mirror of
https://github.com/Drop-OSS/drop.git
synced 2025-11-14 08:41:15 +10:00
37 lines
1.0 KiB
TypeScript
37 lines
1.0 KiB
TypeScript
import aclManager from "~/server/internal/acls";
|
|
import userLibraryManager from "~/server/internal/userlibrary";
|
|
|
|
export default defineEventHandler(async (h3) => {
|
|
const userId = await aclManager.getUserIdACL(h3, ["collections:delete"]);
|
|
if (!userId)
|
|
throw createError({
|
|
statusCode: 403,
|
|
statusMessage: "Requires authentication",
|
|
});
|
|
|
|
const id = getRouterParam(h3, "id");
|
|
if (!id)
|
|
throw createError({
|
|
statusCode: 400,
|
|
statusMessage: "ID required in route params",
|
|
});
|
|
|
|
// Verify collection exists and user owns it
|
|
// Will not return the default collection
|
|
const collection = await userLibraryManager.fetchCollection(id);
|
|
if (!collection)
|
|
throw createError({
|
|
statusCode: 404,
|
|
statusMessage: "Collection not found",
|
|
});
|
|
|
|
if (collection.userId !== userId)
|
|
throw createError({
|
|
statusCode: 403,
|
|
statusMessage: "Not authorized to delete this collection",
|
|
});
|
|
|
|
await userLibraryManager.deleteCollection(id);
|
|
return { success: true };
|
|
});
|