From 8ba2cf62385e26a6a04f12853852d70e697143f6 Mon Sep 17 00:00:00 2001
From: Junnian Liu <liuj4467@Junnians-MacBook-Air.local>
Date: Sun, 1 Mar 2026 22:35:53 -0800
Subject: [PATCH 1/3] implemented applications get request with filters

---
 app/api/admin/applications/route.ts | 36 ++++++++++++++++++++++++++---
 1 file changed, 33 insertions(+), 3 deletions(-)

diff --git a/app/api/admin/applications/route.ts b/app/api/admin/applications/route.ts
index ccaf148..918f798 100644
--- a/app/api/admin/applications/route.ts
+++ b/app/api/admin/applications/route.ts
@@ -1,11 +1,40 @@
-import { NextResponse } from "next/server";
-import { PrismaClient } from "@/generated/prisma/client";
+import { NextRequest, NextResponse } from "next/server";
+import { PrismaClient, Role } from "@/generated/prisma/client";
+import { auth } from "@/auth";
 
 const prisma = new PrismaClient();
 
-export async function GET() {
+export async function GET(request: NextRequest) {
   try {
+    const session = await auth();
+
+    if (!session?.user?.email) {
+      return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+    }
+
+    const dbUser = await prisma.user.findUnique({
+      where: { email: session.user.email },
+      select: { role: true },
+    });
+
+    if (
+      !dbUser ||
+      (dbUser.role !== Role.REVIEWER &&
+       dbUser.role !== Role.SUPER_ADMIN)
+    ) {
+      return NextResponse.json({ error: "Forbidden" }, { status: 403 });
+    }
+
+    const { searchParams } = new URL(request.url);
+    const type = searchParams.get("type");
+    const status = searchParams.get("status");
+
+    const where: any = {};
+    if (type) where.type = type;
+    if (status) where.status = status;
+
     const applications = await prisma.application.findMany({
+      where,
       select: {
         id: true,
         type: true,
@@ -19,6 +48,7 @@ export async function GET() {
     });
 
     return NextResponse.json({ data: applications }, { status: 200 });
+
   } catch (err) {
     console.error(err);
     return NextResponse.json(

From bba982035b426a8d67721059f4946f1b82a2f32a Mon Sep 17 00:00:00 2001
From: Junnian Liu <liuj4467@Junnians-MacBook-Air.local>
Date: Sun, 1 Mar 2026 22:48:57 -0800
Subject: [PATCH 2/3] added dynamic id path

---
 app/api/admin/applications/[id]/route.ts | 38 ++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 app/api/admin/applications/[id]/route.ts

diff --git a/app/api/admin/applications/[id]/route.ts b/app/api/admin/applications/[id]/route.ts
new file mode 100644
index 0000000..940311e
--- /dev/null
+++ b/app/api/admin/applications/[id]/route.ts
@@ -0,0 +1,38 @@
+import { NextRequest, NextResponse } from "next/server";
+import { PrismaClient, Role } from "@/generated/prisma/client";
+import { auth } from "@/auth";
+
+const prisma = new PrismaClient();
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: { id: string } },
+) {
+  const session = await auth();
+
+  if (!session?.user?.email) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+
+  const dbUser = await prisma.user.findUnique({
+    where: { email: session.user.email },
+    select: { role: true },
+  });
+
+  if (
+    !dbUser ||
+    (dbUser.role !== Role.REVIEWER && dbUser.role !== Role.SUPER_ADMIN)
+  ) {
+    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
+  }
+
+  const application = await prisma.application.findUnique({
+    where: { id: params.id },
+  });
+
+  if (!application) {
+    return NextResponse.json({ error: "Not found" }, { status: 404 });
+  }
+
+  return NextResponse.json({ data: application }, { status: 200 });
+}
\ No newline at end of file

From 5a766f1b3b2f688911b20da7b976d058d6fda5ad Mon Sep 17 00:00:00 2001
From: Junnian Liu <liuj4467@Junnians-MacBook-Air.local>
Date: Sun, 1 Mar 2026 22:58:32 -0800
Subject: [PATCH 3/3] implemented patch api endpoint for app status

---
 app/api/admin/applications/[id]/route.ts | 49 ++++++++++++++++++++++++
 1 file changed, 49 insertions(+)

diff --git a/app/api/admin/applications/[id]/route.ts b/app/api/admin/applications/[id]/route.ts
index 940311e..fe26622 100644
--- a/app/api/admin/applications/[id]/route.ts
+++ b/app/api/admin/applications/[id]/route.ts
@@ -35,4 +35,53 @@ export async function GET(
   }
 
   return NextResponse.json({ data: application }, { status: 200 });
+}
+
+
+export async function PATCH(
+  request: NextRequest,
+  { params }: { params: { id: string } }
+) {
+  try {
+    const session = await auth();
+
+    if (!session?.user?.email) {
+      return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+    }
+
+    const dbUser = await prisma.user.findUnique({
+      where: { email: session.user.email },
+      select: { role: true },
+    });
+
+    if (
+      !dbUser ||
+      (dbUser.role !== Role.REVIEWER &&
+       dbUser.role !== Role.SUPER_ADMIN)
+    ) {
+      return NextResponse.json({ error: "Forbidden" }, { status: 403 });
+    }
+
+    const { status } = await request.json();
+
+    if (status !== "approved" && status !== "rejected") {
+      return NextResponse.json(
+        { error: "Invalid status" },
+        { status: 400 }
+      );
+    }
+
+    const updated = await prisma.application.update({
+      where: { id: params.id },
+      data: { status },
+    });
+
+    return NextResponse.json({ data: updated }, { status: 200 });
+
+  } catch (err: any) {
+    return NextResponse.json(
+      { error: "Failed to update application" },
+      { status: 500 }
+    );
+  }
 }
\ No newline at end of file