1.1.4 - updated user modals
This commit is contained in:
@@ -21,44 +21,52 @@ export async function POST(request: NextRequest) {
|
||||
const { name, isAdmin, field, department, team, role } = await request.json()
|
||||
|
||||
// Input validation
|
||||
if (!name || !field || !department || !team) {
|
||||
return NextResponse.json({ error: "נתונים חסרים" }, { status: 400 })
|
||||
if (!name || !field) {
|
||||
return NextResponse.json({ error: "Invalid name or field." }, { status: 400 })
|
||||
}
|
||||
|
||||
// Validate department, team, and field against managed types
|
||||
// Validate field against managed types
|
||||
if (!(await hasManagedType("field", field))) {
|
||||
return NextResponse.json({ error: "Invalid field." }, { status: 400 })
|
||||
}
|
||||
|
||||
if (!(await hasManagedType("department", department))) {
|
||||
const normalizedDepartment = typeof department === "string" && department.trim() ? department.trim() : null
|
||||
|
||||
if (normalizedDepartment && !(await hasManagedType("department", normalizedDepartment))) {
|
||||
return NextResponse.json({ error: "Invalid department." }, { status: 400 })
|
||||
}
|
||||
|
||||
if (!(await hasManagedType("team", team))) {
|
||||
const normalizedTeam = typeof team === "string" && team.trim() ? team.trim() : null
|
||||
|
||||
if (normalizedTeam && !(await hasManagedType("team", normalizedTeam))) {
|
||||
return NextResponse.json({ error: "Invalid team." }, { status: 400 })
|
||||
}
|
||||
|
||||
const fieldRows = (await safeQuery("SELECT id FROM managed_types WHERE type = 'field' AND name = ?", [
|
||||
field,
|
||||
])) as Array<{ id: number }>
|
||||
const departmentRows = (await safeQuery(
|
||||
"SELECT id, parent_id AS parentId FROM managed_types WHERE type = 'department' AND name = ?",
|
||||
[department],
|
||||
)) as Array<{ id: number; parentId: number | null }>
|
||||
const teamRows = (await safeQuery(
|
||||
"SELECT id, parent_id AS parentId FROM managed_types WHERE type = 'team' AND name = ?",
|
||||
[team],
|
||||
)) as Array<{ id: number; parentId: number | null }>
|
||||
const departmentRows = normalizedDepartment
|
||||
? ((await safeQuery(
|
||||
"SELECT id, parent_id AS parentId FROM managed_types WHERE type = 'department' AND name = ?",
|
||||
[normalizedDepartment],
|
||||
)) as Array<{ id: number; parentId: number | null }>)
|
||||
: []
|
||||
const teamRows = normalizedTeam
|
||||
? ((await safeQuery(
|
||||
"SELECT id, parent_id AS parentId FROM managed_types WHERE type = 'team' AND name = ?",
|
||||
[normalizedTeam],
|
||||
)) as Array<{ id: number; parentId: number | null }>)
|
||||
: []
|
||||
|
||||
if (fieldRows.length === 0 || departmentRows.length === 0 || teamRows.length === 0) {
|
||||
if (fieldRows.length === 0 || (normalizedDepartment && departmentRows.length === 0) || (normalizedTeam && teamRows.length === 0)) {
|
||||
return NextResponse.json({ error: "Invalid field, department, or team." }, { status: 400 })
|
||||
}
|
||||
|
||||
if (departmentRows[0].parentId !== fieldRows[0].id) {
|
||||
if (normalizedDepartment && departmentRows[0].parentId !== fieldRows[0].id) {
|
||||
return NextResponse.json({ error: "Department does not belong to field." }, { status: 400 })
|
||||
}
|
||||
|
||||
if (teamRows[0].parentId !== departmentRows[0].id) {
|
||||
if (normalizedTeam && normalizedDepartment && teamRows[0].parentId !== departmentRows[0].id) {
|
||||
return NextResponse.json({ error: "Team does not belong to department." }, { status: 400 })
|
||||
}
|
||||
|
||||
@@ -68,7 +76,21 @@ export async function POST(request: NextRequest) {
|
||||
const userRole: UserRole = (role as UserRole) || (isAdmin ? "global_admin" : "user")
|
||||
|
||||
if (!validRoles.includes(userRole)) {
|
||||
return NextResponse.json({ error: "תפקיד לא תקין" }, { status: 400 })
|
||||
return NextResponse.json({ error: "Invalid role." }, { status: 400 })
|
||||
}
|
||||
|
||||
if (userRole === "field_admin") {
|
||||
if (!field || normalizedDepartment || normalizedTeam) {
|
||||
return NextResponse.json({ error: "Field admins must have a field only." }, { status: 400 })
|
||||
}
|
||||
} else if (userRole === "department_admin") {
|
||||
if (!field || !normalizedDepartment || normalizedTeam) {
|
||||
return NextResponse.json({ error: "Department admins must have field + department only." }, { status: 400 })
|
||||
}
|
||||
} else if (userRole === "team_admin" || userRole === "user") {
|
||||
if (!field || !normalizedDepartment || !normalizedTeam) {
|
||||
return NextResponse.json({ error: "Team/users require field, department, and team." }, { status: 400 })
|
||||
}
|
||||
}
|
||||
|
||||
// Generate unique Login ID
|
||||
@@ -80,7 +102,7 @@ export async function POST(request: NextRequest) {
|
||||
|
||||
await safeQuery(
|
||||
"INSERT INTO users (national_id, password, name, is_admin, role, must_change_password, field, department, team) VALUES (?, ?, ?, ?, ?, TRUE, ?, ?, ?)",
|
||||
[nationalId, hashedPassword, name, isAdmin, userRole, field, department, team],
|
||||
[nationalId, hashedPassword, name, isAdmin, userRole, field, normalizedDepartment, normalizedTeam],
|
||||
)
|
||||
|
||||
return NextResponse.json({
|
||||
|
||||
@@ -11,7 +11,7 @@ export async function POST(request: NextRequest) {
|
||||
|
||||
// Get admin's field and department
|
||||
const adminData = (await safeQuery(
|
||||
"SELECT field, department FROM users WHERE national_id = ? AND role IS NOT NULL AND role != 'user'",
|
||||
"SELECT role, field, department FROM users WHERE national_id = ? AND role IS NOT NULL AND role != 'user'",
|
||||
[adminId],
|
||||
)) as any[]
|
||||
|
||||
@@ -19,10 +19,14 @@ export async function POST(request: NextRequest) {
|
||||
return NextResponse.json({ error: "מנהל לא נמצא" }, { status: 404 })
|
||||
}
|
||||
|
||||
const { field: adminField, department: adminDepartment } = adminData[0]
|
||||
const { role: adminRole, field: adminField, department: adminDepartment } = adminData[0]
|
||||
|
||||
if (adminRole !== "department_admin" && adminRole !== "global_admin") {
|
||||
return NextResponse.json({ error: "Insufficient permissions." }, { status: 403 })
|
||||
}
|
||||
|
||||
if (!adminField || !adminDepartment) {
|
||||
return NextResponse.json({ error: "למנהל לא הוגדרו תחום ומסגרת" }, { status: 400 })
|
||||
return NextResponse.json({ error: "Department is not assigned." }, { status: 400 })
|
||||
}
|
||||
|
||||
// Check cooldown for department resets
|
||||
|
||||
@@ -11,7 +11,7 @@ export async function POST(request: Request) {
|
||||
|
||||
// Get admin's field and department
|
||||
const adminData = (await executeQuery(
|
||||
"SELECT field, department FROM users WHERE national_id = ? AND role IS NOT NULL AND role != 'user'",
|
||||
"SELECT role, field, department FROM users WHERE national_id = ? AND role IS NOT NULL AND role != 'user'",
|
||||
[adminId],
|
||||
)) as any[]
|
||||
|
||||
@@ -19,10 +19,18 @@ export async function POST(request: Request) {
|
||||
return NextResponse.json({ error: "מנהל לא נמצא" }, { status: 404 })
|
||||
}
|
||||
|
||||
const { field: adminField, department: adminDepartment } = adminData[0]
|
||||
const { role: adminRole, field: adminField, department: adminDepartment } = adminData[0]
|
||||
|
||||
if (!adminField || !adminDepartment) {
|
||||
return NextResponse.json({ error: "למנהל לא הוגדרו תחום ומסגרת" }, { status: 400 })
|
||||
if (adminRole !== "department_admin" && adminRole !== "global_admin" || !adminField || !adminDepartment) {
|
||||
return NextResponse.json({
|
||||
no_report: 0,
|
||||
in_shelter: 0,
|
||||
not_in_shelter: 0,
|
||||
no_alarm: 0,
|
||||
safe_after_exit: 0,
|
||||
field: adminField,
|
||||
department: adminDepartment,
|
||||
})
|
||||
}
|
||||
|
||||
// Get department stats with field and department context
|
||||
|
||||
@@ -11,7 +11,7 @@ export async function POST(request: NextRequest) {
|
||||
|
||||
// Get admin's field and department
|
||||
const adminData = (await executeQuery(
|
||||
"SELECT field, department FROM users WHERE national_id = ? AND role IS NOT NULL AND role != 'user'",
|
||||
"SELECT role, field, department FROM users WHERE national_id = ? AND role IS NOT NULL AND role != 'user'",
|
||||
[adminId],
|
||||
)) as any[]
|
||||
|
||||
@@ -19,10 +19,10 @@ export async function POST(request: NextRequest) {
|
||||
return NextResponse.json({ error: "מנהל לא נמצא" }, { status: 404 })
|
||||
}
|
||||
|
||||
const { field: adminField, department: adminDepartment } = adminData[0]
|
||||
const { role: adminRole, field: adminField, department: adminDepartment } = adminData[0]
|
||||
|
||||
if (!adminField || !adminDepartment) {
|
||||
return NextResponse.json({ error: "למנהל לא הוגדרו תחום ומסגרת" }, { status: 400 })
|
||||
if (adminRole !== "department_admin" && adminRole !== "global_admin" || !adminField || !adminDepartment) {
|
||||
return NextResponse.json([])
|
||||
}
|
||||
|
||||
let query = ""
|
||||
|
||||
@@ -11,7 +11,7 @@ export async function POST(request: Request) {
|
||||
|
||||
// Get admin's field and department
|
||||
const adminData = (await executeQuery(
|
||||
"SELECT field, department FROM users WHERE national_id = ? AND role IS NOT NULL AND role != 'user'",
|
||||
"SELECT role, field, department FROM users WHERE national_id = ? AND role IS NOT NULL AND role != 'user'",
|
||||
[adminId],
|
||||
)) as any[]
|
||||
|
||||
@@ -19,10 +19,10 @@ export async function POST(request: Request) {
|
||||
return NextResponse.json({ error: "מנהל לא נמצא" }, { status: 404 })
|
||||
}
|
||||
|
||||
const { field: adminField, department: adminDepartment } = adminData[0]
|
||||
const { role: adminRole, field: adminField, department: adminDepartment } = adminData[0]
|
||||
|
||||
if (!adminField || !adminDepartment) {
|
||||
return NextResponse.json({ error: "למנהל לא הוגדרו תחום ומסגרת" }, { status: 400 })
|
||||
if (adminRole !== "department_admin" && adminRole !== "global_admin" || !adminField || !adminDepartment) {
|
||||
return NextResponse.json({ users: [], field: adminField, department: adminDepartment })
|
||||
}
|
||||
|
||||
// Get department users with field and department context
|
||||
@@ -31,6 +31,7 @@ export async function POST(request: Request) {
|
||||
SELECT
|
||||
national_id,
|
||||
name,
|
||||
role,
|
||||
in_shelter,
|
||||
last_updated,
|
||||
is_admin,
|
||||
|
||||
@@ -30,6 +30,7 @@ export async function POST(request: Request) {
|
||||
SELECT
|
||||
national_id,
|
||||
name,
|
||||
role,
|
||||
in_shelter,
|
||||
last_updated,
|
||||
is_admin,
|
||||
|
||||
@@ -12,7 +12,7 @@ export async function POST(request: NextRequest) {
|
||||
|
||||
// Get admin's field, department, and team
|
||||
const adminData = (await safeQuery(
|
||||
"SELECT field, department, team FROM users WHERE national_id = ? AND role IS NOT NULL AND role != 'user'",
|
||||
"SELECT role, field, department, team FROM users WHERE national_id = ? AND role IS NOT NULL AND role != 'user'",
|
||||
[adminId],
|
||||
)) as any[]
|
||||
|
||||
@@ -20,10 +20,14 @@ export async function POST(request: NextRequest) {
|
||||
return NextResponse.json({ error: "מנהל לא נמצא" }, { status: 404 })
|
||||
}
|
||||
|
||||
const { field: adminField, department: adminDepartment, team: adminTeam } = adminData[0]
|
||||
const { role: adminRole, field: adminField, department: adminDepartment, team: adminTeam } = adminData[0]
|
||||
|
||||
if (adminRole !== "team_admin" && adminRole !== "global_admin") {
|
||||
return NextResponse.json({ error: "Insufficient permissions." }, { status: 403 })
|
||||
}
|
||||
|
||||
if (!adminField || !adminDepartment || !adminTeam) {
|
||||
return NextResponse.json({ error: "למנהל לא הוגדרו תחום, מסגרת וצוות" }, { status: 400 })
|
||||
return NextResponse.json({ error: "Team is not assigned." }, { status: 400 })
|
||||
}
|
||||
|
||||
await safeQuery(
|
||||
|
||||
@@ -11,7 +11,7 @@ export async function POST(request: Request) {
|
||||
|
||||
// Get admin's field, department, and team
|
||||
const adminData = (await executeQuery(
|
||||
"SELECT field, department, team FROM users WHERE national_id = ? AND role IS NOT NULL AND role != 'user'",
|
||||
"SELECT role, field, department, team FROM users WHERE national_id = ? AND role IS NOT NULL AND role != 'user'",
|
||||
[adminId],
|
||||
)) as any[]
|
||||
|
||||
@@ -19,10 +19,19 @@ export async function POST(request: Request) {
|
||||
return NextResponse.json({ error: "מנהל לא נמצא" }, { status: 404 })
|
||||
}
|
||||
|
||||
const { field: adminField, department: adminDepartment, team: adminTeam } = adminData[0]
|
||||
const { role: adminRole, field: adminField, department: adminDepartment, team: adminTeam } = adminData[0]
|
||||
|
||||
if (!adminField || !adminDepartment || !adminTeam) {
|
||||
return NextResponse.json({ error: "למנהל לא הוגדרו תחום, מסגרת וצוות" }, { status: 400 })
|
||||
if (adminRole !== "team_admin" && adminRole !== "global_admin" || !adminField || !adminDepartment || !adminTeam) {
|
||||
return NextResponse.json({
|
||||
no_report: 0,
|
||||
in_shelter: 0,
|
||||
not_in_shelter: 0,
|
||||
no_alarm: 0,
|
||||
safe_after_exit: 0,
|
||||
field: adminField,
|
||||
department: adminDepartment,
|
||||
team: adminTeam,
|
||||
})
|
||||
}
|
||||
|
||||
// Get team stats with full context (field + department + team)
|
||||
|
||||
@@ -11,7 +11,7 @@ export async function POST(request: NextRequest) {
|
||||
|
||||
// Get admin's field, department, and team
|
||||
const adminData = (await executeQuery(
|
||||
"SELECT field, department, team FROM users WHERE national_id = ? AND role IS NOT NULL AND role != 'user'",
|
||||
"SELECT role, field, department, team FROM users WHERE national_id = ? AND role IS NOT NULL AND role != 'user'",
|
||||
[adminId],
|
||||
)) as any[]
|
||||
|
||||
@@ -19,10 +19,10 @@ export async function POST(request: NextRequest) {
|
||||
return NextResponse.json({ error: "מנהל לא נמצא" }, { status: 404 })
|
||||
}
|
||||
|
||||
const { field: adminField, department: adminDepartment, team: adminTeam } = adminData[0]
|
||||
const { role: adminRole, field: adminField, department: adminDepartment, team: adminTeam } = adminData[0]
|
||||
|
||||
if (!adminField || !adminDepartment || !adminTeam) {
|
||||
return NextResponse.json({ error: "למנהל לא הוגדרו תחום, מסגרת וצוות" }, { status: 400 })
|
||||
if (adminRole !== "team_admin" && adminRole !== "global_admin" || !adminField || !adminDepartment || !adminTeam) {
|
||||
return NextResponse.json([])
|
||||
}
|
||||
|
||||
let query = ""
|
||||
|
||||
@@ -10,7 +10,7 @@ export async function POST(request: Request) {
|
||||
}
|
||||
|
||||
// Get admin's field, department, and team
|
||||
const adminData = (await executeQuery("SELECT field, department, team FROM users WHERE national_id = ? AND role IS NOT NULL AND role != 'user'", [
|
||||
const adminData = (await executeQuery("SELECT role, field, department, team FROM users WHERE national_id = ? AND role IS NOT NULL AND role != 'user'", [
|
||||
adminId,
|
||||
])) as any[]
|
||||
|
||||
@@ -18,10 +18,10 @@ export async function POST(request: Request) {
|
||||
return NextResponse.json({ error: "מנהל לא נמצא" }, { status: 404 })
|
||||
}
|
||||
|
||||
const { field: adminField, department: adminDepartment, team: adminTeam } = adminData[0]
|
||||
const { role: adminRole, field: adminField, department: adminDepartment, team: adminTeam } = adminData[0]
|
||||
|
||||
if (!adminField || !adminDepartment || !adminTeam) {
|
||||
return NextResponse.json({ error: "למנהל לא הוגדרו תחום, מסגרת וצוות" }, { status: 400 })
|
||||
if (adminRole !== "team_admin" && adminRole !== "global_admin" || !adminField || !adminDepartment || !adminTeam) {
|
||||
return NextResponse.json({ users: [], field: adminField, department: adminDepartment, team: adminTeam })
|
||||
}
|
||||
|
||||
// Get team users with full context (field + department + team)
|
||||
@@ -30,6 +30,7 @@ export async function POST(request: Request) {
|
||||
SELECT
|
||||
national_id,
|
||||
name,
|
||||
role,
|
||||
in_shelter,
|
||||
last_updated,
|
||||
is_admin,
|
||||
|
||||
@@ -18,7 +18,7 @@ export async function POST(request: NextRequest) {
|
||||
try {
|
||||
const { adminId, targetUserId, field, department, team } = await request.json()
|
||||
|
||||
if (!adminId || !targetUserId || !field || !department || !team) {
|
||||
if (!adminId || !targetUserId || !field ) {
|
||||
return NextResponse.json({ error: "חסרים שדות חובה." }, { status: 400 })
|
||||
}
|
||||
|
||||
@@ -31,7 +31,7 @@ export async function POST(request: NextRequest) {
|
||||
|
||||
const admin = adminRows[0]
|
||||
|
||||
const userRows = (await safeQuery("SELECT national_id, field, department, team FROM users WHERE national_id = ?", [
|
||||
const userRows = (await safeQuery("SELECT national_id, role, field, department, team FROM users WHERE national_id = ?", [
|
||||
targetUserId,
|
||||
])) as any[]
|
||||
if (userRows.length === 0) {
|
||||
@@ -39,10 +39,25 @@ export async function POST(request: NextRequest) {
|
||||
}
|
||||
const targetUser = userRows[0]
|
||||
|
||||
const normalizedDepartment = typeof department === "string" && department.trim() ? department.trim() : null
|
||||
const normalizedTeam = typeof team === "string" && team.trim() ? team.trim() : null
|
||||
|
||||
if (targetUser.role !== "field_admin" && !normalizedDepartment) {
|
||||
return NextResponse.json({ error: "Missing required fields." }, { status: 400 })
|
||||
}
|
||||
|
||||
if ((targetUser.role === "team_admin" || targetUser.role === "user") && !normalizedTeam) {
|
||||
return NextResponse.json({ error: "Missing required fields." }, { status: 400 })
|
||||
}
|
||||
|
||||
const effectiveDepartment = targetUser.role === "field_admin" ? null : normalizedDepartment
|
||||
const effectiveTeam = targetUser.role === "field_admin" ? null : normalizedTeam
|
||||
|
||||
|
||||
const [fieldOk, departmentOk, teamOk] = await Promise.all([
|
||||
hasManagedType("field", field),
|
||||
hasManagedType("department", department),
|
||||
hasManagedType("team", team),
|
||||
effectiveDepartment ? hasManagedType("department", effectiveDepartment) : Promise.resolve(true),
|
||||
effectiveTeam ? hasManagedType("team", effectiveTeam) : Promise.resolve(true),
|
||||
])
|
||||
|
||||
if (!fieldOk || !departmentOk || !teamOk) {
|
||||
@@ -52,24 +67,27 @@ export async function POST(request: NextRequest) {
|
||||
const fieldRows = (await safeQuery("SELECT id FROM managed_types WHERE type = 'field' AND name = ?", [
|
||||
field,
|
||||
])) as Array<{ id: number }>
|
||||
const departmentRows = (await safeQuery(
|
||||
"SELECT id, parent_id AS parentId FROM managed_types WHERE type = 'department' AND name = ?",
|
||||
[department],
|
||||
)) as Array<{ id: number; parentId: number | null }>
|
||||
const teamRows = (await safeQuery(
|
||||
"SELECT id, parent_id AS parentId FROM managed_types WHERE type = 'team' AND name = ?",
|
||||
[team],
|
||||
)) as Array<{ id: number; parentId: number | null }>
|
||||
const departmentRows = effectiveDepartment
|
||||
? ((await safeQuery(
|
||||
"SELECT id, parent_id AS parentId FROM managed_types WHERE type = 'department' AND name = ?",
|
||||
[effectiveDepartment],
|
||||
)) as Array<{ id: number; parentId: number | null }>)
|
||||
: []
|
||||
const teamRows = effectiveTeam
|
||||
? ((await safeQuery("SELECT id, parent_id AS parentId FROM managed_types WHERE type = 'team' AND name = ?", [
|
||||
effectiveTeam,
|
||||
])) as Array<{ id: number; parentId: number | null }>)
|
||||
: []
|
||||
|
||||
if (fieldRows.length === 0 || departmentRows.length === 0 || teamRows.length === 0) {
|
||||
if (fieldRows.length === 0 || (effectiveDepartment && departmentRows.length === 0) || (effectiveTeam && teamRows.length === 0)) {
|
||||
return NextResponse.json({ error: "תחום, מסגרת או צוות שגויים." }, { status: 400 })
|
||||
}
|
||||
|
||||
if (departmentRows[0].parentId !== fieldRows[0].id) {
|
||||
if (effectiveDepartment && departmentRows[0].parentId !== fieldRows[0].id) {
|
||||
return NextResponse.json({ error: "מסגרת לא משוייכת לתחום הנבחר." }, { status: 400 })
|
||||
}
|
||||
|
||||
if (teamRows[0].parentId !== departmentRows[0].id) {
|
||||
if (effectiveTeam && teamRows[0].parentId !== departmentRows[0].id) {
|
||||
return NextResponse.json({ error: "צוות לא משוייך למסגרת הנבחרת." }, { status: 400 })
|
||||
}
|
||||
|
||||
@@ -94,7 +112,7 @@ export async function POST(request: NextRequest) {
|
||||
if (targetUser.team !== admin.team) {
|
||||
return NextResponse.json({ error: "המשתמש הנבחר לא משוייך לצוות שלך." }, { status: 403 })
|
||||
}
|
||||
if (team !== admin.team) {
|
||||
if (effectiveTeam !== admin.team) {
|
||||
return NextResponse.json({ error: "מנהלי צוותים רשאים לנהל אך ורק את הצוות שלהם." }, { status: 403 })
|
||||
}
|
||||
if (admin.department && department !== admin.department) {
|
||||
@@ -109,8 +127,8 @@ export async function POST(request: NextRequest) {
|
||||
|
||||
await safeQuery("UPDATE users SET field = ?, department = ?, team = ? WHERE national_id = ?", [
|
||||
field,
|
||||
department,
|
||||
team,
|
||||
effectiveDepartment,
|
||||
effectiveTeam,
|
||||
targetUserId,
|
||||
])
|
||||
|
||||
|
||||
@@ -12,6 +12,7 @@ export async function POST(request: Request) { // Changed to POST, similar to te
|
||||
SELECT
|
||||
national_id,
|
||||
name,
|
||||
role,
|
||||
in_shelter,
|
||||
last_updated,
|
||||
is_admin,
|
||||
@@ -29,4 +30,4 @@ export async function POST(request: Request) { // Changed to POST, similar to te
|
||||
console.error("Get users error:", error) // Error logging similar to team_users-route.ts
|
||||
return NextResponse.json({ error: "שגיאה בטעינת משתמשים" }, { status: 500 }) // Error response format similar to team_users-route.ts
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user