Update Dockerfile and package.json to use Prisma migrations, add bcryptjs and next-auth dependencies, and enhance README instructions for database setup. Refactor Prisma schema to include password hashing for users and implement evaluation sharing functionality. Improve admin page with user management features and integrate session handling for authentication. Enhance evaluation detail page with sharing options and update API routes for access control based on user roles.

src/app/api/evaluations/[id]/share/route.ts

@@ -0,0 +1,111 @@
+import { NextRequest, NextResponse } from "next/server";
+import { auth } from "@/auth";
+import { prisma } from "@/lib/db";
+
+async function canAccessEvaluation(evaluationId: string, userId: string, isAdmin: boolean) {
+  if (isAdmin) return true;
+  const eval_ = await prisma.evaluation.findUnique({
+    where: { id: evaluationId },
+    select: { evaluatorId: true, sharedWith: { select: { userId: true } } },
+  });
+  if (!eval_) return false;
+  if (eval_.evaluatorId === userId) return true;
+  if (eval_.sharedWith.some((s) => s.userId === userId)) return true;
+  return false;
+}
+
+export async function GET(
+  _req: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) {
+  try {
+    const session = await auth();
+    if (!session?.user) {
+      return NextResponse.json({ error: "Non authentifié" }, { status: 401 });
+    }
+    const { id } = await params;
+
+    const hasAccess = await canAccessEvaluation(
+      id,
+      session.user.id,
+      session.user.role === "admin"
+    );
+    if (!hasAccess) {
+      return NextResponse.json({ error: "Accès refusé" }, { status: 403 });
+    }
+
+    const sharedWith = await prisma.evaluationShare.findMany({
+      where: { evaluationId: id },
+      include: { user: { select: { id: true, email: true, name: true } } },
+    });
+    return NextResponse.json(sharedWith);
+  } catch (e) {
+    console.error(e);
+    return NextResponse.json({ error: "Erreur" }, { status: 500 });
+  }
+}
+
+export async function POST(
+  req: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) {
+  try {
+    const session = await auth();
+    if (!session?.user) {
+      return NextResponse.json({ error: "Non authentifié" }, { status: 401 });
+    }
+    const { id } = await params;
+    const body = await req.json();
+    const { email, userId } = body;
+
+    if (!userId && !email) {
+      return NextResponse.json({ error: "userId ou email requis" }, { status: 400 });
+    }
+
+    let user;
+    if (userId && typeof userId === "string") {
+      user = await prisma.user.findUnique({ where: { id: userId } });
+    } else if (email && typeof email === "string") {
+      user = await prisma.user.findUnique({
+        where: { email: String(email).toLowerCase().trim() },
+      });
+    }
+    if (!user) {
+      return NextResponse.json({ error: "Utilisateur introuvable" }, { status: 404 });
+    }
+
+    const hasAccess = await canAccessEvaluation(
+      id,
+      session.user.id,
+      session.user.role === "admin"
+    );
+    if (!hasAccess) {
+      return NextResponse.json({ error: "Accès refusé" }, { status: 403 });
+    }
+
+    if (user.id === session.user.id) {
+      return NextResponse.json({ error: "Vous avez déjà accès" }, { status: 400 });
+    }
+
+    const evaluation = await prisma.evaluation.findUnique({
+      where: { id },
+      select: { evaluatorId: true },
+    });
+    if (evaluation?.evaluatorId === user.id) {
+      return NextResponse.json({ error: "L'évaluateur a déjà accès" }, { status: 400 });
+    }
+
+    await prisma.evaluationShare.upsert({
+      where: {
+        evaluationId_userId: { evaluationId: id, userId: user.id },
+      },
+      create: { evaluationId: id, userId: user.id },
+      update: {},
+    });
+
+    return NextResponse.json({ ok: true, user: { id: user.id, email: user.email, name: user.name } });
+  } catch (e) {
+    console.error(e);
+    return NextResponse.json({ error: "Erreur" }, { status: 500 });
+  }
+}