diff --git a/app/api/admin/applications/[id]/route.ts b/app/api/admin/applications/[id]/route.ts new file mode 100644 index 0000000..fe26622 --- /dev/null +++ b/app/api/admin/applications/[id]/route.ts @@ -0,0 +1,87 @@ +import { NextRequest, NextResponse } from "next/server"; +import { PrismaClient, Role } from "@/generated/prisma/client"; +import { auth } from "@/auth"; + +const prisma = new PrismaClient(); + +export async function GET( + request: NextRequest, + { params }: { params: { id: string } }, +) { + const session = await auth(); + + if (!session?.user?.email) { + return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); + } + + const dbUser = await prisma.user.findUnique({ + where: { email: session.user.email }, + select: { role: true }, + }); + + if ( + !dbUser || + (dbUser.role !== Role.REVIEWER && dbUser.role !== Role.SUPER_ADMIN) + ) { + return NextResponse.json({ error: "Forbidden" }, { status: 403 }); + } + + const application = await prisma.application.findUnique({ + where: { id: params.id }, + }); + + if (!application) { + return NextResponse.json({ error: "Not found" }, { status: 404 }); + } + + return NextResponse.json({ data: application }, { status: 200 }); +} + + +export async function PATCH( + request: NextRequest, + { params }: { params: { id: string } } +) { + try { + const session = await auth(); + + if (!session?.user?.email) { + return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); + } + + const dbUser = await prisma.user.findUnique({ + where: { email: session.user.email }, + select: { role: true }, + }); + + if ( + !dbUser || + (dbUser.role !== Role.REVIEWER && + dbUser.role !== Role.SUPER_ADMIN) + ) { + return NextResponse.json({ error: "Forbidden" }, { status: 403 }); + } + + const { status } = await request.json(); + + if (status !== "approved" && status !== "rejected") { + return NextResponse.json( + { error: "Invalid status" }, + { status: 400 } + ); + } + + const updated = await prisma.application.update({ + where: { id: params.id }, + data: { status }, + }); + + return NextResponse.json({ data: updated }, { status: 200 }); + + } catch (err: any) { + return NextResponse.json( + { error: "Failed to update application" }, + { status: 500 } + ); + } +} \ No newline at end of file diff --git a/app/api/admin/applications/route.ts b/app/api/admin/applications/route.ts index ccaf148..918f798 100644 --- a/app/api/admin/applications/route.ts +++ b/app/api/admin/applications/route.ts @@ -1,11 +1,40 @@ -import { NextResponse } from "next/server"; -import { PrismaClient } from "@/generated/prisma/client"; +import { NextRequest, NextResponse } from "next/server"; +import { PrismaClient, Role } from "@/generated/prisma/client"; +import { auth } from "@/auth"; const prisma = new PrismaClient(); -export async function GET() { +export async function GET(request: NextRequest) { try { + const session = await auth(); + + if (!session?.user?.email) { + return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); + } + + const dbUser = await prisma.user.findUnique({ + where: { email: session.user.email }, + select: { role: true }, + }); + + if ( + !dbUser || + (dbUser.role !== Role.REVIEWER && + dbUser.role !== Role.SUPER_ADMIN) + ) { + return NextResponse.json({ error: "Forbidden" }, { status: 403 }); + } + + const { searchParams } = new URL(request.url); + const type = searchParams.get("type"); + const status = searchParams.get("status"); + + const where: any = {}; + if (type) where.type = type; + if (status) where.status = status; + const applications = await prisma.application.findMany({ + where, select: { id: true, type: true, @@ -19,6 +48,7 @@ export async function GET() { }); return NextResponse.json({ data: applications }, { status: 200 }); + } catch (err) { console.error(err); return NextResponse.json(