julienfroidefond/iag-dev-evaluator
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Dockerfile and package.json to use Prisma migrations, add bcryptjs and next-auth dependencies, and enhance README instructions for database setup. Refactor Prisma schema to include password hashing for users and implement evaluation sharing functionality. Improve admin page with user management features and integrate session handling for authentication. Enhance evaluation detail page with sharing options and update API routes for access control based on user roles.
All checks were successful
Deploy with Docker Compose / deploy (push) Successful in 3m4s
Details

Browse Source
This commit is contained in:
Julien Froidefond
2026-02-20 12:58:47 +01:00
parent 9a734dc1ed
commit f5cbc578b7
30 changed files with 1284 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
src/app/api/evaluations/[id]/share/[userId]/route.ts Normal file
View File

@@ -0,0 +1,46 @@
import { NextRequest, NextResponse } from "next/server";
import { auth } from "@/auth";
import { prisma } from "@/lib/db";
async function canAccessEvaluation(evaluationId: string, userId: string, isAdmin: boolean) {
if (isAdmin) return true;
const eval_ = await prisma.evaluation.findUnique({
where: { id: evaluationId },
select: { evaluatorId: true, sharedWith: { select: { userId: true } } },
});
if (!eval_) return false;
if (eval_.evaluatorId === userId) return true;
if (eval_.sharedWith.some((s) => s.userId === userId)) return true;
return false;
}
export async function DELETE(
_req: NextRequest,
{ params }: { params: Promise<{ id: string; userId: string }> }
) {
try {
const session = await auth();
if (!session?.user) {
return NextResponse.json({ error: "Non authentifié" }, { status: 401 });
}
const { id, userId } = await params;
const hasAccess = await canAccessEvaluation(
id,
session.user.id,
session.user.role === "admin"
);
if (!hasAccess) {
return NextResponse.json({ error: "Accès refusé" }, { status: 403 });
}
await prisma.evaluationShare.deleteMany({
where: { evaluationId: id, userId },
});
return NextResponse.json({ ok: true });
} catch (e) {
console.error(e);
return NextResponse.json({ error: "Erreur" }, { status: 500 });
}
}