tomchukk/mamad-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Version 1.1 initial commit

Browse Source
This commit is contained in:
Tom Ruff
2026-01-16 18:57:25 +02:00
parent 4defe33bd3
commit 89c162e276
247 changed files with 87 additions and 46892 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
app/api/admin/update-user-scope/route.ts
View File

@@ -19,14 +19,14 @@ export async function POST(request: NextRequest) {
const { adminId, targetUserId, field, department, team } = await request.json()
if (!adminId || !targetUserId || !field || !department || !team) {
return NextResponse.json({ error: "Missing required fields." }, { status: 400 })
return NextResponse.json({ error: "חסרים שדות חובה." }, { status: 400 })
}
const adminRows = (await safeQuery("SELECT role, field, department, team FROM users WHERE national_id = ?", [
adminId,
])) as any[]
if (adminRows.length === 0) {
return NextResponse.json({ error: "Admin not found." }, { status: 404 })
return NextResponse.json({ error: "הרשאת מנהל לא נמצאה" }, { status: 404 })
}
const admin = adminRows[0]
@@ -35,7 +35,7 @@ export async function POST(request: NextRequest) {
targetUserId,
])) as any[]
if (userRows.length === 0) {
return NextResponse.json({ error: "User not found." }, { status: 404 })
return NextResponse.json({ error: "משתמש לא נמצא." }, { status: 404 })
}
const targetUser = userRows[0]
@@ -46,7 +46,7 @@ export async function POST(request: NextRequest) {
])
if (!fieldOk || !departmentOk || !teamOk) {
return NextResponse.json({ error: "Invalid field, department, or team." }, { status: 400 })
return NextResponse.json({ error: "תחום, מסגרת או צוות שגויים." }, { status: 400 })
}
const fieldRows = (await safeQuery("SELECT id FROM managed_types WHERE type = 'field' AND name = ?", [
@@ -62,49 +62,49 @@ export async function POST(request: NextRequest) {
)) as Array<{ id: number; parentId: number | null }>
if (fieldRows.length === 0 || departmentRows.length === 0 || teamRows.length === 0) {
return NextResponse.json({ error: "Invalid field, department, or team." }, { status: 400 })
return NextResponse.json({ error: "תחום, מסגרת או צוות שגויים." }, { status: 400 })
}
if (departmentRows[0].parentId !== fieldRows[0].id) {
return NextResponse.json({ error: "Department does not belong to field." }, { status: 400 })
return NextResponse.json({ error: "מסגרת לא משוייכת לתחום הנבחר." }, { status: 400 })
}
if (teamRows[0].parentId !== departmentRows[0].id) {
return NextResponse.json({ error: "Team does not belong to department." }, { status: 400 })
return NextResponse.json({ error: "צוות לא משוייך למסגרת הנבחרת." }, { status: 400 })
}
if (admin.role === "field_admin") {
if (targetUser.field !== admin.field) {
return NextResponse.json({ error: "Target user is outside your field." }, { status: 403 })
return NextResponse.json({ error: "המשתמש הנבחר לא משוייך לתחום שלך." }, { status: 403 })
}
if (field !== admin.field) {
return NextResponse.json({ error: "Field admins can only assign within their field." }, { status: 403 })
return NextResponse.json({ error: "מנהלי תחומים רשאים לנהל אך ורק את התחום שלהם." }, { status: 403 })
}
} else if (admin.role === "department_admin") {
if (targetUser.department !== admin.department) {
return NextResponse.json({ error: "Target user is outside your department." }, { status: 403 })
return NextResponse.json({ error: "המשתמש הנבחר לא משוייך למסגרת שלך." }, { status: 403 })
}
if (department !== admin.department) {
return NextResponse.json({ error: "Department admins can only assign within their department." }, { status: 403 })
return NextResponse.json({ error: "מנהלי מסגרות רשאים לנהל אך ורק את המסגרת שלהם." }, { status: 403 })
}
if (admin.field && field !== admin.field) {
return NextResponse.json({ error: "Department admins can only assign within their field." }, { status: 403 })
return NextResponse.json({ error: "מנהלי מסגרות רשאים לנהל אך ורק באותו התחום." }, { status: 403 })
}
} else if (admin.role === "team_admin") {
if (targetUser.team !== admin.team) {
return NextResponse.json({ error: "Target user is outside your team." }, { status: 403 })
return NextResponse.json({ error: "המשתמש הנבחר לא משוייך לצוות שלך." }, { status: 403 })
}
if (team !== admin.team) {
return NextResponse.json({ error: "Team admins can only assign within their team." }, { status: 403 })
return NextResponse.json({ error: "מנהלי צוותים רשאים לנהל אך ורק את הצוות שלהם." }, { status: 403 })
}
if (admin.department && department !== admin.department) {
return NextResponse.json({ error: "Team admins can only assign within their department." }, { status: 403 })
return NextResponse.json({ error: "מנהלי צוותים רשאים לנהל אך ורק באותה המסגרת." }, { status: 403 })
}
if (admin.field && field !== admin.field) {
return NextResponse.json({ error: "Team admins can only assign within their field." }, { status: 403 })
return NextResponse.json({ error: "מנהלי צוותים ראשאים לנהל אך ורק באותו התחום." }, { status: 403 })
}
} else if (admin.role !== "global_admin") {
return NextResponse.json({ error: "Insufficient permissions." }, { status: 403 })
return NextResponse.json({ error: "הרשאות לא מספיקות." }, { status: 403 })
}
await safeQuery("UPDATE users SET field = ?, department = ?, team = ? WHERE national_id = ?", [
@@ -114,9 +114,9 @@ export async function POST(request: NextRequest) {
targetUserId,
])
return NextResponse.json({ success: true, message: "User assignment updated." })
return NextResponse.json({ success: true, message: "משתמש עודכן בהצלחה." })
} catch (error) {
console.error("Update user scope error:", error)
return NextResponse.json({ error: "Failed to update user." }, { status: 500 })
return NextResponse.json({ error: "עדכון משתמש נכשל." }, { status: 500 })
}
}