5fd56e3f67
- lib/session.ts: isAdmin: boolean toegevoegd aan SessionData
- lib/auth-guard.ts: requireAdmin() toegevoegd (redirect /dashboard bij !isAdmin)
- actions/admin/users.ts: deleteUserAction (zelfbescherming), updateUserRolesAction
(Zod z.nativeEnum, eigen ADMIN-rol-beveiliging, transactie), setMustResetPasswordAction
— alle drie 'use server', revalidatePath('/admin/users')
43 lines
1.3 KiB
TypeScript
43 lines
1.3 KiB
TypeScript
'use server'
|
|
|
|
import { revalidatePath } from 'next/cache'
|
|
import { z } from 'zod'
|
|
import { Role } from '@prisma/client'
|
|
import { prisma } from '@/lib/prisma'
|
|
import { requireAdmin } from '@/lib/auth-guard'
|
|
|
|
export async function deleteUserAction(userId: string) {
|
|
const session = await requireAdmin()
|
|
if (userId === session.userId) {
|
|
throw new Error('Zelfverwijdering niet toegestaan')
|
|
}
|
|
await prisma.user.delete({ where: { id: userId } })
|
|
revalidatePath('/admin/users')
|
|
}
|
|
|
|
const rolesSchema = z.array(z.nativeEnum(Role))
|
|
|
|
export async function updateUserRolesAction(userId: string, roles: Role[]) {
|
|
const session = await requireAdmin()
|
|
|
|
const parsed = rolesSchema.safeParse(roles)
|
|
if (!parsed.success) {
|
|
throw new Error('Ongeldige rol-waarden')
|
|
}
|
|
|
|
if (userId === session.userId && !parsed.data.includes(Role.ADMIN)) {
|
|
throw new Error('Kan eigen ADMIN-rol niet verwijderen')
|
|
}
|
|
|
|
await prisma.$transaction([
|
|
prisma.userRole.deleteMany({ where: { user_id: userId } }),
|
|
...parsed.data.map((role) => prisma.userRole.create({ data: { user_id: userId, role } })),
|
|
])
|
|
revalidatePath('/admin/users')
|
|
}
|
|
|
|
export async function setMustResetPasswordAction(userId: string, value: boolean) {
|
|
await requireAdmin()
|
|
await prisma.user.update({ where: { id: userId }, data: { must_reset_password: value } })
|
|
revalidatePath('/admin/users')
|
|
}
|