 })
  }

  const hasAccess =
    task.story.product.user_id === auth.userId ||
    (task.story.product.members?.length ?? 0) > 0
  if (!hasAccess) {
    return Response.json({ error: 'Geen toegang' }, { status: 403 })
  }

  const body = await request.json().catch(() => null)
  const parsed = patchSchema.safeParse(body)
  if (!parsed.success) {
    return Response.json({ error: parsed.error.flatten() }, { status: 422 })
  }

  let dbStatus: ReturnType<typeof taskStatusFromApi> | undefined
  if (parsed.data.status !== undefined) {
    dbStatus = taskStatusFromApi(parsed.data.status)
    if (dbStatus === null) {
      return Response.json(
        { error: { fieldErrors: { status: ['Onbekende status'] } } },
        { status: 422 },
      )
    }
  }

  const updated = await prisma.task.update({
    where: { id },
    data: {
      ...(dbStatus !== undefined && dbStatus !== null && { status: dbStatus }),
      ...(parsed.data.implementation_plan !== undefined && {
        implementation_plan: parsed.data.implementation_plan,
      }),
    },
  })

  return Response.json({
    id: updated.id,
    status: taskStatusToApi(updated.status),
    implementation_plan: updated.implementation_plan,
  })
}