76 lines
2.0 KiB
TypeScript
76 lines
2.0 KiB
TypeScript
import { NextRequest, NextResponse } from "next/server";
|
||
import { auth } from "@/auth";
|
||
import { prisma } from "@/lib/prisma";
|
||
|
||
// GET /api/users — list all users
|
||
export async function GET() {
|
||
const session = await auth();
|
||
if (!session) {
|
||
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
|
||
}
|
||
|
||
const userRole = session.user.role;
|
||
const userDomains = session.user.domains || [];
|
||
|
||
let users;
|
||
if (userRole === "SUPER_ADMIN") {
|
||
// Super admin her şeyi görür
|
||
users = await prisma.user.findMany({
|
||
orderBy: { createdAt: "asc" },
|
||
});
|
||
} else {
|
||
// Domain admin sadece kendi domainlerine dokunan kullanıcıları görür
|
||
users = await prisma.user.findMany({
|
||
where: {
|
||
domains: {
|
||
hasSome: userDomains
|
||
}
|
||
},
|
||
orderBy: { createdAt: "asc" },
|
||
});
|
||
}
|
||
|
||
return NextResponse.json(users);
|
||
}
|
||
|
||
// POST /api/users — create a new user
|
||
export async function POST(req: NextRequest) {
|
||
const session = await auth();
|
||
if (!session) {
|
||
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
|
||
}
|
||
|
||
const userRole = session.user.role;
|
||
const adminDomains = session.user.domains || [];
|
||
|
||
try {
|
||
const body = await req.json();
|
||
const { name, email, password, role, domains, telegramId } = body;
|
||
|
||
let finalDomains = domains || [];
|
||
let finalRole = role || "DOMAIN_ADMIN";
|
||
|
||
// Güvenlik: Domain admin yetkisini aşamaz
|
||
if (userRole !== "SUPER_ADMIN") {
|
||
// Eğer domain admin ise, yeni kullanıcıya sadece kendi domainlerini verebilir
|
||
finalDomains = adminDomains;
|
||
finalRole = "DOMAIN_ADMIN"; // Başka bir super admin oluşturamaz
|
||
}
|
||
|
||
const user = await prisma.user.create({
|
||
data: {
|
||
name,
|
||
email: email.toLowerCase(),
|
||
password,
|
||
role: finalRole,
|
||
domains: finalDomains,
|
||
telegramId,
|
||
},
|
||
});
|
||
|
||
return NextResponse.json(user);
|
||
} catch (error: any) {
|
||
return NextResponse.json({ error: error.message }, { status: 500 });
|
||
}
|
||
}
|