Merge pull request #99 from madhura68/feat/story-111ci8t4

ST-1205: Admin: gebruikersbeheer (/admin/users)
2026-05-05 14:44:55 +02:00 · 2026-05-05 14:44:55 +02:00 · 384a7ecd4a
commit 384a7ecd4a
parent 64b8c7f5d7 31edfa8194
7 changed files with 331 additions and 0 deletions
--- a/actions/admin/users.ts
+++ b/actions/admin/users.ts
@ -0,0 +1,43 @@
+'use server'
+
+import { revalidatePath } from 'next/cache'
+import { z } from 'zod'
+import { Role } from '@prisma/client'
+import { prisma } from '@/lib/prisma'
+import { requireAdmin } from '@/lib/auth-guard'
+
+export async function deleteUserAction(userId: string) {
+  const session = await requireAdmin()
+  if (userId === session.userId) {
+    throw new Error('Zelfverwijdering niet toegestaan')
+  }
+  await prisma.user.delete({ where: { id: userId } })
+  revalidatePath('/admin/users')
+}
+
+const rolesSchema = z.array(z.nativeEnum(Role))
+
+export async function updateUserRolesAction(userId: string, roles: Role[]) {
+  const session = await requireAdmin()
+
+  const parsed = rolesSchema.safeParse(roles)
+  if (!parsed.success) {
+    throw new Error('Ongeldige rol-waarden')
+  }
+
+  if (userId === session.userId && !parsed.data.includes(Role.ADMIN)) {
+    throw new Error('Kan eigen ADMIN-rol niet verwijderen')
+  }
+
+  await prisma.$transaction([
+    prisma.userRole.deleteMany({ where: { user_id: userId } }),
+    ...parsed.data.map((role) => prisma.userRole.create({ data: { user_id: userId, role } })),
+  ])
+  revalidatePath('/admin/users')
+}
+
+export async function setMustResetPasswordAction(userId: string, value: boolean) {
+  await requireAdmin()
+  await prisma.user.update({ where: { id: userId }, data: { must_reset_password: value } })
+  revalidatePath('/admin/users')
+}