Dental Care

2025-11-16 14:29:51 +02:00
commit 39077550ef
194 changed files with 43197 additions and 0 deletions
--- a/app/api/users/[id]/role/route.ts
+++ b/app/api/users/[id]/role/route.ts
@@ -0,0 +1,73 @@
+import { NextRequest, NextResponse } from "next/server";
+import { prisma } from "@/lib/types/prisma";
+import { auth } from "@/lib/auth-session/auth";
+
+export async function PATCH(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) {
+  try {
+    const session = await auth.api.getSession({
+      headers: await import("next/headers").then((mod) => mod.headers()),
+    });
+
+    if (!session?.user) {
+      return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+    }
+
+    // Only admin can change roles
+    if (session.user.role !== "admin") {
+      return NextResponse.json(
+        { error: "Forbidden: Admin access required" },
+        { status: 403 }
+      );
+    }
+
+    const { id } = await params;
+    const body = await request.json();
+    const { role } = body;
+
+    // Validate role
+    if (!role || !["patient", "dentist", "admin"].includes(role)) {
+      return NextResponse.json(
+        { error: "Invalid role. Must be patient, dentist, or admin" },
+        { status: 400 }
+      );
+    }
+
+    // Check if user exists
+    const user = await prisma.user.findUnique({
+      where: { id },
+    });
+
+    if (!user) {
+      return NextResponse.json({ error: "User not found" }, { status: 404 });
+    }
+
+    // Prevent changing own role
+    if (user.id === session.user.id) {
+      return NextResponse.json(
+        { error: "You cannot change your own role" },
+        { status: 400 }
+      );
+    }
+
+    // Update user role
+    const updatedUser = await prisma.user.update({
+      where: { id },
+      data: { role },
+    });
+
+    return NextResponse.json({
+      success: true,
+      user: updatedUser,
+      message: `Role changed to ${role} successfully`,
+    });
+  } catch (error) {
+    console.error("Error changing user role:", error);
+    return NextResponse.json(
+      { error: "Failed to change user role" },
+      { status: 500 }
+    );
+  }
+}