74 lines
1.9 KiB
TypeScript
74 lines
1.9 KiB
TypeScript
import { NextRequest, NextResponse } from "next/server";
|
|
import { prisma } from "@/lib/types/prisma";
|
|
import { auth } from "@/lib/auth-session/auth";
|
|
|
|
export async function PATCH(
|
|
request: NextRequest,
|
|
{ params }: { params: Promise<{ id: string }> }
|
|
) {
|
|
try {
|
|
const session = await auth.api.getSession({
|
|
headers: await import("next/headers").then((mod) => mod.headers()),
|
|
});
|
|
|
|
if (!session?.user) {
|
|
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
|
|
}
|
|
|
|
// Only admin can change roles
|
|
if (session.user.role !== "admin") {
|
|
return NextResponse.json(
|
|
{ error: "Forbidden: Admin access required" },
|
|
{ status: 403 }
|
|
);
|
|
}
|
|
|
|
const { id } = await params;
|
|
const body = await request.json();
|
|
const { role } = body;
|
|
|
|
// Validate role
|
|
if (!role || !["patient", "dentist", "admin"].includes(role)) {
|
|
return NextResponse.json(
|
|
{ error: "Invalid role. Must be patient, dentist, or admin" },
|
|
{ status: 400 }
|
|
);
|
|
}
|
|
|
|
// Check if user exists
|
|
const user = await prisma.user.findUnique({
|
|
where: { id },
|
|
});
|
|
|
|
if (!user) {
|
|
return NextResponse.json({ error: "User not found" }, { status: 404 });
|
|
}
|
|
|
|
// Prevent changing own role
|
|
if (user.id === session.user.id) {
|
|
return NextResponse.json(
|
|
{ error: "You cannot change your own role" },
|
|
{ status: 400 }
|
|
);
|
|
}
|
|
|
|
// Update user role
|
|
const updatedUser = await prisma.user.update({
|
|
where: { id },
|
|
data: { role },
|
|
});
|
|
|
|
return NextResponse.json({
|
|
success: true,
|
|
user: updatedUser,
|
|
message: `Role changed to ${role} successfully`,
|
|
});
|
|
} catch (error) {
|
|
console.error("Error changing user role:", error);
|
|
return NextResponse.json(
|
|
{ error: "Failed to change user role" },
|
|
{ status: 500 }
|
|
);
|
|
}
|
|
}
|