import { Request, Response } from 'express'; import { prisma } from '../../../lib/prisma'; import { AuthRequest } from '../../../middleware/auth'; import { checkPermission } from '../../../utils/permissions'; import { logger } from '../../../config/logger'; export async function getArticle(req: Request, res: Response) : Promise { try { const article = await prisma.article.findUnique({ where: { id: req.params.id }, include: { category: true, author: { select: { id: true, displayName: true, email: true } } } }); if (!article) { logger.warn(`Article not found: ${req.params.id}`); res.status(404).json({ error: 'Article not found' }); return } res.json(article); } catch (error) { logger.error('Error fetching article:', error); res.status(500).json({ error: 'Server error' }); } } export async function createArticle(req: AuthRequest, res: Response) : Promise { try { const { title, excerpt, content, categoryId, city, coverImage, readTime } = req.body; if (!req.user) { logger.warn('Unauthorized article creation attempt'); res.status(401).json({ error: 'Not authenticated' }); return } const category = await prisma.category.findUnique({ where: { id: categoryId } }); if (!category) { logger.warn(`Invalid category ID: ${categoryId}`); res.status(400).json({ error: 'Invalid category' }); return } if (!checkPermission(req.user, categoryId, 'create')) { logger.warn(`Permission denied for user ${req.user.id} to create article in category ${category.name}`); res.status(403).json({ error: 'Permission denied' }); return } const article = await prisma.article.create({ data: { title, excerpt, content, categoryId, city, coverImage, readTime, authorId: req.user.id }, include: { category: true, author: { select: { id: true, displayName: true, email: true } } } }); logger.info(`Article created: ${article.id} by user ${req.user.id}`); res.status(201).json(article); } catch (error) { logger.error('Error creating article:', error); res.status(500).json({ error: 'Server error' }); } } export async function updateArticle(req: AuthRequest, res: Response) : Promise { try { const { title, excerpt, content, category, city, coverImage, readTime } = req.body; if (!req.user) { res.status(401).json({ error: 'Пользователь не вошел в систему' }); return } const article = await prisma.article.findUnique({ where: { id: req.params.id }, include: { category: true } }); if (!article) { res.status(404).json({ error: 'Статья не найдена' }); return } if (!checkPermission(req.user, category, 'edit')) { res.status(403).json({ error: 'Нет прав на выполнение этой операции' }); return } const updatedArticle = await prisma.article.update({ where: { id: req.params.id }, data: { title, excerpt, content, categoryId: parseInt(category), city, coverImage, readTime }, include: { category: true, author: { select: { id: true, displayName: true, email: true } } } }); res.json(updatedArticle); } catch (error) { logger.error('Error updating article:', error); res.status(500).json({ error: 'Server error' }); } } export async function deleteArticle(req: AuthRequest, res: Response) : Promise { try { if (!req.user) { res.status(401).json({ error: 'Not authenticated' }); return } const article = await prisma.article.findUnique({ where: { id: req.params.id }, include: { category: true } }); if (!article) { res.status(404).json({ error: 'Article not found' }); return } // if (!checkPermission(req.user, article.category, 'delete')) { // res.status(403).json({ error: 'Permission denied' }); // return // } await prisma.article.delete({ where: { id: req.params.id } }); res.json({ message: 'Article deleted successfully' }); } catch (error) { logger.error('Error deleting article:', error); res.status(500).json({ error: 'Server error' }); } }