janpeter/Scrum4Me
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Scrum4Me/app/api/stories/[id]/tasks/reorder/route.ts
janpeter visser b71a1a7328 feat: ST-401-ST-410 M4 REST API, tokenbeleer en activiteitenlog 
- api-auth.ts was al aanwezig; demo-check toegevoegd per endpoint (ST-401)
- Token aanmaken (SHA-256 hash, eenmalig tonen), intrekken, max 10 (ST-402)
- GET /api/products actieve productenlijst (ST-403)
- GET /api/products/:id/next-story hoogst geprioriteerde open story (ST-404)
- GET /api/sprints/:id/tasks met limit parameter (ST-405)
- PATCH /api/stories/:id/tasks/reorder met ID-validatie (ST-406)
- POST /api/stories/:id/log met discriminatedUnion per type (ST-407)
- PATCH /api/tasks/:id status bijwerken met cross-user bescherming (ST-408)
- POST /api/todos via API aanmaken (ST-409)
- StoryLog component met kleurcodering per type in story slide-over (ST-410)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-24 11:56:29 +02:00

50 lines
1.5 KiB
TypeScript
Raw Blame History

import { authenticateApiRequest } from '@/lib/api-auth'
import { prisma } from '@/lib/prisma'
import { z } from 'zod'
const bodySchema = z.object({
task_ids: z.array(z.string()).min(1),
})
export async function PATCH(
request: Request,
{ params }: { params: Promise<{ id: string }> }
) {
const auth = await authenticateApiRequest(request)
if ('error' in auth) {
return Response.json({ error: auth.error }, { status: auth.status })
}
if (auth.isDemo) {
return Response.json({ error: 'Niet beschikbaar in demo-modus' }, { status: 403 })
}
const { id: storyId } = await params
const body = await request.json().catch(() => null)
const parsed = bodySchema.safeParse(body)
if (!parsed.success) {
return Response.json({ error: parsed.error.flatten() }, { status: 400 })
}
const story = await prisma.story.findFirst({
where: { id: storyId, product: { user_id: auth.userId } },
include: { tasks: { select: { id: true } } },
})
if (!story) {
return Response.json({ error: 'Story niet gevonden' }, { status: 404 })
}
const storyTaskIds = new Set(story.tasks.map(t => t.id))
const invalidId = parsed.data.task_ids.find(id => !storyTaskIds.has(id))
if (invalidId) {
return Response.json({ error: `Ongeldig task_id: ${invalidId}` }, { status: 400 })
}
await prisma.$transaction(
parsed.data.task_ids.map((id, i) =>
prisma.task.update({ where: { id }, data: { sort_order: i + 1.0 } })
)
)
return Response.json({ success: true })
}
Reference in a new issue View git blame Copy permalink