Bsl 37 patch status update route

app/api/admin/applications/[id]/route.ts

@@ -0,0 +1,87 @@
+import { NextRequest, NextResponse } from "next/server";
+import { PrismaClient, Role } from "@/generated/prisma/client";
+import { auth } from "@/auth";
+
+const prisma = new PrismaClient();
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: { id: string } },
+) {
+  const session = await auth();
+
+  if (!session?.user?.email) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+
+  const dbUser = await prisma.user.findUnique({
+    where: { email: session.user.email },
+    select: { role: true },
+  });
+
+  if (
+    !dbUser ||
+    (dbUser.role !== Role.REVIEWER && dbUser.role !== Role.SUPER_ADMIN)
+  ) {
+    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
+  }
+
+  const application = await prisma.application.findUnique({
+    where: { id: params.id },
+  });
+
+  if (!application) {
+    return NextResponse.json({ error: "Not found" }, { status: 404 });
+  }
+
+  return NextResponse.json({ data: application }, { status: 200 });
+}
+
+
+export async function PATCH(
+  request: NextRequest,
+  { params }: { params: { id: string } }
+) {
+  try {
+    const session = await auth();
+
+    if (!session?.user?.email) {
+      return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+    }
+
+    const dbUser = await prisma.user.findUnique({
+      where: { email: session.user.email },
+      select: { role: true },
+    });
+
+    if (
+      !dbUser ||
+      (dbUser.role !== Role.REVIEWER &&
+       dbUser.role !== Role.SUPER_ADMIN)
+    ) {
+      return NextResponse.json({ error: "Forbidden" }, { status: 403 });
+    }
+
+    const { status } = await request.json();
+
+    if (status !== "approved" && status !== "rejected") {
+      return NextResponse.json(
+        { error: "Invalid status" },
+        { status: 400 }
+      );
+    }
+
+    const updated = await prisma.application.update({
+      where: { id: params.id },
+      data: { status },
+    });
+
+    return NextResponse.json({ data: updated }, { status: 200 });
+
+  } catch (err: any) {
+    return NextResponse.json(
+      { error: "Failed to update application" },
+      { status: 500 }
+    );
+  }
+}

app/api/admin/applications/route.ts

@@ -1,11 +1,40 @@
-import { NextResponse } from "next/server";
-import { PrismaClient } from "@/generated/prisma/client";
+import { NextRequest, NextResponse } from "next/server";
+import { PrismaClient, Role } from "@/generated/prisma/client";
+import { auth } from "@/auth";
 
 const prisma = new PrismaClient();
 
-export async function GET() {
+export async function GET(request: NextRequest) {
   try {
+    const session = await auth();
+
+    if (!session?.user?.email) {
+      return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+    }
+
+    const dbUser = await prisma.user.findUnique({
+      where: { email: session.user.email },
+      select: { role: true },
+    });
+
+    if (
+      !dbUser ||
+      (dbUser.role !== Role.REVIEWER &&
+       dbUser.role !== Role.SUPER_ADMIN)
+    ) {
+      return NextResponse.json({ error: "Forbidden" }, { status: 403 });
+    }
+
+    const { searchParams } = new URL(request.url);
+    const type = searchParams.get("type");
+    const status = searchParams.get("status");
+
+    const where: any = {};
+    if (type) where.type = type;
+    if (status) where.status = status;
+
     const applications = await prisma.application.findMany({
+      where,
       select: {
         id: true,
         type: true,
@@ -19,6 +48,7 @@ export async function GET() {
     });
 
     return NextResponse.json({ data: applications }, { status: 200 });
+
   } catch (err) {
     console.error(err);
     return NextResponse.json(