59 lines
1.3 KiB
TypeScript
59 lines
1.3 KiB
TypeScript
import { updateUserRole, getUserByUsername } from '~/server/utils/database'
|
|
import { getSessionUsername } from '~/server/utils/auth'
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
const username = await getSessionUsername(event)
|
|
|
|
if (!username) {
|
|
throw createError({
|
|
statusCode: 401,
|
|
message: 'Unauthorized'
|
|
})
|
|
}
|
|
|
|
const user = getUserByUsername(username)
|
|
|
|
if (!user || user.is_admin !== 1) {
|
|
throw createError({
|
|
statusCode: 403,
|
|
message: 'Forbidden - Admin access required'
|
|
})
|
|
}
|
|
|
|
const id = parseInt(event.context.params?.id || '')
|
|
const body = await readBody(event)
|
|
const { isAdmin } = body
|
|
|
|
if (isNaN(id)) {
|
|
throw createError({
|
|
statusCode: 400,
|
|
message: 'Invalid user ID'
|
|
})
|
|
}
|
|
|
|
if (typeof isAdmin !== 'boolean') {
|
|
throw createError({
|
|
statusCode: 400,
|
|
message: 'isAdmin must be a boolean'
|
|
})
|
|
}
|
|
|
|
// Prevent changing your own role
|
|
if (user.id === id) {
|
|
throw createError({
|
|
statusCode: 400,
|
|
message: 'Cannot change your own role'
|
|
})
|
|
}
|
|
|
|
try {
|
|
updateUserRole(id, isAdmin ? 1 : 0)
|
|
return { success: true }
|
|
} catch (error) {
|
|
throw createError({
|
|
statusCode: 500,
|
|
message: 'Failed to update user role'
|
|
})
|
|
}
|
|
})
|