51 lines
1.4 KiB
JavaScript
51 lines
1.4 KiB
JavaScript
import Update from "../../models/update.js";
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
const id = getRouterParam(event, "id");
|
|
let memberId = null
|
|
try {
|
|
const member = await requireAuth(event)
|
|
memberId = member._id.toString()
|
|
} catch {
|
|
// Not authenticated — continue with public-only access
|
|
}
|
|
|
|
try {
|
|
const update = await Update.findById(id).populate("author", "name avatar");
|
|
|
|
if (!update) {
|
|
throw createError({
|
|
statusCode: 404,
|
|
statusMessage: "Update not found",
|
|
});
|
|
}
|
|
|
|
// Check privacy permissions
|
|
if (update.privacy === "private") {
|
|
// Only author can view private updates
|
|
if (!memberId || update.author._id.toString() !== memberId) {
|
|
throw createError({
|
|
statusCode: 403,
|
|
statusMessage: "You don't have permission to view this update",
|
|
});
|
|
}
|
|
} else if (update.privacy === "members") {
|
|
// Must be authenticated to view members-only updates
|
|
if (!memberId) {
|
|
throw createError({
|
|
statusCode: 403,
|
|
statusMessage: "You must be a member to view this update",
|
|
});
|
|
}
|
|
}
|
|
|
|
return update;
|
|
} catch (error) {
|
|
if (error.statusCode) throw error;
|
|
console.error("Get update error:", error);
|
|
throw createError({
|
|
statusCode: 500,
|
|
statusMessage: "Failed to fetch update",
|
|
});
|
|
}
|
|
});
|