87 lines
2.8 KiB
TypeScript
87 lines
2.8 KiB
TypeScript
import { type NextRequest, NextResponse } from "next/server"
|
||
import { safeQuery } from "@/lib/database"
|
||
|
||
export async function POST(request: NextRequest) {
|
||
try {
|
||
const { adminId, targetUserId, status } = await request.json()
|
||
|
||
if (!adminId || !targetUserId || !status) {
|
||
return NextResponse.json({ error: "נתונים חסרים" }, { status: 400 })
|
||
}
|
||
|
||
if (!["yes", "no", "no_alarm", "safe_after_exit"].includes(status)) {
|
||
return NextResponse.json({ error: "סטטוס לא תקין" }, { status: 400 })
|
||
}
|
||
|
||
// Get admin data
|
||
const adminData = (await safeQuery("SELECT role, field, department, team, name FROM users WHERE national_id = ?", [
|
||
adminId,
|
||
])) as any[]
|
||
|
||
if (adminData.length === 0) {
|
||
return NextResponse.json({ error: "מנהל לא נמצא" }, { status: 404 })
|
||
}
|
||
|
||
const admin = adminData[0]
|
||
|
||
// Get target user data
|
||
const targetData = (await safeQuery("SELECT field, department, team, name FROM users WHERE national_id = ?", [
|
||
targetUserId,
|
||
])) as any[]
|
||
|
||
if (targetData.length === 0) {
|
||
return NextResponse.json({ error: "משתמש לא נמצא" }, { status: 404 })
|
||
}
|
||
|
||
const target = targetData[0]
|
||
|
||
// Check if admin can manage this user based on hierarchy
|
||
let canManage = false
|
||
|
||
if (admin.role === "global_admin") {
|
||
canManage = true
|
||
} else if (admin.role === "field_admin" && admin.field === target.field) {
|
||
canManage = true
|
||
} else if (admin.role === "department_admin" && admin.department === target.department) {
|
||
canManage = true
|
||
} else if (admin.role === "team_admin" && admin.team === target.team) {
|
||
canManage = true
|
||
}
|
||
|
||
if (!canManage) {
|
||
return NextResponse.json({ error: "אין הרשאה לדווח עבור משתמש זה" }, { status: 403 })
|
||
}
|
||
|
||
// Update user status
|
||
await safeQuery("UPDATE users SET in_shelter = ?, last_updated = NOW() WHERE national_id = ?", [
|
||
status,
|
||
targetUserId,
|
||
])
|
||
|
||
// Log the action
|
||
await safeQuery(
|
||
'INSERT INTO admin_actions (admin_id, action_type, target_user_id) VALUES (?, "report_on_behalf", ?)',
|
||
[adminId, targetUserId],
|
||
)
|
||
|
||
const statusText =
|
||
status === "yes"
|
||
? "במקלט/חדר מוגן"
|
||
: status === "no"
|
||
? "לא במקלט"
|
||
: status === "no_alarm"
|
||
? "אין אזעקה"
|
||
: status === "safe_after_exit"
|
||
? "בטוח אחרי יציאה מהמקלט"
|
||
: "לא ידוע"
|
||
|
||
return NextResponse.json({
|
||
success: true,
|
||
message: `דווח עבור ${target.name}: ${statusText}`,
|
||
})
|
||
} catch (error) {
|
||
console.error("Report on behalf error:", error)
|
||
return NextResponse.json({ error: "שגיאה בדיווח" }, { status: 500 })
|
||
}
|
||
}
|