russ_react/server/routes/articles/controllers/crud.ts

import { Request, Response } from 'express';
import { prisma } from '../../../../src/lib/prisma';
import { AuthRequest } from '../../../middleware/auth';
import { checkPermission } from '../../../utils/permissions.js';

export async function getArticle(req: Request, res: Response) {
  try {
    const article = await prisma.article.findUnique({
      where: { id: req.params.id },
      include: {
        author: {
          select: {
            id: true,
            displayName: true,
            email: true
          }
        }
      }
    });

    if (!article) {
      return res.status(404).json({ error: 'Article not found' });
    }

    res.json(article);
  } catch {
    res.status(500).json({ error: 'Server error' });
  }
}

export async function createArticle(req: AuthRequest, res: Response) {
  try {
    const { title, excerpt, content, category, city, coverImage, readTime } = req.body;

    if (!req.user || !checkPermission(req.user, category, 'create')) {
      return res.status(403).json({ error: 'Permission denied' });
    }

    const article = await prisma.article.create({
      data: {
        title,
        excerpt,
        content,
        category,
        city,
        coverImage,
        readTime,
        authorId: req.user.id
      },
      include: {
        author: {
          select: {
            id: true,
            displayName: true,
            email: true
          }
        }
      }
    });

    res.status(201).json(article);
  } catch {
    res.status(500).json({ error: 'Server error' });
  }
}

export async function updateArticle(req: AuthRequest, res: Response) {
  try {
    const article = await prisma.article.findUnique({
      where: { id: req.params.id }
    });

    if (!article) {
      return res.status(404).json({ error: 'Article not found' });
    }

    if (!req.user || !checkPermission(req.user, article.category, 'edit')) {
      return res.status(403).json({ error: 'Permission denied' });
    }

    const updatedArticle = await prisma.article.update({
      where: { id: req.params.id },
      data: req.body,
      include: {
        author: {
          select: {
            id: true,
            displayName: true,
            email: true
          }
        }
      }
    });

    res.json(updatedArticle);
  } catch {
    res.status(500).json({ error: 'Server error' });
  }
}

export async function deleteArticle(req: AuthRequest, res: Response) {
  try {
    const article = await prisma.article.findUnique({
      where: { id: req.params.id }
    });

    if (!article) {
      return res.status(404).json({ error: 'Article not found' });
    }

    if (!req.user || !checkPermission(req.user, article.category, 'delete')) {
      return res.status(403).json({ error: 'Permission denied' });
    }

    await prisma.article.delete({
      where: { id: req.params.id }
    });

    res.json({ message: 'Article deleted successfully' });
  } catch {
    res.status(500).json({ error: 'Server error' });
  }
}