hermes-web/app/api/settings/groups/permissions/route.ts

import { db } from "@/lib/db"
import { NextResponse } from "next/server";
import fetchUserWithImpersonation from "@/lib/fetch-user-impersonation";
import { ActionType, Prisma } from "@prisma/client";

export async function GET(req: Request) {
    try {
        const user = await fetchUserWithImpersonation(req)
        if (!user)
            return new NextResponse("Unauthorized", { status: 401 });

        const commands = await db.groupPermission.findMany({
            where: {
                userId: user.id
            }
        })

        return NextResponse.json(commands.map(({userId, ...attrs}) => attrs));
    } catch (error) {
        console.log("[GROUPS/PERMISSIONS]", error);
        return new NextResponse("Internal Error", { status: 500 });
    }
}

export async function POST(req: Request) {
    try {
        const user = await fetchUserWithImpersonation(req)
        if (!user)
            return new NextResponse("Unauthorized", { status: 401 });

        const { path, allow, groupId }: { path: string, allow: boolean, groupId: string } = await req.json();
        if (!path)
            return new NextResponse("Bad Request", { status: 400 });

        const permission = await db.groupPermission.create({
            data: {
                userId: user.id,
                path,
                allow,
                groupId
            }
        });

        return NextResponse.json(permission, { status: 200 });
    } catch (error) {
        console.log("[GROUPS/PERMISSIONS]", error);
        return new NextResponse("Internal Error", { status: 500 });
    }
}

export async function PUT(req: Request) {
    try {
        const user = await fetchUserWithImpersonation(req)
        if (!user)
            return new NextResponse("Unauthorized", { status: 401 });

        const { id, path, allow }: { id: string, path: string, allow: boolean|null } = await req.json();
        if (!id)
            return new NextResponse("Bad Request", { status: 400 });
        if (!path)
            return new NextResponse("Bad Request", { status: 400 });

        let data: any = {}
        if (!!path)
            data = { ...data, path }
        data = { ...data, allow }

        const permission = await db.groupPermission.update({
            where: {
                id
            },
            data: data
        });

        return NextResponse.json(permission, { status: 200 });
    } catch (error) {
        console.log("[GROUPS/PERMISSIONS]", error);
        return new NextResponse("Internal Error", { status: 500 });
    }
}

export async function DELETE(req: Request) {
    try {
        const user = await fetchUserWithImpersonation(req)
        if (!user)
            return new NextResponse("Unauthorized", { status: 401 });

        const { searchParams } = new URL(req.url)
        const id = searchParams.get('id') as string
        const permission = await db.groupPermission.delete({
            where: {
                id
            }
        })

        return NextResponse.json(permission);
    } catch (error) {
        console.log("[GROUPS/PERMISSIONS]", error);
        return new NextResponse("Internal Error", { status: 500 });
    }
}