Admin/panel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
249b1e21c3e0d980089b2d3d589aef1295a1b6d2
panel/src/app/api/notes/[id]/route.js
RKWojs 0dd988730f feat: Implement internationalization for task management components 
- Added translation support for task-related strings in ProjectTaskForm and ProjectTasksSection components.
- Integrated translation for navigation items in the Navigation component.
- Created ProjectCalendarWidget component with Polish translations for project statuses and deadlines.
- Developed Tooltip component for enhanced user experience with tooltips.
- Established a field change history logging system in the database with associated queries.
- Enhanced task update logging to include translated status and priority changes.
- Introduced server-side translations for system messages to improve localization.
2025-09-11 15:49:07 +02:00

73 lines
1.9 KiB
JavaScript
Raw Blame History

// Force this API route to use Node.js runtime for database access
export const runtime = "nodejs";
import db from "@/lib/db";
import { NextResponse } from "next/server";
import { withUserAuth } from "@/lib/middleware/auth";
import {
logApiActionSafe,
AUDIT_ACTIONS,
RESOURCE_TYPES,
} from "@/lib/auditLogSafe.js";
import initializeDatabase from "@/lib/init-db";
// Make sure the DB is initialized before queries run
initializeDatabase();
async function deleteNoteHandler(req, { params }) {
const { id } = await params;
if (!id) {
return NextResponse.json({ error: "Note ID is required" }, { status: 400 });
}
try {
// Get note data before deletion for audit log
const note = db.prepare("SELECT * FROM notes WHERE note_id = ?").get(id);
if (!note) {
return NextResponse.json({ error: "Note not found" }, { status: 404 });
}
// Check if user has permission to delete this note
// Users can delete their own notes, or admins can delete any note
const userRole = req.user?.role;
const userId = req.user?.id;
if (userRole !== 'admin' && note.created_by !== userId) {
return NextResponse.json({ error: "Unauthorized to delete this note" }, { status: 403 });
}
// Delete the note
db.prepare("DELETE FROM notes WHERE note_id = ?").run(id);
// Log note deletion
await logApiActionSafe(
req,
AUDIT_ACTIONS.NOTE_DELETE,
RESOURCE_TYPES.NOTE,
id,
req.auth,
{
deletedNote: {
project_id: note?.project_id,
task_id: note?.task_id,
note_length: note?.note?.length || 0,
created_by: note?.created_by,
},
}
);
return NextResponse.json({ success: true });
} catch (error) {
console.error("Error deleting note:", error);
return NextResponse.json(
{ error: "Failed to delete note", details: error.message },
{ status: 500 }
);
}
}
// Protected route - require user authentication
export const DELETE = withUserAuth(deleteNoteHandler);
Reference in New Issue View Git Blame Copy Permalink