34 lines
1.1 KiB
JavaScript
34 lines
1.1 KiB
JavaScript
import { getUserFromToken, hasAnyRole } from '../../../../utils/auth.js'
|
|
import { readContactRequests, updateContactRequestStatus } from '../../../../utils/contact-requests.js'
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
const token = getCookie(event, 'auth_token')
|
|
const currentUser = token ? await getUserFromToken(token) : null
|
|
|
|
if (!currentUser || !hasAnyRole(currentUser, 'admin', 'vorstand', 'trainer')) {
|
|
throw createError({
|
|
statusCode: 403,
|
|
statusMessage: 'Zugriff verweigert'
|
|
})
|
|
}
|
|
|
|
const requestId = getRouterParam(event, 'id')
|
|
if (!requestId) {
|
|
throw createError({ statusCode: 400, statusMessage: 'Anfrage-ID fehlt' })
|
|
}
|
|
|
|
const all = await readContactRequests()
|
|
const target = all.find((r) => r.id === requestId)
|
|
if (!target) {
|
|
throw createError({ statusCode: 404, statusMessage: 'Anfrage nicht gefunden' })
|
|
}
|
|
|
|
const newStatus = target.status === 'beantwortet' ? 'offen' : 'beantwortet'
|
|
const updated = await updateContactRequestStatus(requestId, newStatus)
|
|
|
|
return {
|
|
success: true,
|
|
request: updated
|
|
}
|
|
})
|