janpeter/Scrum4Me
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Scrum4Me/actions/products.ts
janpeter visser 35d60cc43b feat(ST-902): add setActiveProduct + clearActiveProduct server actions 
- actions/active-product.ts: setActiveProductAction validates access via
  productAccessFilter, rejects archived products and demo users
- archiveProductAction: clears active_product_id for all affected users in transaction
- removeProductMemberAction: clears active_product_id for removed member
- leaveProductAction: clears active_product_id for leaving user

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-27 19:01:20 +02:00

252 lines
8.7 KiB
TypeScript
Raw Blame History

'use server'
import { revalidatePath } from 'next/cache'
import { redirect } from 'next/navigation'
import { cookies } from 'next/headers'
import { getIronSession } from 'iron-session'
import { z } from 'zod'
import { prisma } from '@/lib/prisma'
import { SessionData, sessionOptions } from '@/lib/session'
import { Role } from '@prisma/client'
import { isValidCode, MAX_CODE_LENGTH, normalizeCode } from '@/lib/code'
const productSchema = z.object({
name: z.string().min(1, 'Naam is verplicht').max(100, 'Naam mag maximaal 100 tekens bevatten'),
code: z
.string()
.max(MAX_CODE_LENGTH, `Code mag maximaal ${MAX_CODE_LENGTH} tekens bevatten`)
.optional(),
description: z.string().max(1000, 'Beschrijving mag maximaal 1000 tekens bevatten').optional(),
repo_url: z
.string()
.url('Voer een geldige URL in (inclusief https://)')
.optional()
.or(z.literal('')),
definition_of_done: z
.string()
.min(1, 'Definition of Done is verplicht')
.max(500, 'Definition of Done mag maximaal 500 tekens bevatten'),
})
async function getSession() {
return getIronSession<SessionData>(await cookies(), sessionOptions)
}
export async function createProductAction(_prevState: unknown, formData: FormData) {
const session = await getSession()
if (!session.userId) return { error: 'Niet ingelogd' }
if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
const parsed = productSchema.safeParse({
name: formData.get('name'),
code: (formData.get('code') as string) || undefined,
description: formData.get('description') || undefined,
repo_url: formData.get('repo_url') || undefined,
definition_of_done: formData.get('definition_of_done'),
})
if (!parsed.success) {
return { error: parsed.error.flatten().fieldErrors }
}
const code = normalizeCode(parsed.data.code)
if (code !== null && !isValidCode(code)) {
return { error: { code: ['Code mag alleen letters, cijfers, punten, koppeltekens of underscores bevatten'] } }
}
const existing = await prisma.product.findFirst({
where: { user_id: session.userId, name: parsed.data.name },
})
if (existing) return { error: { name: ['Een product met deze naam bestaat al'] } }
if (code) {
const dup = await prisma.product.findFirst({ where: { user_id: session.userId, code } })
if (dup) return { error: { code: ['Deze code is al in gebruik'] } }
}
const product = await prisma.product.create({
data: {
user_id: session.userId,
name: parsed.data.name,
code,
description: parsed.data.description ?? null,
repo_url: parsed.data.repo_url || null,
definition_of_done: parsed.data.definition_of_done,
},
})
redirect(`/products/${product.id}`)
}
export async function updateProductAction(_prevState: unknown, formData: FormData) {
const session = await getSession()
if (!session.userId) return { error: 'Niet ingelogd' }
if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
const id = formData.get('id') as string
if (!id) return { error: 'Product niet gevonden' }
const parsed = productSchema.safeParse({
name: formData.get('name'),
code: (formData.get('code') as string) || undefined,
description: formData.get('description') || undefined,
repo_url: formData.get('repo_url') || undefined,
definition_of_done: formData.get('definition_of_done'),
})
if (!parsed.success) {
return { error: parsed.error.flatten().fieldErrors }
}
const code = normalizeCode(parsed.data.code)
if (code !== null && !isValidCode(code)) {
return { error: { code: ['Code mag alleen letters, cijfers, punten, koppeltekens of underscores bevatten'] } }
}
// Verify ownership
const product = await prisma.product.findFirst({
where: { id, user_id: session.userId },
})
if (!product) return { error: 'Product niet gevonden' }
// Check unique name (excluding self)
const duplicate = await prisma.product.findFirst({
where: { user_id: session.userId, name: parsed.data.name, NOT: { id } },
})
if (duplicate) return { error: { name: ['Een product met deze naam bestaat al'] } }
if (code) {
const dupCode = await prisma.product.findFirst({
where: { user_id: session.userId, code, NOT: { id } },
})
if (dupCode) return { error: { code: ['Deze code is al in gebruik'] } }
}
await prisma.product.update({
where: { id },
data: {
name: parsed.data.name,
code,
description: parsed.data.description ?? null,
repo_url: parsed.data.repo_url || null,
definition_of_done: parsed.data.definition_of_done,
},
})
revalidatePath(`/products/${id}`)
revalidatePath('/dashboard')
return { success: true }
}
export async function archiveProductAction(id: string) {
const session = await getSession()
if (!session.userId) return { error: 'Niet ingelogd' }
if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
const product = await prisma.product.findFirst({
where: { id, user_id: session.userId },
})
if (!product) return { error: 'Product niet gevonden' }
await prisma.$transaction([
// Clear active_product_id for all users who had this product active
prisma.user.updateMany({
where: { active_product_id: id },
data: { active_product_id: null },
}),
prisma.product.update({ where: { id }, data: { archived: true } }),
])
revalidatePath('/', 'layout')
redirect('/dashboard')
}
export async function restoreProductAction(id: string) {
const session = await getSession()
if (!session.userId) return { error: 'Niet ingelogd' }
if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
const product = await prisma.product.findFirst({
where: { id, user_id: session.userId },
})
if (!product) return { error: 'Product niet gevonden' }
await prisma.product.update({ where: { id }, data: { archived: false } })
revalidatePath('/dashboard')
return { success: true }
}
export async function addProductMemberAction(_prevState: unknown, formData: FormData) {
const session = await getSession()
if (!session.userId) return { error: 'Niet ingelogd' }
if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
const productId = formData.get('productId') as string
const username = (formData.get('username') as string)?.trim().toLowerCase()
if (!username) return { error: 'Gebruikersnaam is verplicht' }
const product = await prisma.product.findFirst({ where: { id: productId, user_id: session.userId } })
if (!product) return { error: 'Product niet gevonden of geen eigenaar' }
const targetUser = await prisma.user.findUnique({
where: { username },
include: { roles: true },
})
if (!targetUser) return { error: 'Gebruiker niet gevonden' }
if (targetUser.is_demo) return { error: 'Demo-gebruiker kan niet worden toegevoegd' }
if (targetUser.id === session.userId) return { error: 'Je bent al eigenaar van dit product' }
const hasDeveloperRole = targetUser.roles.some(r => r.role === Role.DEVELOPER)
if (!hasDeveloperRole) return { error: `Gebruiker "${username}" heeft geen Developer-rol` }
const existing = await prisma.productMember.findUnique({
where: { product_id_user_id: { product_id: productId, user_id: targetUser.id } },
})
if (existing) return { error: 'Gebruiker is al lid van dit product' }
await prisma.productMember.create({
data: { product_id: productId, user_id: targetUser.id },
})
revalidatePath(`/products/${productId}/settings`)
return { success: true }
}
export async function removeProductMemberAction(productId: string, memberId: string) {
const session = await getSession()
if (!session.userId) return { error: 'Niet ingelogd' }
if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
const product = await prisma.product.findFirst({ where: { id: productId, user_id: session.userId } })
if (!product) return { error: 'Product niet gevonden of geen eigenaar' }
await prisma.$transaction([
prisma.user.updateMany({
where: { id: memberId, active_product_id: productId },
data: { active_product_id: null },
}),
prisma.productMember.deleteMany({ where: { product_id: productId, user_id: memberId } }),
])
revalidatePath(`/products/${productId}/settings`)
return { success: true }
}
export async function leaveProductAction(productId: string) {
const session = await getSession()
if (!session.userId) return { error: 'Niet ingelogd' }
await prisma.$transaction([
prisma.user.updateMany({
where: { id: session.userId, active_product_id: productId },
data: { active_product_id: null },
}),
prisma.productMember.deleteMany({ where: { product_id: productId, user_id: session.userId } }),
])
revalidatePath('/', 'layout')
revalidatePath('/settings')
return { success: true }
}
Reference in a new issue View git blame Copy permalink