Skip to content

Complete ALL Admin Backend Endpoints | Tyler & Samson #22

Closed
Closed
Complete ALL Admin Backend Endpoints | Tyler & Samson#22
@jpuka01

Description

@jpuka01
jpuka01
opened on Nov 21, 2025

Objective

Implement all 5 admin endpoints that currently return 501. These are critical for the admin moderation workflow. All route files exist but return "Not Implemented".

Tasks

  • Add Required Imports to ALL files:

    import { getServerSession } from 'next-auth/next';
import { authOptions } from '@/lib/auth';
import { NextResponse } from 'next/server';
import { prisma } from '@/lib/prisma';

  • Implement /api/admin/artworks/[id]/approve/route.ts:

    • Check admin authentication with getServerSession
    • Update artwork: status='APPROVED', approved_at=now(), approved_by_id=adminId
    • Create AdminAction with action_type='ARTWORK_APPROVED'
    • Use $transaction for both operations
    • Return 200 with updated artwork

  • Implement /api/admin/artworks/[id]/reject/route.ts:

    • Check admin authentication
    • Get reason from request body
    • Update artwork: status='REJECTED', rejection_reason=reason
    • Create AdminAction with action_type='ARTWORK_REJECTED'
    • Use $transaction
    • Return 200

  • Implement /api/admin/artworks/[id]/feature/route.ts:

    • Check admin authentication
    • Update artwork: is_featured=true
    • Create AdminAction with action_type='ARTWORK_FEATURED'
    • Use $transaction
    • Return 200

  • Implement /api/admin/artworks/[id]/reassign/route.ts:

    • Check admin authentication
    • Get newUserId from body and validate user exists
    • Fetch old user_id before update
    • Update artwork: user_id=newUserId
    • Create AdminAction with action_type='USER_EDITED' and metadata
    • Use $transaction
    • Return 200

  • Implement /api/admin/queue/route.ts:

    • Check admin authentication
    • Fetch all artworks with status='PENDING'
    • Include author info
    • Order by created_at ASC (FIFO)
    • Return count and artworks array

  • Test ALL Endpoints with Postman:

    • Test approve: PATCH to approve endpoint, verify status changes to APPROVED
    • Test reject: PATCH with reason, verify status changes to REJECTED
    • Test feature: PATCH to feature endpoint, verify is_featured=true
    • Test reassign: PATCH with newUserId, verify user_id changes
    • Test queue: GET queue, verify returns only PENDING artworks
    • For each: verify admin action is logged in database
    • Test non-admin access: verify 403 Forbidden errors

Acceptance Criteria

  • ✅ All 5 admin endpoints are fully functional
  • ✅ Only admins can access (401/403 for non-admins)
  • ✅ All endpoints use $transaction for data integrity
  • ✅ AdminActions are properly logged for every operation
  • ✅ Proper error handling (400, 401, 403, 404, 500)
  • ✅ All endpoints tested with Postman and verified in Prisma Studio

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions