74 lines
1.9 KiB
TypeScript
74 lines
1.9 KiB
TypeScript
import { NextRequest, NextResponse } from "next/server";
|
|
import { prisma } from "@/lib/prisma";
|
|
import { requireAuth } from "@/lib/auth";
|
|
|
|
// DELETE /api/groups/[id]/members/[memberId] — remove member (owner only)
|
|
export async function DELETE(
|
|
request: NextRequest,
|
|
{ params }: { params: Promise<{ id: string; memberId: string }> }
|
|
) {
|
|
try {
|
|
const auth = await requireAuth(request);
|
|
if (!auth) {
|
|
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
|
|
}
|
|
|
|
const { id, memberId } = await params;
|
|
|
|
// Find the group and verify the requester is the owner
|
|
const group = await prisma.group.findUnique({
|
|
where: { id },
|
|
});
|
|
|
|
if (!group) {
|
|
return NextResponse.json({ error: "Group not found" }, { status: 404 });
|
|
}
|
|
|
|
if (group.ownerId !== auth.userId) {
|
|
return NextResponse.json(
|
|
{ error: "Only the group owner can remove members" },
|
|
{ status: 403 }
|
|
);
|
|
}
|
|
|
|
// Find the membership to remove
|
|
const membership = await prisma.groupMember.findUnique({
|
|
where: { id: memberId },
|
|
});
|
|
|
|
if (!membership) {
|
|
return NextResponse.json(
|
|
{ error: "Member not found" },
|
|
{ status: 404 }
|
|
);
|
|
}
|
|
|
|
if (membership.groupId !== id) {
|
|
return NextResponse.json(
|
|
{ error: "Member does not belong to this group" },
|
|
{ status: 400 }
|
|
);
|
|
}
|
|
|
|
// Cannot remove the owner
|
|
if (membership.role === "owner") {
|
|
return NextResponse.json(
|
|
{ error: "Cannot remove the group owner" },
|
|
{ status: 403 }
|
|
);
|
|
}
|
|
|
|
await prisma.groupMember.delete({
|
|
where: { id: memberId },
|
|
});
|
|
|
|
return NextResponse.json({ success: true });
|
|
} catch (error) {
|
|
console.error("DELETE /api/groups/[id]/members/[memberId] error:", error);
|
|
return NextResponse.json(
|
|
{ error: "Internal server error" },
|
|
{ status: 500 }
|
|
);
|
|
}
|
|
}
|