feat: implement business and user CRUD API endpoints with authentication utilities and update feature documentation
All checks were successful
Build and Push App / build (push) Successful in 5m46s
All checks were successful
Build and Push App / build (push) Successful in 5m46s
This commit is contained in:
@@ -1,5 +1,6 @@
|
||||
import { NextRequest, NextResponse } from 'next/server'
|
||||
import prisma from '@/lib/prisma'
|
||||
import { USER_SAFE_SELECT } from '@/lib/auth-utils'
|
||||
|
||||
type Params = { params: Promise<{ id: string }> }
|
||||
|
||||
@@ -17,7 +18,12 @@ export async function GET(
|
||||
{ slug: id }
|
||||
]
|
||||
},
|
||||
include: { owner: true, offers: true },
|
||||
include: {
|
||||
owner: {
|
||||
select: USER_SAFE_SELECT
|
||||
},
|
||||
offers: true
|
||||
},
|
||||
})
|
||||
if (!business) return NextResponse.json({ error: 'Non trouvé' }, { status: 404 })
|
||||
return NextResponse.json(business)
|
||||
@@ -38,7 +44,12 @@ export async function PATCH(
|
||||
const business = await prisma.business.update({
|
||||
where: { id },
|
||||
data: body,
|
||||
include: { owner: true, offers: true },
|
||||
include: {
|
||||
owner: {
|
||||
select: USER_SAFE_SELECT
|
||||
},
|
||||
offers: true
|
||||
},
|
||||
})
|
||||
return NextResponse.json(business)
|
||||
} catch (error) {
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
import { NextRequest, NextResponse } from 'next/server'
|
||||
import prisma from '@/lib/prisma'
|
||||
import { USER_SAFE_SELECT } from '@/lib/auth-utils'
|
||||
|
||||
// GET /api/businesses — List all businesses (Mock + DB)
|
||||
export async function GET(request: NextRequest) {
|
||||
@@ -42,7 +43,12 @@ export async function GET(request: NextRequest) {
|
||||
|
||||
const dbBusinesses = await prisma.business.findMany({
|
||||
where,
|
||||
include: { owner: true, offers: true },
|
||||
include: {
|
||||
owner: {
|
||||
select: USER_SAFE_SELECT
|
||||
},
|
||||
offers: true
|
||||
},
|
||||
orderBy: { createdAt: 'desc' },
|
||||
})
|
||||
|
||||
@@ -135,7 +141,11 @@ export async function POST(request: NextRequest) {
|
||||
business = await prisma.business.update({
|
||||
where: { id: existing.id },
|
||||
data: cleanData,
|
||||
include: { owner: true }
|
||||
include: {
|
||||
owner: {
|
||||
select: USER_SAFE_SELECT
|
||||
}
|
||||
}
|
||||
});
|
||||
} else {
|
||||
// When creating, we add the ownerId to the sanitized cleanData
|
||||
@@ -144,7 +154,11 @@ export async function POST(request: NextRequest) {
|
||||
...cleanData,
|
||||
ownerId: ownerId
|
||||
},
|
||||
include: { owner: true }
|
||||
include: {
|
||||
owner: {
|
||||
select: USER_SAFE_SELECT
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
// Automatic role upgrade
|
||||
|
||||
@@ -1,11 +1,19 @@
|
||||
import { NextRequest, NextResponse } from 'next/server'
|
||||
import prisma from '@/lib/prisma'
|
||||
import { isAdmin, USER_SAFE_SELECT } from '@/lib/auth-utils'
|
||||
|
||||
// GET /api/users
|
||||
export async function GET() {
|
||||
export async function GET(request: NextRequest) {
|
||||
try {
|
||||
if (!(await isAdmin(request))) {
|
||||
return NextResponse.json({ error: 'Accès non autorisé' }, { status: 403 })
|
||||
}
|
||||
|
||||
const users = await prisma.user.findMany({
|
||||
include: { businesses: true },
|
||||
select: {
|
||||
...USER_SAFE_SELECT,
|
||||
businesses: true
|
||||
},
|
||||
orderBy: { createdAt: 'desc' },
|
||||
})
|
||||
return NextResponse.json(users)
|
||||
@@ -15,11 +23,22 @@ export async function GET() {
|
||||
}
|
||||
}
|
||||
|
||||
// POST /api/users
|
||||
// POST /api/users (Admin only)
|
||||
export async function POST(request: NextRequest) {
|
||||
try {
|
||||
if (!(await isAdmin(request))) {
|
||||
return NextResponse.json({ error: 'Accès non autorisé' }, { status: 403 })
|
||||
}
|
||||
|
||||
const body = await request.json()
|
||||
const user = await prisma.user.create({ data: body })
|
||||
|
||||
// Note: For admins, we might want to allow creating users directly,
|
||||
// but we should still ensure password hashing if provided.
|
||||
// For now, we just restrict it to admins to prevent the public leak.
|
||||
const user = await prisma.user.create({
|
||||
data: body,
|
||||
select: USER_SAFE_SELECT
|
||||
})
|
||||
return NextResponse.json(user, { status: 201 })
|
||||
} catch (error) {
|
||||
console.error('POST /api/users error:', error)
|
||||
|
||||
Reference in New Issue
Block a user