2025-06-30 18:58:24 +02:00
|
|
|
/*
|
|
|
|
|
SPDX-FileCopyrightText: © 2025 Hornwitser <code@hornwitser.no>
|
|
|
|
|
SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
|
*/
|
2025-06-24 15:31:47 +02:00
|
|
|
import { readUsers } from "~/server/database"
|
2025-06-23 00:17:22 +02:00
|
|
|
|
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
|
|
|
const session = await requireServerSession(event);
|
|
|
|
|
const users = await readUsers();
|
|
|
|
|
|
|
|
|
|
if (session.account.type === "admin") {
|
|
|
|
|
return users.map(serverUserToApi);
|
|
|
|
|
}
|
|
|
|
|
if (session.account.type === "crew") {
|
|
|
|
|
return users.filter(u => u.type === "crew" || u.type === "admin").map(serverUserToApi);
|
|
|
|
|
}
|
|
|
|
|
throw createError({
|
|
|
|
|
status: 403,
|
|
|
|
|
statusText: "Forbidden",
|
|
|
|
|
message: "You do not have permission to list users",
|
|
|
|
|
});
|
|
|
|
|
})
|
