Scrum4Me/app/api/tasks/[id]/route.ts

import { authenticateApiRequest } from '@/lib/api-auth'
import { prisma } from '@/lib/prisma'
import { productAccessFilter } from '@/lib/product-access'
import { z } from 'zod'

const patchSchema = z
  .object({
    status: z.enum(['TO_DO', 'IN_PROGRESS', 'DONE']).optional(),
    implementation_plan: z.string().optional(),
  })
  .refine((data) => data.status !== undefined || data.implementation_plan !== undefined, {
    message: 'Geef minimaal status of implementation_plan mee',
  })

export async function PATCH(
  request: Request,
  { params }: { params: Promise<{ id: string }> }
) {
  const auth = await authenticateApiRequest(request)
  if ('error' in auth) {
    return Response.json({ error: auth.error }, { status: auth.status })
  }
  if (auth.isDemo) {
    return Response.json({ error: 'Niet beschikbaar in demo-modus' }, { status: 403 })
  }

  const { id } = await params

  const task = await prisma.task.findFirst({
    where: { id, story: { product: productAccessFilter(auth.userId) } },
  })
  if (!task) {
    return Response.json({ error: 'Taak niet gevonden' }, { status: 404 })
  }

  const body = await request.json().catch(() => null)
  const parsed = patchSchema.safeParse(body)
  if (!parsed.success) {
    return Response.json({ error: parsed.error.flatten() }, { status: 400 })
  }

  const updated = await prisma.task.update({
    where: { id },
    data: {
      ...(parsed.data.status !== undefined && { status: parsed.data.status }),
      ...(parsed.data.implementation_plan !== undefined && {
        implementation_plan: parsed.data.implementation_plan,
      }),
    },
  })

  return Response.json({
    id: updated.id,
    status: updated.status,
    implementation_plan: updated.implementation_plan,
  })
}