app/api/data-room/[projectId]/permissions/route.ts


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74

// app/api/files/[projectId]/permissions/route.ts
import { NextRequest, NextResponse } from 'next/server';
import { getServerSession } from 'next-auth/next';
import { authOptions } from '@/app/api/auth/[...nextauth]/route'
import { FileService, type FileAccessContext } from '@/lib/services/fileService';
import { z } from 'zod';

const grantPermissionSchema = z.object({
  fileId: z.string().uuid(),
  targetUserId: z.number().optional().nullable(),
  targetDomain: z.string().optional().nullable(),
  permissions: z.object({
    canView: z.boolean().optional(),
    canDownload: z.boolean().optional(),
    canEdit: z.boolean().optional(),
    canDelete: z.boolean().optional(),
    canShare: z.boolean().optional(),
  }),
});

// 권한 부여
export async function POST(
  request: NextRequest,
  { params }: { params: { projectId: string } }
) {
  try {
    const session = await getServerSession(authOptions);
    if (!session?.user) {
      return NextResponse.json({ error: '인증이 필요합니다' }, { status: 401 });
    }

    const body = await request.json();
    const validatedData = grantPermissionSchema.parse(body);

    const context: FileAccessContext = {
      userId: session.user.id,
      userDomain: session.user.domain || 'partners',
      userEmail: session.user.email,
      ipAddress: request.ip || request.headers.get('x-forwarded-for') || undefined,
      userAgent: request.headers.get('user-agent') || undefined,
    };

    const fileService = new FileService();
    await fileService.grantPermission(
      validatedData.fileId,
      validatedData.targetUserId,
      validatedData.targetDomain,
      validatedData.permissions,
      context
    );

    return NextResponse.json({ success: true });
  } catch (error) {
    if (error instanceof z.ZodError) {
      return NextResponse.json(
        { error: '잘못된 요청 데이터', details: error.errors },
        { status: 400 }
      );
    }

    if (error instanceof Error && error.message.includes('권한')) {
      return NextResponse.json(
        { error: error.message },
        { status: 403 }
      );
    }

    console.error('권한 부여 오류:', error);
    return NextResponse.json(
      { error: '권한 부여에 실패했습니다' },
      { status: 500 }
    );
  }
}