Profile page UI and functionality implemented

2026-04-25 17:57:58 -06:00
parent 7dd2562bae
commit 68517796a9
103 changed files with 4439 additions and 1476 deletions
@@ -0,0 +1,58 @@
+import { NextResponse } from "next/server";
+import { prisma } from "../../../../../lib/server/db";
+import { isDatabaseConfigured } from "../../../../../lib/server/env";
+import {
+  dbUnavailable,
+  forbidden,
+  notFound,
+  unauthorized,
+} from "../../../../../lib/server/responses";
+import { getSessionUser } from "../../../../../lib/server/session";
+import { apiRoute } from "../../../../../lib/server/apiRoute";
+
+type RouteContext = { params: Promise<{ id: string }> };
+
+export const POST = apiRoute<RouteContext>(
+  "rules.byId.duplicate",
+  async (_request, context) => {
+    if (!isDatabaseConfigured()) {
+      return dbUnavailable();
+    }
+
+    const user = await getSessionUser();
+    if (!user) {
+      return unauthorized();
+    }
+
+    const { id } = await context.params;
+
+    const source = await prisma.publishedRule.findUnique({
+      where: { id },
+    });
+    if (!source) {
+      return notFound();
+    }
+    if (source.userId !== user.id) {
+      return forbidden("You do not have permission to duplicate this rule");
+    }
+
+    const newRule = await prisma.publishedRule.create({
+      data: {
+        userId: user.id,
+        title: `${source.title} (Copy)`,
+        summary: source.summary,
+        document: source.document,
+      },
+    });
+
+    return NextResponse.json({
+      rule: {
+        id: newRule.id,
+        title: newRule.title,
+        summary: newRule.summary,
+        createdAt: newRule.createdAt,
+        updatedAt: newRule.updatedAt,
+      },
+    });
+  },
+);
@@ -1,7 +1,14 @@
 import { NextResponse } from "next/server";
+import { prisma } from "../../../../lib/server/db";
 import { isDatabaseConfigured } from "../../../../lib/server/env";
-import { dbUnavailable, notFound } from "../../../../lib/server/responses";
+import {
+  dbUnavailable,
+  forbidden,
+  notFound,
+  unauthorized,
+} from "../../../../lib/server/responses";
 import { getPublicPublishedRuleById } from "../../../../lib/server/publishedRules";
+import { getSessionUser } from "../../../../lib/server/session";
 import { apiRoute } from "../../../../lib/server/apiRoute";

 type RouteContext = { params: Promise<{ id: string }> };
@@ -20,6 +27,47 @@ export const GET = apiRoute<RouteContext>(
      return notFound();
    }

-    return NextResponse.json({ rule });
+    const user = await getSessionUser();
+    let viewerIsOwner = false;
+    if (user) {
+      const ownerRow = await prisma.publishedRule.findUnique({
+        where: { id },
+        select: { userId: true },
+      });
+      viewerIsOwner = ownerRow?.userId === user.id;
+    }
+
+    return NextResponse.json({ rule, viewerIsOwner });
+  },
+);
+
+export const DELETE = apiRoute<RouteContext>(
+  "rules.byId.delete",
+  async (_request, context) => {
+    if (!isDatabaseConfigured()) {
+      return dbUnavailable();
+    }
+
+    const user = await getSessionUser();
+    if (!user) {
+      return unauthorized();
+    }
+
+    const { id } = await context.params;
+
+    const row = await prisma.publishedRule.findUnique({
+      where: { id },
+      select: { id: true, userId: true },
+    });
+    if (!row) {
+      return notFound();
+    }
+    if (row.userId !== user.id) {
+      return forbidden("You do not have permission to delete this rule");
+    }
+
+    await prisma.publishedRule.delete({ where: { id: row.id } });
+
+    return NextResponse.json({ ok: true });
  },
 );
@@ -0,0 +1,31 @@
+import { NextRequest, NextResponse } from "next/server";
+import { isDatabaseConfigured } from "../../../../lib/server/env";
+import { listPublishedRulesForUser } from "../../../../lib/server/publishedRules";
+import {
+  dbUnavailable,
+  internalError,
+  unauthorized,
+} from "../../../../lib/server/responses";
+import { getSessionUser } from "../../../../lib/server/session";
+import { apiRoute } from "../../../../lib/server/apiRoute";
+
+export const GET = apiRoute("rules.me.list", async (request: NextRequest) => {
+  if (!isDatabaseConfigured()) {
+    return dbUnavailable();
+  }
+
+  const user = await getSessionUser();
+  if (!user) {
+    return unauthorized();
+  }
+
+  const { searchParams } = new URL(request.url);
+  const take = Math.min(Number(searchParams.get("limit") ?? "50") || 50, 100);
+
+  const rules = await listPublishedRulesForUser(user.id, take);
+  if (rules === null) {
+    return internalError("Failed to list rules");
+  }
+
+  return NextResponse.json({ rules });
+});
@@ -0,0 +1,43 @@
+import { NextResponse } from "next/server";
+import { prisma } from "../../../../lib/server/db";
+import { isDatabaseConfigured } from "../../../../lib/server/env";
+import {
+  dbUnavailable,
+  internalError,
+  unauthorized,
+} from "../../../../lib/server/responses";
+import {
+  clearSessionCookie,
+  getSessionUser,
+} from "../../../../lib/server/session";
+import { apiRoute } from "../../../../lib/server/apiRoute";
+
+/**
+ * Delete the signed-in user and associated data.
+ *
+ * **Policy (CR-86 / Ticket 15):** Prisma `User` deletion cascades `Session` and
+ * `RuleDraft`. `PublishedRule` uses `onDelete: SetNull` on `userId`, so published
+ * rules remain public with `userId = null` (anonymous/orphan rows) rather than
+ * being removed with the account. Change would require a schema migration if
+ * product later requires deleting all published rules with the user.
+ */
+export const DELETE = apiRoute("user.me.delete", async () => {
+  if (!isDatabaseConfigured()) {
+    return dbUnavailable();
+  }
+
+  const user = await getSessionUser();
+  if (!user) {
+    return unauthorized();
+  }
+
+  try {
+    await prisma.user.delete({ where: { id: user.id } });
+  } catch {
+    return internalError("Failed to delete account");
+  }
+
+  await clearSessionCookie();
+
+  return NextResponse.json({ ok: true });
+});