andrei/biblical-guide.com
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4303e48fac7396237cef6da3ab456a6355bcf152
biblical-guide.com/app/api/admin/users/[id]/route.ts
Andrei 4303e48fac Fix Next.js 15 compatibility and TypeScript errors 
- Update API route handlers to use async params for Next.js 15 compatibility
- Fix MUI DataGrid deprecated props (pageSize -> initialState.pagination)
- Replace Material-UI Grid components with Box for better compatibility
- Fix admin authentication system with proper request parameters
- Update permission constants to match available AdminPermission enum values
- Add missing properties to Page interface for type safety
- Update .gitignore to exclude venv/, import logs, and large data directories
- Optimize Next.js config to reduce memory usage during builds

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-24 09:54:13 +00:00

214 lines
4.9 KiB
TypeScript
Raw Blame History

import { NextResponse } from 'next/server';
import { prisma } from '@/lib/db';
import { getCurrentAdmin, AdminPermission, hasPermission } from '@/lib/admin-auth';
export const runtime = 'nodejs';
export async function GET(
request: Request,
{ params }: { params: Promise<{ id: string }> }
) {
try {
const admin = await getCurrentAdmin(request as any);
if (!admin || !hasPermission(admin, AdminPermission.READ_USERS)) {
return NextResponse.json(
{ error: 'Unauthorized' },
{ status: 401 }
);
}
const { id } = await params;
const user = await prisma.user.findUnique({
where: { id },
include: {
chatConversations: {
select: {
id: true,
title: true,
createdAt: true,
_count: {
select: { messages: true }
}
},
orderBy: { createdAt: 'desc' },
take: 10
},
prayerRequests: {
select: {
id: true,
title: true,
category: true,
createdAt: true,
prayerCount: true
},
orderBy: { createdAt: 'desc' },
take: 10
},
bookmarks: {
select: {
id: true,
createdAt: true,
verse: {
select: {
verseNum: true,
chapter: {
select: {
chapterNum: true,
book: {
select: {
name: true
}
}
}
}
}
}
},
take: 10
},
_count: {
select: {
chatConversations: true,
prayerRequests: true,
bookmarks: true,
notes: true
}
}
}
});
if (!user) {
return NextResponse.json(
{ error: 'User not found' },
{ status: 404 }
);
}
return NextResponse.json({ user });
} catch (error) {
console.error('Admin user detail error:', error);
return NextResponse.json(
{ error: 'Server error' },
{ status: 500 }
);
}
}
export async function PUT(
request: Request,
{ params }: { params: Promise<{ id: string }> }
) {
try {
const admin = await getCurrentAdmin(request as any);
if (!admin || !hasPermission(admin, AdminPermission.WRITE_USERS)) {
return NextResponse.json(
{ error: 'Unauthorized' },
{ status: 401 }
);
}
const { id } = await params;
const body = await request.json();
const { action, reason } = body;
let updateData: any = {};
switch (action) {
case 'suspend':
updateData = { role: 'suspended' };
break;
case 'activate':
updateData = { role: 'user' };
break;
case 'make_admin':
updateData = { role: 'admin' };
break;
case 'make_moderator':
updateData = { role: 'moderator' };
break;
default:
return NextResponse.json(
{ error: 'Invalid action' },
{ status: 400 }
);
}
const user = await prisma.user.update({
where: { id },
data: updateData,
select: {
id: true,
email: true,
name: true,
role: true
}
});
// TODO: Add audit log entry here in the future
console.log(`Admin ${admin.email} performed action '${action}' on user ${user.email}${reason ? ` with reason: ${reason}` : ''}`);
return NextResponse.json({ user });
} catch (error) {
console.error('Admin user update error:', error);
return NextResponse.json(
{ error: 'Server error' },
{ status: 500 }
);
}
}
export async function DELETE(
request: Request,
{ params }: { params: Promise<{ id: string }> }
) {
try {
const admin = await getCurrentAdmin(request as any);
if (!admin || !hasPermission(admin, AdminPermission.DELETE_USERS)) {
return NextResponse.json(
{ error: 'Unauthorized' },
{ status: 401 }
);
}
const { id } = await params;
// Prevent admin from deleting themselves
if (id === admin.id) {
return NextResponse.json(
{ error: 'Cannot delete your own account' },
{ status: 400 }
);
}
const user = await prisma.user.findUnique({
where: { id },
select: { email: true, role: true }
});
if (!user) {
return NextResponse.json(
{ error: 'User not found' },
{ status: 404 }
);
}
// Delete user and all related data (CASCADE)
await prisma.user.delete({
where: { id }
});
console.log(`Admin ${admin.email} deleted user ${user.email}`);
return NextResponse.json({ success: true });
} catch (error) {
console.error('Admin user delete error:', error);
return NextResponse.json(
{ error: 'Server error' },
{ status: 500 }
);
}
}
Reference in New Issue View Git Blame Copy Permalink