ayrisdev/webmailserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enable DOMAIN_ADMIN to manage users within their authorized domains

Browse Source
This commit is contained in:
AyrisAI
2026-05-14 21:38:31 +03:00
parent b8648fb5f7
commit ede38e80e4
4 changed files with 108 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
app/[lang]/dashboard/users/page.tsx
View File

@@ -1,6 +1,7 @@
"use client";
import { useState, useEffect } from "react";
import { useSession } from "next-auth/react";
import { useDictionary } from "@/components/DictionaryContext";
interface User {
@@ -19,6 +20,7 @@ export default function UsersPage() {
const [search, setSearch] = useState("");
const [isModalOpen, setIsModalOpen] = useState(false);
const [editingUser, setEditingUser] = useState<User | null>(null);
const { data: session } = useSession();
// Form state
const [formData, setFormData] = useState({
@@ -242,22 +244,36 @@ export default function UsersPage() {
<input className="input" type="password" value={formData.password} onChange={e => setFormData({...formData, password: e.target.value})} required={!editingUser} />
</div>
<div style={{ display: "grid", gridTemplateColumns: "1fr 1fr", gap: 14 }}>
<div>
<label className="label">Rol</label>
<select className="input" value={formData.role} onChange={e => setFormData({...formData, role: e.target.value})}>
<option value="SUPER_ADMIN">Süper Admin</option>
<option value="DOMAIN_ADMIN">Domain Admin</option>
</select>
</div>
{session?.user?.role === "SUPER_ADMIN" ? (
<div>
<label className="label">Rol</label>
<select className="input" value={formData.role} onChange={e => setFormData({...formData, role: e.target.value})}>
<option value="SUPER_ADMIN">Süper Admin</option>
<option value="DOMAIN_ADMIN">Domain Admin</option>
</select>
</div>
) : (
<div>
<label className="label">Rol</label>
<input className="input" value="Domain Admin" disabled />
</div>
)}
<div>
<label className="label">Telegram ID</label>
<input className="input" placeholder="Örn: 5009005027" value={formData.telegramId} onChange={e => setFormData({...formData, telegramId: e.target.value})} />
</div>
</div>
<div>
<label className="label">İzinli Domainler (Virgülle ayırın, tümü için *)</label>
<input className="input" placeholder="domain1.com, domain2.com" value={formData.domains} onChange={e => setFormData({...formData, domains: e.target.value})} />
</div>
{session?.user?.role === "SUPER_ADMIN" ? (
<div>
<label className="label">İzinli Domainler (Virgülle ayırın, tümü için *)</label>
<input className="input" placeholder="domain1.com, domain2.com" value={formData.domains} onChange={e => setFormData({...formData, domains: e.target.value})} />
</div>
) : (
<div>
<label className="label">İzinli Domainler</label>
<input className="input" value={session?.user?.domains?.join(", ")} disabled />
</div>
)}
<div style={{ display: "flex", gap: 10, marginTop: 10 }}>
<button type="button" className="btn btn-ghost" style={{ flex: 1 }} onClick={() => setIsModalOpen(false)}>İptal</button>
<button type="submit" className="btn btn-primary" style={{ flex: 1 }} disabled={saving}>

46
app/api/users/[id]/route.ts
View File

@@ -7,22 +7,44 @@ export async function PATCH(req: NextRequest, { params }: { params: Promise<{ id
const session = await auth();
const { id } = await params;
if (!session || session.user.role !== "SUPER_ADMIN") {
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
if (!session) {
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
}
const userRole = session.user.role;
const adminDomains = session.user.domains || [];
try {
// Mevcut kullanıcıyı kontrol et
const existingUser = await prisma.user.findUnique({ where: { id } });
if (!existingUser) return NextResponse.json({ error: "User not found" }, { status: 404 });
// Güvenlik Kontrolü: Domain admin sadece kendi domainindeki kullanıcıyı güncelleyebilir
if (userRole !== "SUPER_ADMIN") {
const hasAccess = existingUser.domains.some(d => adminDomains.includes(d));
if (!hasAccess) return NextResponse.json({ error: "Forbidden" }, { status: 403 });
}
const body = await req.json();
const { name, email, password, role, domains, telegramId } = body;
let finalDomains = domains;
let finalRole = role;
// Güvenlik: Domain admin yetki yükseltemez veya domain değiştiremez
if (userRole !== "SUPER_ADMIN") {
finalDomains = adminDomains; // Kendi domainlerine kilitler
finalRole = "DOMAIN_ADMIN";
}
const user = await prisma.user.update({
where: { id },
data: {
name,
email: email?.toLowerCase(),
password,
role,
domains,
role: finalRole,
domains: finalDomains,
telegramId,
},
});
@@ -38,11 +60,23 @@ export async function DELETE(req: NextRequest, { params }: { params: Promise<{ i
const session = await auth();
const { id } = await params;
if (!session || session.user.role !== "SUPER_ADMIN") {
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
if (!session) {
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
}
const userRole = session.user.role;
const adminDomains = session.user.domains || [];
try {
const existingUser = await prisma.user.findUnique({ where: { id } });
if (!existingUser) return NextResponse.json({ error: "User not found" }, { status: 404 });
// Güvenlik Kontrolü
if (userRole !== "SUPER_ADMIN") {
const hasAccess = existingUser.domains.some(d => adminDomains.includes(d));
if (!hasAccess) return NextResponse.json({ error: "Forbidden" }, { status: 403 });
}
await prisma.user.delete({
where: { id },
});

48
app/api/users/route.ts
View File

@@ -5,13 +5,30 @@ import { prisma } from "@/lib/prisma";
// GET /api/users — list all users
export async function GET() {
const session = await auth();
if (!session || session.user.role !== "SUPER_ADMIN") {
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
if (!session) {
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
}
const users = await prisma.user.findMany({
orderBy: { createdAt: "asc" },
});
const userRole = session.user.role;
const userDomains = session.user.domains || [];
let users;
if (userRole === "SUPER_ADMIN") {
// Super admin her şeyi görür
users = await prisma.user.findMany({
orderBy: { createdAt: "asc" },
});
} else {
// Domain admin sadece kendi domainlerine dokunan kullanıcıları görür
users = await prisma.user.findMany({
where: {
domains: {
hasSome: userDomains
}
},
orderBy: { createdAt: "asc" },
});
}
return NextResponse.json(users);
}
@@ -19,21 +36,34 @@ export async function GET() {
// POST /api/users — create a new user
export async function POST(req: NextRequest) {
const session = await auth();
if (!session || session.user.role !== "SUPER_ADMIN") {
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
if (!session) {
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
}
const userRole = session.user.role;
const adminDomains = session.user.domains || [];
try {
const body = await req.json();
const { name, email, password, role, domains, telegramId } = body;
let finalDomains = domains || [];
let finalRole = role || "DOMAIN_ADMIN";
// Güvenlik: Domain admin yetkisini aşamaz
if (userRole !== "SUPER_ADMIN") {
// Eğer domain admin ise, yeni kullanıcıya sadece kendi domainlerini verebilir
finalDomains = adminDomains;
finalRole = "DOMAIN_ADMIN"; // Başka bir super admin oluşturamaz
}
const user = await prisma.user.create({
data: {
name,
email: email.toLowerCase(),
password,
role: role || "DOMAIN_ADMIN",
domains: domains || [],
role: finalRole,
domains: finalDomains,
telegramId,
},
});