familienarchiv/frontend/src/routes/admin/+page.server.ts

import { error, fail } from '@sveltejs/kit';
import { createApiClient } from '$lib/api.server';
import { getErrorMessage } from '$lib/errors';

type ApiResult = { response: Response; error?: unknown };

function toActionResult(result: ApiResult) {
	if (!result.response.ok) {
		const code = (result.error as { code?: string } | undefined)?.code;
		return fail(result.response.status, { success: false, message: getErrorMessage(code) });
	}
	return { success: true };
}

export async function load({ fetch, locals }) {
	const user = locals.user;
	const hasAdmin = user?.groups?.some((g: { permissions: string[] }) =>
		g.permissions.includes('ADMIN')
	);
	if (!hasAdmin) throw error(403, getErrorMessage('FORBIDDEN'));

	const api = createApiClient(fetch);

	const [usersResult, groupsResult, tagsResult] = await Promise.all([
		api.GET('/api/users'),
		api.GET('/api/groups'),
		api.GET('/api/tags')
	]);

	return {
		users: usersResult.data ?? [],
		groups: groupsResult.data ?? [],
		tags: tagsResult.data ?? []
	};
}

export const actions = {
	deleteUser: async ({ request, fetch }) => {
		const data = await request.formData();
		const id = data.get('id') as string;
		const api = createApiClient(fetch);

		const result = await api.DELETE('/api/users/{id}', {
			params: { path: { id } }
		});

		return toActionResult(result);
	},

	updateTag: async ({ request, fetch }) => {
		const data = await request.formData();
		const id = data.get('id') as string;
		const api = createApiClient(fetch);

		const result = await api.PUT('/api/tags/{id}', {
			params: { path: { id } },
			body: { name: data.get('name') as string }
		});

		return toActionResult(result);
	},

	deleteTag: async ({ request, fetch }) => {
		const data = await request.formData();
		const id = data.get('id') as string;
		const api = createApiClient(fetch);

		const result = await api.DELETE('/api/tags/{id}', {
			params: { path: { id } }
		});

		return toActionResult(result);
	},

	createGroup: async ({ request, fetch }) => {
		const data = await request.formData();
		const api = createApiClient(fetch);

		const result = await api.POST('/api/groups', {
			body: {
				name: data.get('name') as string,
				permissions: data.getAll('permissions') as string[]
			}
		});

		return toActionResult(result);
	},

	updateGroup: async ({ request, fetch }) => {
		const data = await request.formData();
		const id = data.get('id') as string;
		const api = createApiClient(fetch);

		const result = await api.PATCH('/api/groups/{id}', {
			params: { path: { id } },
			body: {
				name: data.get('name') as string,
				permissions: data.getAll('permissions') as string[]
			}
		});

		return toActionResult(result);
	},

	deleteGroup: async ({ request, fetch }) => {
		const data = await request.formData();
		const id = data.get('id') as string;
		const api = createApiClient(fetch);

		const result = await api.DELETE('/api/groups/{id}', {
			params: { path: { id } }
		});

		return toActionResult(result);
	}
};