BSL-39-AdminEventsAPI

app/api/admin/events/route.ts

@@ -1,28 +1,75 @@
 import { NextResponse } from "next/server";
 import { prisma } from "@/lib/prisma";
+import { auth } from "@/auth";
 
+function isAmbassadorOrHigher(role: string) {
+  return role === "AMBASSADOR" || role === "SUPER_ADMIN";
+}
+
+async function requireAmbassadorOrHigher() {
+  const session = await auth();
+  const email = session?.user?.email;
+
+  if (!email) {
+    return { ok: false as const, status: 401 as const, error: "Unauthorized" };
+  }
+
+  const user = await prisma.user.findUnique({
+    where: { email },
+    select: { id: true, role: true },
+  });
+
+  if (!user) {
+    return { ok: false as const, status: 401 as const, error: "Unauthorized" };
+  }
+
+  if (!isAmbassadorOrHigher(user.role)) {
+    return { ok: false as const, status: 403 as const, error: "Forbidden" };
+  }
+
+  return { ok: true as const, user };
+}
+
+// GET /api/admin/events (admin list)
 export async function GET() {
-  // TODO: require admin (RBAC)
+  const gate = await requireAmbassadorOrHigher();
+  if (!gate.ok) {
+    return NextResponse.json({ error: gate.error }, { status: gate.status });
+  }
+
   const events = await prisma.event.findMany({
     orderBy: { startAt: "asc" },
   });
+
   return NextResponse.json(events);
 }
 
+// POST /api/admin/events (create)
 export async function POST(req: Request) {
-  // TODO: require admin (RBAC)
+  const gate = await requireAmbassadorOrHigher();
+  if (!gate.ok) {
+    return NextResponse.json({ error: gate.error }, { status: gate.status });
+  }
+
   const body = await req.json();
 
-  if (!body.title || !body.startAt || !body.createdByUserId) {
+
+  if (!body.title || !body.startAt) {
     return NextResponse.json(
-      { error: "title, startAt, createdByUserId are required" },
+      { error: "title and startAt are required" },
       { status: 400 }
     );
   }
 
   const startAt = new Date(body.startAt);
   const endAt = body.endAt ? new Date(body.endAt) : null;
 
+  if (isNaN(startAt.getTime())) {
+    return NextResponse.json({ error: "Invalid startAt" }, { status: 400 });
+  }
+  if (endAt && isNaN(endAt.getTime())) {
+    return NextResponse.json({ error: "Invalid endAt" }, { status: 400 });
+  }
   if (endAt && endAt < startAt) {
     return NextResponse.json(
       { error: "endAt cannot be before startAt" },
@@ -38,7 +85,7 @@ export async function POST(req: Request) {
       endAt,
       location: body.location ?? null,
       link: body.link ?? null,
-      createdByUserId: body.createdByUserId, // later: get from session
+      createdByUserId: gate.user.id, // imported from db 
     },
   });
 

app/api/events/route.ts

@@ -3,7 +3,12 @@ import { NextResponse } from "next/server";
 import { prisma } from "@/lib/prisma";
 
 export async function GET() {
+  const now = new Date();
+
   const events = await prisma.event.findMany({
+    where: {
+      startAt: { gte: now },
+    },
     orderBy: { startAt: "asc" },
   });
 

app/events/page.tsx

@@ -1,12 +1,61 @@
-import React from "react";
-import PublicLayout from '@/components/layout/PublicLayout';
+"use client";
+
+import { useEffect, useState } from "react";
+import PublicLayout from "@/components/layout/PublicLayout";
+
+type Event = {
+  id: string;
+  title?: string | null;
+  name?: string | null;
+  startAt: string; // ISO string coming from JSON
+  location?: string | null;
+};
 
 export default function EventsPage() {
+  const [events, setEvents] = useState<Event[] | null>(null);
+
+  useEffect(() => {
+    async function load() {
+      const res = await fetch("/api/events");
+      if (!res.ok) {
+        setEvents([]);
+        return;
+      }
+      const data = (await res.json()) as Event[];
+      setEvents(data);
+    }
+    load();
+  }, []);
+
+  const items = events ?? [];
+
   return (
     <PublicLayout>
-      <div className="max-w-4xl mx-auto px-6 py-20">
-        <h1 className="text-4xl font-semibold mb-6">Events</h1>
-        <p className="text-lg text-gray-700">No events yet — this is a placeholder page so the navbar link doesn&apos;t 404.</p>
+      <div className="mx-auto max-w-4xl px-6 py-12">
+        <h1 className="text-3xl font-semibold">Events</h1>
+        <p className="mt-2 text-gray-600">Upcoming events</p>
+
+        {events === null ? (
+          <div className="mt-8 text-gray-600">Loading…</div>
+        ) : items.length === 0 ? (
+          <div className="mt-8 rounded-lg border p-6 text-gray-600">
+            No upcoming events right now. Check back soon.
+          </div>
+        ) : (
+          <ul className="mt-8 space-y-4">
+            {items.map((e) => (
+              <li key={e.id} className="rounded-lg border p-4">
+                <div className="font-medium">
+                  {e.title ?? e.name ?? "Untitled event"}
+                </div>
+                <div className="mt-1 text-sm text-gray-600">
+                  {new Date(e.startAt).toLocaleString()}
+                  {e.location ? ` • ${e.location}` : ""}
+                </div>
+              </li>
+            ))}
+          </ul>
+        )}
       </div>
     </PublicLayout>
   );