import { NextRequest, NextResponse } from "next/server"; import { prisma } from "@/lib/prisma"; import { requireAuth, requireRole, forbidden } from "@/lib/api-auth"; function templateAccessWhere(user: { role: string; establishmentId?: string }, establishmentId?: string | null) { if (user.role === "superadmin" && establishmentId) { return { OR: [{ isPublic: true }, { establishmentId }] }; } if (user.establishmentId) { return { OR: [{ isPublic: true }, { establishmentId: user.establishmentId }] }; } return { isPublic: true }; } async function canManageTemplate(user: { role: string; establishmentId?: string }, id: string) { if (user.role === "superadmin") return true; const template = await prisma.template.findUnique({ where: { id } }); if (!template) return false; return template.establishmentId === user.establishmentId; } export async function GET(req: NextRequest) { const user = await requireAuth(); if (user instanceof NextResponse) return user; const { searchParams } = new URL(req.url); const requestedEst = searchParams.get("establishmentId"); const where = user.role === "superadmin" && !requestedEst ? {} : templateAccessWhere(user, requestedEst); const templates = await prisma.template.findMany({ where, orderBy: { createdAt: "desc" }, }); return NextResponse.json(templates); } export async function POST(req: NextRequest) { const user = await requireAuth(); if (user instanceof NextResponse) return user; const denied = requireRole(user, "superadmin", "admin"); if (denied) return denied; const body = await req.json(); let { name, type, dockerImage, composeConfig, isPublic, establishmentId, createdBy } = body; if (user.role !== "superadmin") { if (establishmentId && establishmentId !== user.establishmentId) { return forbidden(); } establishmentId = user.establishmentId; } const template = await prisma.template.create({ data: { name, type, dockerImage, composeConfig, isPublic, establishmentId, createdBy }, }); return NextResponse.json(template, { status: 201 }); } export async function PUT(req: NextRequest) { const user = await requireAuth(); if (user instanceof NextResponse) return user; const denied = requireRole(user, "superadmin", "admin"); if (denied) return denied; const body = await req.json(); const { id, ...data } = body; if (!id) return NextResponse.json({ error: "Missing id" }, { status: 400 }); if (!(await canManageTemplate(user, id))) return forbidden(); if (user.role !== "superadmin" && data.establishmentId && data.establishmentId !== user.establishmentId) { return forbidden(); } const template = await prisma.template.update({ where: { id }, data }); return NextResponse.json(template); } export async function DELETE(req: NextRequest) { const user = await requireAuth(); if (user instanceof NextResponse) return user; const denied = requireRole(user, "superadmin", "admin"); if (denied) return denied; const { searchParams } = new URL(req.url); const id = searchParams.get("id"); if (!id) return NextResponse.json({ error: "Missing id" }, { status: 400 }); if (!(await canManageTemplate(user, id))) return forbidden(); await prisma.template.delete({ where: { id } }); return NextResponse.json({ ok: true }); }