Files
route-commerce/src/actions/products.ts
T

77 lines
2.1 KiB
TypeScript

"use server";
import { getAdminUser } from "@/lib/admin-permissions";
import { svcHeaders } from "@/lib/svc-headers";
export async function deleteProduct(
productId: string,
brandId: string | null
): Promise<{ success: boolean; error?: string }> {
const adminUser = await getAdminUser();
if (!adminUser) {
return { success: false, error: "Not authenticated" };
}
if (!adminUser.can_manage_products) {
return { success: false, error: "Not authorized to manage products" };
}
const effectiveBrandId = brandId ?? adminUser.brand_id ?? null;
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
const response = await fetch(
`${supabaseUrl}/rest/v1/rpc/delete_product`,
{
method: "POST",
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
body: JSON.stringify({
p_product_id: productId,
p_brand_id: effectiveBrandId,
}),
}
);
if (!response.ok) {
const err = await response.json().catch(() => ({ message: "Request failed" }));
return { success: false, error: err.message ?? "Delete failed" };
}
const result = await response.json();
if (!result.success) {
return { success: false, error: result.error ?? "Delete failed" };
}
logAuditEvent({
table_name: "products",
record_id: productId,
action: "DELETE",
old_data: { deleted_at: null },
new_data: { deleted_at: new Date().toISOString() },
brand_id: effectiveBrandId,
});
return { success: true };
}
async function logAuditEvent(event: {
table_name: string;
record_id: string;
action: string;
old_data: Record<string, unknown>;
new_data: Record<string, unknown>;
brand_id: string | null;
}) {
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
await fetch(
`${supabaseUrl}/rest/v1/rpc.log_audit_event`,
{
method: "POST",
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
body: JSON.stringify(event),
}
);
}