Updated to using managed types instead of

hard coded ones.

app/api/admin/add-user/route.ts

@@ -1,7 +1,20 @@
 import { type NextRequest, NextResponse } from "next/server"
 import { safeQuery } from "@/lib/database"
 import { hashPassword } from "@/lib/auth"
-import { type UserRole, DEPARTMENTS, TEAMS, FIELDS } from "@/types/user"
+import { type UserRole } from "@/types/user"
+
+const hasManagedType = async (type: "field" | "department" | "team", name: string) => {
+  const rows = (await safeQuery("SELECT 1 FROM managed_types WHERE type = ? AND name = ? LIMIT 1", [
+    type,
+    name,
+  ])) as any[]
+  if (rows.length > 0) {
+    return true
+  }
+
+  const legacyRows = (await safeQuery(`SELECT 1 FROM users WHERE ${type} = ? LIMIT 1`, [name])) as any[]
+  return legacyRows.length > 0
+}
 
 export async function POST(request: NextRequest) {
   try {
@@ -12,17 +25,41 @@ export async function POST(request: NextRequest) {
       return NextResponse.json({ error: "נתונים חסרים" }, { status: 400 })
     }
 
-    // Validate department, team, and field
-    if (!FIELDS.includes(field as any)) {
-      return NextResponse.json({ error: "תחום לא תקין" }, { status: 400 })
+    // Validate department, team, and field against managed types
+    if (!(await hasManagedType("field", field))) {
+      return NextResponse.json({ error: "Invalid field." }, { status: 400 })
     }
 
-    if (!DEPARTMENTS.includes(department as any)) {
-      return NextResponse.json({ error: "מסגרת לא תקינה" }, { status: 400 })
+    if (!(await hasManagedType("department", department))) {
+      return NextResponse.json({ error: "Invalid department." }, { status: 400 })
     }
 
-    if (!TEAMS.includes(team as any)) {
-      return NextResponse.json({ error: "צוות לא תקין" }, { status: 400 })
+    if (!(await hasManagedType("team", team))) {
+      return NextResponse.json({ error: "Invalid team." }, { status: 400 })
+    }
+
+    const fieldRows = (await safeQuery("SELECT id FROM managed_types WHERE type = 'field' AND name = ?", [
+      field,
+    ])) as Array<{ id: number }>
+    const departmentRows = (await safeQuery(
+      "SELECT id, parent_id AS parentId FROM managed_types WHERE type = 'department' AND name = ?",
+      [department],
+    )) as Array<{ id: number; parentId: number | null }>
+    const teamRows = (await safeQuery(
+      "SELECT id, parent_id AS parentId FROM managed_types WHERE type = 'team' AND name = ?",
+      [team],
+    )) as Array<{ id: number; parentId: number | null }>
+
+    if (fieldRows.length === 0 || departmentRows.length === 0 || teamRows.length === 0) {
+      return NextResponse.json({ error: "Invalid field, department, or team." }, { status: 400 })
+    }
+
+    if (departmentRows[0].parentId !== fieldRows[0].id) {
+      return NextResponse.json({ error: "Department does not belong to field." }, { status: 400 })
+    }
+
+    if (teamRows[0].parentId !== departmentRows[0].id) {
+      return NextResponse.json({ error: "Team does not belong to department." }, { status: 400 })
     }
 
     const validRoles: UserRole[] = ["user", "team_admin", "department_admin", "field_admin", "global_admin"]