From b358f5d7b770d0901088d94b3bf7e4c05618155e Mon Sep 17 00:00:00 2001
From: chop <rkwojs@gmail.com>
Date: Thu, 22 Jan 2026 21:51:37 +0100
Subject: [PATCH] feat: Implement delete confirmation modal and restrict delete
 access to team leads

---
 src/app/api/contracts/[id]/route.js |   4 +-
 src/app/contracts/page.js           | 293 +++++++++++++++++++++++-----
 2 files changed, 247 insertions(+), 50 deletions(-)

diff --git a/src/app/api/contracts/[id]/route.js b/src/app/api/contracts/[id]/route.js
index 0dd9410..b5dcc55 100644
--- a/src/app/api/contracts/[id]/route.js
+++ b/src/app/api/contracts/[id]/route.js
@@ -1,6 +1,6 @@
 import db from "@/lib/db";
 import { NextResponse } from "next/server";
-import { withReadAuth, withUserAuth } from "@/lib/middleware/auth";
+import { withReadAuth, withTeamLeadAuth } from "@/lib/middleware/auth";
 
 async function getContractHandler(req, { params }) {
 	const { id } = await params;
@@ -61,4 +61,4 @@ async function deleteContractHandler(req, { params }) {
 
 // Protected routes - require authentication  
 export const GET = withReadAuth(getContractHandler);
-export const DELETE = withUserAuth(deleteContractHandler);
+export const DELETE = withTeamLeadAuth(deleteContractHandler);
diff --git a/src/app/contracts/page.js b/src/app/contracts/page.js
index f34a0cd..d2df1be 100644
--- a/src/app/contracts/page.js
+++ b/src/app/contracts/page.js
@@ -2,6 +2,7 @@
 
 import { useEffect, useState } from "react";
 import Link from "next/link";
+import { useSession } from "next-auth/react";
 import { Card, CardHeader, CardContent } from "@/components/ui/Card";
 import Button from "@/components/ui/Button";
 import Badge from "@/components/ui/Badge";
@@ -15,6 +16,7 @@ import { useTranslation } from "@/lib/i18n";
 
 export default function ContractsMainPage() {
 	const { t } = useTranslation();
+	const { data: session } = useSession();
 	const [contracts, setContracts] = useState([]);
 	const [loading, setLoading] = useState(true);
 	const [searchTerm, setSearchTerm] = useState("");
@@ -22,17 +24,27 @@ export default function ContractsMainPage() {
 	const [sortBy, setSortBy] = useState("date_signed");
 	const [sortOrder, setSortOrder] = useState("desc");
 	const [statusFilter, setStatusFilter] = useState("all");
+	const [showDeleteModal, setShowDeleteModal] = useState(false);
+	const [contractToDelete, setContractToDelete] = useState(null);
+	const [deleting, setDeleting] = useState(false);
+	const [error, setError] = useState(null);
+	const [success, setSuccess] = useState(null);
 
 	useEffect(() => {
 		async function fetchContracts() {
 			setLoading(true);
+			setError(null);
 			try {
 				const res = await fetch("/api/contracts");
+				if (!res.ok) {
+					throw new Error("Failed to fetch contracts");
+				}
 				const data = await res.json();
 				setContracts(data);
 				setFilteredContracts(data);
 			} catch (error) {
 				console.error("Error fetching contracts:", error);
+				setError("Nie udało się pobrać listy umów. Spróbuj ponownie później.");
 			} finally {
 				setLoading(false);
 			}
@@ -93,27 +105,6 @@ export default function ContractsMainPage() {
 		setFilteredContracts(filtered);
 	}, [searchTerm, contracts, sortBy, sortOrder, statusFilter]);
 
-	async function handleDelete(id) {
-		const confirmed = confirm("Czy na pewno chcesz usunąć tę umowę?");
-		if (!confirmed) return;
-
-		try {
-			const res = await fetch(`/api/contracts/${id}`, {
-				method: "DELETE",
-			});
-
-			if (res.ok) {
-				setContracts(contracts.filter((c) => c.contract_id !== id));
-			} else {
-				alert("Błąd podczas usuwania umowy.");
-			}
-		} catch (error) {
-			console.error("Error deleting contract:", error);
-			alert("Błąd podczas usuwania umowy.");
-		}
-	}
-
-	// Get contract statistics
 	const getContractStats = () => {
 		const currentDate = new Date();
 		const total = contracts.length;
@@ -148,25 +139,50 @@ export default function ContractsMainPage() {
 		}
 	};
 
-	async function handleDelete(id) {
-		const confirmed = confirm("Czy na pewno chcesz usunąć tę umowę?");
-		if (!confirmed) return;
+	const initiateDelete = (contract) => {
+		setContractToDelete(contract);
+		setShowDeleteModal(true);
+	};
+
+	const handleDelete = async () => {
+		if (!contractToDelete) return;
+
+		setDeleting(true);
+		setError(null);
 
 		try {
-			const res = await fetch(`/api/contracts/${id}`, {
+			const res = await fetch(`/api/contracts/${contractToDelete.contract_id}`, {
 				method: "DELETE",
 			});
 
+			const data = await res.json();
+
 			if (res.ok) {
-				setContracts(contracts.filter((c) => c.contract_id !== id));
+				setContracts(contracts.filter((c) => c.contract_id !== contractToDelete.contract_id));
+				setSuccess(`Umowa "${contractToDelete.contract_number}" została usunięta.`);
+				setShowDeleteModal(false);
+				setContractToDelete(null);
+				
+				// Auto-hide success message after 5 seconds
+				setTimeout(() => setSuccess(null), 5000);
 			} else {
-				alert("Błąd podczas usuwania umowy.");
+				setError(data.error || "Nie udało się usunąć umowy.");
 			}
 		} catch (error) {
 			console.error("Error deleting contract:", error);
-			alert("Błąd podczas usuwania umowy.");
+			setError("Wystąpił błąd podczas usuwania umowy. Spróbuj ponownie.");
+		} finally {
+			setDeleting(false);
 		}
-	}
+	};
+
+	const cancelDelete = () => {
+		if (!deleting) {
+			setShowDeleteModal(false);
+			setContractToDelete(null);
+			setError(null);
+		}
+	};
 
 	const handleSearchChange = (e) => {
 		setSearchTerm(e.target.value);
@@ -264,6 +280,67 @@ export default function ContractsMainPage() {
 					</Button>
 				</Link>{" "}
 			</PageHeader>
+
+			{/* Success Message */}
+			{success && (
+				<div className="mb-6 bg-green-50 border border-green-200 rounded-lg p-4 flex items-start">
+					<svg
+						className="w-5 h-5 text-green-600 mr-3 mt-0.5 flex-shrink-0"
+						fill="none"
+						stroke="currentColor"
+						viewBox="0 0 24 24"
+					>
+						<path
+							strokeLinecap="round"
+							strokeLinejoin="round"
+							strokeWidth={2}
+							d="M9 12l2 2 4-4m6 2a9 9 0 11-18 0 9 9 0 0118 0z"
+						/>
+					</svg>
+					<div className="flex-1">
+						<p className="text-sm font-medium text-green-800">{success}</p>
+					</div>
+					<button
+						onClick={() => setSuccess(null)}
+						className="text-green-600 hover:text-green-800 ml-3"
+					>
+						<svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+							<path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M6 18L18 6M6 6l12 12" />
+						</svg>
+					</button>
+				</div>
+			)}
+
+			{/* Error Message */}
+			{error && (
+				<div className="mb-6 bg-red-50 border border-red-200 rounded-lg p-4 flex items-start">
+					<svg
+						className="w-5 h-5 text-red-600 mr-3 mt-0.5 flex-shrink-0"
+						fill="none"
+						stroke="currentColor"
+						viewBox="0 0 24 24"
+					>
+						<path
+							strokeLinecap="round"
+							strokeLinejoin="round"
+							strokeWidth={2}
+							d="M12 8v4m0 4h.01M21 12a9 9 0 11-18 0 9 9 0 0118 0z"
+						/>
+					</svg>
+					<div className="flex-1">
+						<p className="text-sm font-medium text-red-800">{error}</p>
+					</div>
+					<button
+						onClick={() => setError(null)}
+						className="text-red-600 hover:text-red-800 ml-3"
+					>
+						<svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+							<path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M6 18L18 6M6 6l12 12" />
+						</svg>
+					</button>
+				</div>
+			)}
+
 			{/* Statistics Cards */}
 			<div className="grid grid-cols-1 md:grid-cols-4 gap-6 mb-6">
 				<Card>
@@ -573,26 +650,28 @@ export default function ContractsMainPage() {
 												</svg>
 												Szczegóły
 											</Link>
-											<Button
-												variant="danger"
-												size="sm"
-												onClick={() => handleDelete(contract.contract_id)}
-											>
-												<svg
-													className="w-4 h-4 mr-1"
-													fill="none"
-													stroke="currentColor"
-													viewBox="0 0 24 24"
+											{session?.user?.role === 'team_lead' && (
+												<Button
+													variant="danger"
+													size="sm"
+													onClick={() => initiateDelete(contract)}
 												>
-													<path
-														strokeLinecap="round"
-														strokeLinejoin="round"
-														strokeWidth={2}
-														d="M19 7l-.867 12.142A2 2 0 0116.138 21H7.862a2 2 0 01-1.995-1.858L5 7m5 4v6m4-6v6m1-10V4a1 1 0 00-1-1h-4a1 1 0 00-1 1v3M4 7h16"
-													/>
-												</svg>
-												Usuń
-											</Button>
+													<svg
+														className="w-4 h-4 mr-1"
+														fill="none"
+														stroke="currentColor"
+														viewBox="0 0 24 24"
+													>
+														<path
+															strokeLinecap="round"
+															strokeLinejoin="round"
+															strokeWidth={2}
+															d="M19 7l-.867 12.142A2 2 0 0116.138 21H7.862a2 2 0 01-1.995-1.858L5 7m5 4v6m4-6v6m1-10V4a1 1 0 00-1-1h-4a1 1 0 00-1 1v3M4 7h16"
+														/>
+													</svg>
+													Usuń
+												</Button>
+											)}
 										</div>
 									</div>
 								</CardContent>
@@ -620,6 +699,124 @@ export default function ContractsMainPage() {
 					</p>{" "}
 				</div>
 			)}
+
+			{/* Delete Confirmation Modal */}
+			{showDeleteModal && contractToDelete && (
+				<div 
+					className="fixed inset-0 bg-black bg-opacity-50 flex items-center justify-center z-[9999]"
+					onClick={(e) => e.target === e.currentTarget && !deleting && cancelDelete()}
+				>
+					<div className="bg-white dark:bg-gray-800 rounded-lg p-6 w-full max-w-md mx-4">
+						<div className="flex items-center justify-between mb-4">
+							<div className="flex items-center">
+								<div className="flex-shrink-0 w-10 h-10 bg-red-100 rounded-full flex items-center justify-center">
+									<svg
+										className="w-6 h-6 text-red-600"
+										fill="none"
+										stroke="currentColor"
+										viewBox="0 0 24 24"
+									>
+										<path
+											strokeLinecap="round"
+											strokeLinejoin="round"
+											strokeWidth={2}
+											d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z"
+										/>
+									</svg>
+								</div>
+								<h3 className="ml-3 text-lg font-semibold text-gray-900 dark:text-white">
+									Potwierdź usunięcie
+								</h3>
+							</div>
+							{!deleting && (
+								<button
+									onClick={cancelDelete}
+									className="text-gray-400 hover:text-gray-600 dark:hover:text-gray-200"
+								>
+									<svg className="w-6 h-6" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+										<path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M6 18L18 6M6 6l12 12" />
+									</svg>
+								</button>
+							)}
+						</div>
+						
+						<div className="mb-6">
+							<p className="text-gray-700 dark:text-gray-300 mb-3">
+								Czy na pewno chcesz usunąć umowę <strong className="font-semibold">"{contractToDelete.contract_number}"</strong>
+								{contractToDelete.contract_name && (
+									<> — <strong className="font-semibold">{contractToDelete.contract_name}</strong></>
+								)}?
+							</p>
+							<p className="text-sm text-red-600 dark:text-red-400">
+								Ta operacja jest nieodwracalna.
+							</p>
+							{contractToDelete.customer && (
+								<p className="mt-2 text-sm text-gray-600 dark:text-gray-400">
+									Zleceniodawca: <strong>{contractToDelete.customer}</strong>
+								</p>
+							)}
+						</div>
+
+						<div className="flex gap-3 justify-end">
+							<Button
+								variant="outline"
+								onClick={cancelDelete}
+								disabled={deleting}
+							>
+								Anuluj
+							</Button>
+							<Button
+								variant="danger"
+								onClick={handleDelete}
+								disabled={deleting}
+							>
+								{deleting ? (
+									<>
+										<svg
+											className="animate-spin -ml-1 mr-2 h-4 w-4 text-white inline-block"
+											xmlns="http://www.w3.org/2000/svg"
+											fill="none"
+											viewBox="0 0 24 24"
+										>
+											<circle
+												className="opacity-25"
+												cx="12"
+												cy="12"
+												r="10"
+												stroke="currentColor"
+												strokeWidth="4"
+											/>
+											<path
+												className="opacity-75"
+												fill="currentColor"
+												d="M4 12a8 8 0 018-8V0C5.373 0 0 5.373 0 12h4zm2 5.291A7.962 7.962 0 014 12H0c0 3.042 1.135 5.824 3 7.938l3-2.647z"
+											/>
+										</svg>
+										Usuwanie...
+									</>
+								) : (
+									<>
+										<svg
+											className="w-4 h-4 mr-2 inline-block"
+											fill="none"
+											stroke="currentColor"
+											viewBox="0 0 24 24"
+										>
+											<path
+												strokeLinecap="round"
+												strokeLinejoin="round"
+												strokeWidth={2}
+												d="M19 7l-.867 12.142A2 2 0 0116.138 21H7.862a2 2 0 01-1.995-1.858L5 7m5 4v6m4-6v6m1-10V4a1 1 0 00-1-1h-4a1 1 0 00-1 1v3M4 7h16"
+											/>
+										</svg>
+										Usuń umowę
+									</>
+								)}
+							</Button>
+						</div>
+					</div>
+				</div>
+			)}
 		</PageContainer>
 	);
 }