feat: private forum groups - Group/GroupMember models, group CRUD API, invite codes, private threads, groups UI pages
This commit is contained in:
@@ -0,0 +1,73 @@
|
||||
import { NextRequest, NextResponse } from "next/server";
|
||||
import { prisma } from "@/lib/prisma";
|
||||
import { requireAuth } from "@/lib/auth";
|
||||
|
||||
// DELETE /api/groups/[id]/members/[memberId] — remove member (owner only)
|
||||
export async function DELETE(
|
||||
request: NextRequest,
|
||||
{ params }: { params: Promise<{ id: string; memberId: string }> }
|
||||
) {
|
||||
try {
|
||||
const auth = await requireAuth(request);
|
||||
if (!auth) {
|
||||
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
|
||||
}
|
||||
|
||||
const { id, memberId } = await params;
|
||||
|
||||
// Find the group and verify the requester is the owner
|
||||
const group = await prisma.group.findUnique({
|
||||
where: { id },
|
||||
});
|
||||
|
||||
if (!group) {
|
||||
return NextResponse.json({ error: "Group not found" }, { status: 404 });
|
||||
}
|
||||
|
||||
if (group.ownerId !== auth.userId) {
|
||||
return NextResponse.json(
|
||||
{ error: "Only the group owner can remove members" },
|
||||
{ status: 403 }
|
||||
);
|
||||
}
|
||||
|
||||
// Find the membership to remove
|
||||
const membership = await prisma.groupMember.findUnique({
|
||||
where: { id: memberId },
|
||||
});
|
||||
|
||||
if (!membership) {
|
||||
return NextResponse.json(
|
||||
{ error: "Member not found" },
|
||||
{ status: 404 }
|
||||
);
|
||||
}
|
||||
|
||||
if (membership.groupId !== id) {
|
||||
return NextResponse.json(
|
||||
{ error: "Member does not belong to this group" },
|
||||
{ status: 400 }
|
||||
);
|
||||
}
|
||||
|
||||
// Cannot remove the owner
|
||||
if (membership.role === "owner") {
|
||||
return NextResponse.json(
|
||||
{ error: "Cannot remove the group owner" },
|
||||
{ status: 403 }
|
||||
);
|
||||
}
|
||||
|
||||
await prisma.groupMember.delete({
|
||||
where: { id: memberId },
|
||||
});
|
||||
|
||||
return NextResponse.json({ success: true });
|
||||
} catch (error) {
|
||||
console.error("DELETE /api/groups/[id]/members/[memberId] error:", error);
|
||||
return NextResponse.json(
|
||||
{ error: "Internal server error" },
|
||||
{ status: 500 }
|
||||
);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user