1.1.4 - updated user modals

app/api/admin/team-reset/route.ts

@@ -12,7 +12,7 @@ export async function POST(request: NextRequest) {
 
     // Get admin's field, department, and team
     const adminData = (await safeQuery(
-      "SELECT field, department, team FROM users WHERE national_id = ? AND role IS NOT NULL AND role != 'user'",
+      "SELECT role, field, department, team FROM users WHERE national_id = ? AND role IS NOT NULL AND role != 'user'",
       [adminId],
     )) as any[]
 
@@ -20,10 +20,14 @@ export async function POST(request: NextRequest) {
       return NextResponse.json({ error: "מנהל לא נמצא" }, { status: 404 })
     }
 
-    const { field: adminField, department: adminDepartment, team: adminTeam } = adminData[0]
+    const { role: adminRole, field: adminField, department: adminDepartment, team: adminTeam } = adminData[0]
+
+    if (adminRole !== "team_admin" && adminRole !== "global_admin") {
+      return NextResponse.json({ error: "Insufficient permissions." }, { status: 403 })
+    }
 
     if (!adminField || !adminDepartment || !adminTeam) {
-      return NextResponse.json({ error: "למנהל לא הוגדרו תחום, מסגרת וצוות" }, { status: 400 })
+      return NextResponse.json({ error: "Team is not assigned." }, { status: 400 })
     }
 
     await safeQuery(