Add admin page that can edit users
Add admin page that's only accessible to admins with a listing of users and the ability to edit the access types of those users.
This commit is contained in:
parent
3be7f8be05
commit
87525a6ef5
5 changed files with 170 additions and 0 deletions
79
server/api/admin/user.patch.ts
Normal file
79
server/api/admin/user.patch.ts
Normal file
|
|
@ -0,0 +1,79 @@
|
|||
import { readUsers, ServerUser, writeUsers } from "~/server/database";
|
||||
import { ApiUser, apiUserPatchSchema } from "~/shared/types/api";
|
||||
import { z } from "zod/v4-mini";
|
||||
import { broadcastEvent } from "~/server/streams";
|
||||
|
||||
function serverUserToApi(user: ServerUser): ApiUser {
|
||||
if (user.deleted) {
|
||||
return {
|
||||
id: user.id,
|
||||
updatedAt: user.updatedAt,
|
||||
deleted: true,
|
||||
}
|
||||
}
|
||||
return {
|
||||
id: user.id,
|
||||
updatedAt: user.updatedAt,
|
||||
type: user.type,
|
||||
name: user.name,
|
||||
};
|
||||
}
|
||||
|
||||
export default defineEventHandler(async (event) => {
|
||||
const session = await requireServerSession(event);
|
||||
if (session.account.type !== "admin") {
|
||||
throw createError({
|
||||
statusCode: 403,
|
||||
statusMessage: "Forbidden",
|
||||
});
|
||||
}
|
||||
const { success, error, data: patch } = apiUserPatchSchema.safeParse(await readBody(event));
|
||||
if (!success) {
|
||||
throw createError({
|
||||
status: 400,
|
||||
statusText: "Bad Request",
|
||||
message: z.prettifyError(error),
|
||||
});
|
||||
}
|
||||
|
||||
const users = await readUsers();
|
||||
const user = users.find(user => user.id === patch.id);
|
||||
if (!user || user.deleted) {
|
||||
throw createError({
|
||||
status: 409,
|
||||
statusText: "Conflict",
|
||||
message: "User does not exist",
|
||||
});
|
||||
|
||||
}
|
||||
|
||||
if (patch.type) {
|
||||
if (patch.type === "anonymous" || user.type === "anonymous") {
|
||||
throw createError({
|
||||
status: 409,
|
||||
statusText: "Conflict",
|
||||
message: "Anonymous user type cannot be changed.",
|
||||
});
|
||||
}
|
||||
user.type = patch.type;
|
||||
}
|
||||
if (patch.name) {
|
||||
if (user.type === "anonymous") {
|
||||
throw createError({
|
||||
status: 409,
|
||||
statusText: "Conflict",
|
||||
message: "Anonymous user cannot have name set.",
|
||||
});
|
||||
}
|
||||
user.name = patch.name;
|
||||
}
|
||||
user.updatedAt = new Date().toISOString();
|
||||
await writeUsers(users);
|
||||
broadcastEvent({
|
||||
type: "user-update",
|
||||
data: serverUserToApi(user),
|
||||
})
|
||||
|
||||
// Update Schedule counts.
|
||||
await updateScheduleInterestedCounts(users);
|
||||
})
|
||||
Loading…
Add table
Add a link
Reference in a new issue