BSL-39-AdminEventsAPI#37
Conversation
| import { NextResponse } from "next/server"; | ||
| import { prisma } from "@/lib/prisma"; | ||
| import { auth } from "@/auth"; | ||
|
|
There was a problem hiding this comment.
import { hasRole } from "@/lib/rbac";
this logic already exists in lib/rbac.ts, you can use the hasRole function
| function isAmbassadorOrHigher(role: string) { | ||
| return role === "AMBASSADOR" || role === "SUPER_ADMIN"; | ||
| } |
There was a problem hiding this comment.
Can remove this and replace with hasRole (will make the comment below again)
| return { ok: false as const, status: 401 as const, error: "Unauthorized" }; | ||
| } | ||
|
|
||
| if (!isAmbassadorOrHigher(user.role)) { |
There was a problem hiding this comment.
replace this with if (!hasRole(user.role, "AMBASSADOR")) {
There was a problem hiding this comment.
So delete the isAmbassadorOrHigher function entirely and import hasRole (I made these comments above)
There was a problem hiding this comment.
Also move this hasRole conditional check above the findUnique function above
| async function requireAmbassadorOrHigher() { | ||
| const session = await auth(); | ||
| const email = session?.user?.email; | ||
|
|
There was a problem hiding this comment.
add const role = session?.user?.role;
There was a problem hiding this comment.
The rols is already in the session token set by auth.ts so you do not need to query the DB for it on every request. Can use session?.user?.role directly and only query the DB for the user id (which is needed for createdByUserID in POST)
| const session = await auth(); | ||
| const email = session?.user?.email; | ||
|
|
||
| if (!email) { |
There was a problem hiding this comment.
make this if (!email || !role) {
|
|
||
| const user = await prisma.user.findUnique({ | ||
| where: { email }, | ||
| select: { id: true, role: true }, |
| const events = await prisma.event.findMany({ | ||
| orderBy: { startAt: "asc" }, | ||
| }); | ||
|
|
||
| return NextResponse.json(events); | ||
| } |
There was a problem hiding this comment.
Please add try/catch here.. it would look something like this:
try {
const events = await prisma.event.findMany({
orderBy: { startAt: "asc" },
});
return NextResponse.json(events);
} catch (err) {
console.error("GET /api/admin/events:", err);
return NextResponse.json({ error: "Failed to fetch events" }, { status: 500 });
}
(Also have to do it for POST below.. ill leave comment)
There was a problem hiding this comment.
Add try/catch like above.. something like this:
try {
const created = await prisma.event.create({
data: {
title: body.title,
description: body.description ?? null,
startAt,
endAt,
location: body.location ?? null,
link: body.link ?? null,
createdByUserId: gate.user.id,
},
});
return NextResponse.json(created, { status: 201 });
} catch (err) {
console.error("POST /api/admin/events:", err);
return NextResponse.json({ error: "Failed to create event" }, { status: 500 });
}
}
2 participants
No description provided.