61 lines
1.9 KiB
TypeScript
61 lines
1.9 KiB
TypeScript
/* eslint-disable @typescript-eslint/no-explicit-any */
|
|
import { NextRequest, NextResponse } from 'next/server'
|
|
import { createClient, createAdminClient } from '@/lib/supabase/server'
|
|
|
|
export async function DELETE(
|
|
_request: NextRequest,
|
|
{ params }: { params: Promise<{ id: string }> }
|
|
) {
|
|
try {
|
|
// Authentification via le client SSR (cookie)
|
|
const supabase = await createClient()
|
|
const { data: { user }, error: authError } = await supabase.auth.getUser()
|
|
if (authError || !user) {
|
|
return NextResponse.json({ error: 'Non autorisé' }, { status: 401 })
|
|
}
|
|
|
|
const { id } = await params
|
|
// Utiliser le client admin pour contourner le RLS (pas de policy DELETE sur sessions)
|
|
const db = createAdminClient() as any
|
|
|
|
// Vérifier manuellement que la session appartient au formateur connecté
|
|
const { data: session, error: fetchError } = await db
|
|
.from('sessions')
|
|
.select('id, is_active, trainer_id')
|
|
.eq('id', id)
|
|
.single()
|
|
|
|
if (fetchError || !session) {
|
|
return NextResponse.json({ error: 'Session introuvable' }, { status: 404 })
|
|
}
|
|
|
|
if (session.trainer_id !== user.id) {
|
|
return NextResponse.json({ error: 'Accès refusé' }, { status: 403 })
|
|
}
|
|
|
|
if (session.is_active) {
|
|
return NextResponse.json(
|
|
{ error: "Impossible de supprimer une session active. Terminez-la d'abord." },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
const { error: deleteError } = await db
|
|
.from('sessions')
|
|
.delete()
|
|
.eq('id', id)
|
|
|
|
if (deleteError) {
|
|
return NextResponse.json(
|
|
{ error: 'Erreur lors de la suppression', details: deleteError.message },
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
|
|
return NextResponse.json({ success: true })
|
|
} catch (error) {
|
|
console.error('[sessions/delete]', error)
|
|
return NextResponse.json({ error: 'Erreur serveur interne' }, { status: 500 })
|
|
}
|
|
}
|