2025-06-23 00:17:22 +02:00
|
|
|
import { readUsers, type ServerUser } from "~/server/database"
|
2025-06-24 15:19:11 +02:00
|
|
|
import type { ApiTombstone, ApiUser } from "~/shared/types/api";
|
2025-06-23 00:17:22 +02:00
|
|
|
|
2025-06-24 15:19:11 +02:00
|
|
|
function serverUserToApi(user: ServerUser): ApiUser | ApiTombstone {
|
2025-06-23 00:17:22 +02:00
|
|
|
if (user.deleted) {
|
|
|
|
|
return {
|
|
|
|
|
id: user.id,
|
|
|
|
|
updatedAt: user.updatedAt,
|
|
|
|
|
deleted: true,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return {
|
|
|
|
|
id: user.id,
|
|
|
|
|
updatedAt: user.updatedAt,
|
|
|
|
|
type: user.type,
|
|
|
|
|
name: user.name,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
|
|
|
const session = await requireServerSession(event);
|
|
|
|
|
const users = await readUsers();
|
|
|
|
|
|
|
|
|
|
if (session.account.type === "admin") {
|
|
|
|
|
return users.map(serverUserToApi);
|
|
|
|
|
}
|
|
|
|
|
if (session.account.type === "crew") {
|
|
|
|
|
return users.filter(u => u.type === "crew" || u.type === "admin").map(serverUserToApi);
|
|
|
|
|
}
|
|
|
|
|
throw createError({
|
|
|
|
|
status: 403,
|
|
|
|
|
statusText: "Forbidden",
|
|
|
|
|
message: "You do not have permission to list users",
|
|
|
|
|
});
|
|
|
|
|
})
|
