1.1.4 - updated user modals
This commit is contained in:
@@ -18,7 +18,7 @@ export async function POST(request: NextRequest) {
|
||||
try {
|
||||
const { adminId, targetUserId, field, department, team } = await request.json()
|
||||
|
||||
if (!adminId || !targetUserId || !field || !department || !team) {
|
||||
if (!adminId || !targetUserId || !field ) {
|
||||
return NextResponse.json({ error: "חסרים שדות חובה." }, { status: 400 })
|
||||
}
|
||||
|
||||
@@ -31,7 +31,7 @@ export async function POST(request: NextRequest) {
|
||||
|
||||
const admin = adminRows[0]
|
||||
|
||||
const userRows = (await safeQuery("SELECT national_id, field, department, team FROM users WHERE national_id = ?", [
|
||||
const userRows = (await safeQuery("SELECT national_id, role, field, department, team FROM users WHERE national_id = ?", [
|
||||
targetUserId,
|
||||
])) as any[]
|
||||
if (userRows.length === 0) {
|
||||
@@ -39,10 +39,25 @@ export async function POST(request: NextRequest) {
|
||||
}
|
||||
const targetUser = userRows[0]
|
||||
|
||||
const normalizedDepartment = typeof department === "string" && department.trim() ? department.trim() : null
|
||||
const normalizedTeam = typeof team === "string" && team.trim() ? team.trim() : null
|
||||
|
||||
if (targetUser.role !== "field_admin" && !normalizedDepartment) {
|
||||
return NextResponse.json({ error: "Missing required fields." }, { status: 400 })
|
||||
}
|
||||
|
||||
if ((targetUser.role === "team_admin" || targetUser.role === "user") && !normalizedTeam) {
|
||||
return NextResponse.json({ error: "Missing required fields." }, { status: 400 })
|
||||
}
|
||||
|
||||
const effectiveDepartment = targetUser.role === "field_admin" ? null : normalizedDepartment
|
||||
const effectiveTeam = targetUser.role === "field_admin" ? null : normalizedTeam
|
||||
|
||||
|
||||
const [fieldOk, departmentOk, teamOk] = await Promise.all([
|
||||
hasManagedType("field", field),
|
||||
hasManagedType("department", department),
|
||||
hasManagedType("team", team),
|
||||
effectiveDepartment ? hasManagedType("department", effectiveDepartment) : Promise.resolve(true),
|
||||
effectiveTeam ? hasManagedType("team", effectiveTeam) : Promise.resolve(true),
|
||||
])
|
||||
|
||||
if (!fieldOk || !departmentOk || !teamOk) {
|
||||
@@ -52,24 +67,27 @@ export async function POST(request: NextRequest) {
|
||||
const fieldRows = (await safeQuery("SELECT id FROM managed_types WHERE type = 'field' AND name = ?", [
|
||||
field,
|
||||
])) as Array<{ id: number }>
|
||||
const departmentRows = (await safeQuery(
|
||||
"SELECT id, parent_id AS parentId FROM managed_types WHERE type = 'department' AND name = ?",
|
||||
[department],
|
||||
)) as Array<{ id: number; parentId: number | null }>
|
||||
const teamRows = (await safeQuery(
|
||||
"SELECT id, parent_id AS parentId FROM managed_types WHERE type = 'team' AND name = ?",
|
||||
[team],
|
||||
)) as Array<{ id: number; parentId: number | null }>
|
||||
const departmentRows = effectiveDepartment
|
||||
? ((await safeQuery(
|
||||
"SELECT id, parent_id AS parentId FROM managed_types WHERE type = 'department' AND name = ?",
|
||||
[effectiveDepartment],
|
||||
)) as Array<{ id: number; parentId: number | null }>)
|
||||
: []
|
||||
const teamRows = effectiveTeam
|
||||
? ((await safeQuery("SELECT id, parent_id AS parentId FROM managed_types WHERE type = 'team' AND name = ?", [
|
||||
effectiveTeam,
|
||||
])) as Array<{ id: number; parentId: number | null }>)
|
||||
: []
|
||||
|
||||
if (fieldRows.length === 0 || departmentRows.length === 0 || teamRows.length === 0) {
|
||||
if (fieldRows.length === 0 || (effectiveDepartment && departmentRows.length === 0) || (effectiveTeam && teamRows.length === 0)) {
|
||||
return NextResponse.json({ error: "תחום, מסגרת או צוות שגויים." }, { status: 400 })
|
||||
}
|
||||
|
||||
if (departmentRows[0].parentId !== fieldRows[0].id) {
|
||||
if (effectiveDepartment && departmentRows[0].parentId !== fieldRows[0].id) {
|
||||
return NextResponse.json({ error: "מסגרת לא משוייכת לתחום הנבחר." }, { status: 400 })
|
||||
}
|
||||
|
||||
if (teamRows[0].parentId !== departmentRows[0].id) {
|
||||
if (effectiveTeam && teamRows[0].parentId !== departmentRows[0].id) {
|
||||
return NextResponse.json({ error: "צוות לא משוייך למסגרת הנבחרת." }, { status: 400 })
|
||||
}
|
||||
|
||||
@@ -94,7 +112,7 @@ export async function POST(request: NextRequest) {
|
||||
if (targetUser.team !== admin.team) {
|
||||
return NextResponse.json({ error: "המשתמש הנבחר לא משוייך לצוות שלך." }, { status: 403 })
|
||||
}
|
||||
if (team !== admin.team) {
|
||||
if (effectiveTeam !== admin.team) {
|
||||
return NextResponse.json({ error: "מנהלי צוותים רשאים לנהל אך ורק את הצוות שלהם." }, { status: 403 })
|
||||
}
|
||||
if (admin.department && department !== admin.department) {
|
||||
@@ -109,8 +127,8 @@ export async function POST(request: NextRequest) {
|
||||
|
||||
await safeQuery("UPDATE users SET field = ?, department = ?, team = ? WHERE national_id = ?", [
|
||||
field,
|
||||
department,
|
||||
team,
|
||||
effectiveDepartment,
|
||||
effectiveTeam,
|
||||
targetUserId,
|
||||
])
|
||||
|
||||
|
||||
Reference in New Issue
Block a user