app/api/projects/[projectId]/members/[memberId]/route.ts


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

// app/api/projects/[projectId]/members/[memberId]/route.ts
import { NextRequest, NextResponse } from 'next/server';
import { getServerSession } from 'next-auth/next';
import { authOptions } from '@/app/api/auth/[...nextauth]/route'
import { ProjectService } from '@/lib/services/projectService';

// 멤버 역할 수정
export async function PATCH(
  request: NextRequest,
  { params }: { params: { projectId: string; memberId: string } }
) {
  try {
    const session = await getServerSession(authOptions);
    if (!session?.user) {
      return NextResponse.json({ error: '인증이 필요합니다' }, { status: 401 });
    }

    const { role } = await request.json();
    const projectService = new ProjectService();

    // Owner 또는 Admin만 가능
    const access = await projectService.checkProjectAccess(
      params.projectId,
      session.user.id,
      'admin'
    );

    if (!access.hasAccess && !access.isOwner) {
      return NextResponse.json(
        { error: '멤버 역할을 변경할 권한이 없습니다' },
        { status: 403 }
      );
    }

    // 멤버 역할 업데이트
    await projectService.updateMemberRole(
      params.projectId,
      params.memberId,
      role
    );

    return NextResponse.json({ success: true });
  } catch (error) {
    console.error('멤버 역할 변경 오류:', error);
    return NextResponse.json(
      { error: '역할 변경에 실패했습니다' },
      { status: 500 }
    );
  }
}

// 멤버 제거
export async function DELETE(
  request: NextRequest,
  { params }: { params: { projectId: string; memberId: string } }
) {
  try {
    const session = await getServerSession(authOptions);
    if (!session?.user) {
      return NextResponse.json({ error: '인증이 필요합니다' }, { status: 401 });
    }

    const projectService = new ProjectService();

    // Owner만 멤버 제거 가능
    const isOwner = await projectService.isProjectOwner(
      params.projectId,
      session.user.id
    );

    if (!isOwner) {
      return NextResponse.json(
        { error: '멤버를 제거할 권한이 없습니다' },
        { status: 403 }
      );
    }

    // 멤버 제거
    await projectService.removeMember(params.projectId, params.memberId);

    return NextResponse.json({ success: true });
  } catch (error) {
    console.error('멤버 제거 오류:', error);
    return NextResponse.json(
      { error: '멤버 제거에 실패했습니다' },
      { status: 500 }
    );
  }
}