feat: Implement admin user management features

- Added adminCreateUser endpoint and corresponding DTO for creating users. - Implemented deleteUser and resetPassword functionalities for admin users. - Introduced updateEmail functionality for admin users. - Updated UsersService to handle user creation, deletion, password reset, and email updates. - Modified UsersController to include new admin routes with appropriate role checks. - Refactored frontend navigation to link to user management under profile. - Created new profile tabs for user management and database management. - Developed AnvandareClient component for user management, including user creation, deletion, role changes, and password resets. - Added DatabsTab for managing product listings and merging duplicates. - Enhanced MinProfilTab for user profile management with form handling.
2026-04-18 14:49:02 +02:00
parent 00dc0d6c69
commit 537a4f8ab6
16 changed files with 1141 additions and 66 deletions
@@ -0,0 +1,23 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { auth } from '../../../../../auth';
+
+const API_BASE =
+  process.env.NEXT_PUBLIC_API_URL_INTERNAL ?? 'http://recipe-api:8080';
+
+export async function POST(
+  _request: NextRequest,
+  { params }: { params: Promise<{ id: string }> },
+) {
+  const { id } = await params;
+  const session = await auth();
+  if (!session || (session.user as any)?.role !== 'admin') {
+    return NextResponse.json({ message: 'Förbjuden' }, { status: 403 });
+  }
+
+  const res = await fetch(`${API_BASE}/api/users/${id}/reset-password`, {
+    method: 'POST',
+    headers: { Authorization: `Bearer ${session.accessToken}` },
+  });
+  const data = await res.json();
+  return NextResponse.json(data, { status: res.status });
+}
@@ -4,15 +4,19 @@ import { auth } from '../../../../auth';
 const API_BASE =
  process.env.NEXT_PUBLIC_API_URL_INTERNAL ?? 'http://recipe-api:8080';

+async function getAdminSession() {
+  const session = await auth();
+  if (!session || (session.user as any)?.role !== 'admin') return null;
+  return session;
+}
+
 export async function PATCH(
  request: NextRequest,
  { params }: { params: Promise<{ id: string }> },
 ) {
  const { id } = await params;
-  const session = await auth();
-  if (!session || (session.user as any)?.role !== 'admin') {
-    return NextResponse.json({ message: 'Förbjuden' }, { status: 403 });
-  }
+  const session = await getAdminSession();
+  if (!session) return NextResponse.json({ message: 'Förbjuden' }, { status: 403 });

  const body = await request.json();
  const res = await fetch(`${API_BASE}/api/users/${id}/role`, {
@@ -26,3 +30,42 @@ export async function PATCH(
  const data = await res.json();
  return NextResponse.json(data, { status: res.status });
 }
+
+export async function DELETE(
+  _request: NextRequest,
+  { params }: { params: Promise<{ id: string }> },
+) {
+  const { id } = await params;
+  const session = await getAdminSession();
+  if (!session) return NextResponse.json({ message: 'Förbjuden' }, { status: 403 });
+
+  const res = await fetch(`${API_BASE}/api/users/${id}`, {
+    method: 'DELETE',
+    headers: { Authorization: `Bearer ${session.accessToken}` },
+  });
+  const data = await res.json().catch(() => ({ deleted: true }));
+  return NextResponse.json(data, { status: res.status });
+}
+
+export async function PUT(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> },
+) {
+  // PUT används för e-postbyte (PATCH /api/users/:id/email)
+  const { id } = await params;
+  const session = await getAdminSession();
+  if (!session) return NextResponse.json({ message: 'Förbjuden' }, { status: 403 });
+
+  const body = await request.json();
+  const res = await fetch(`${API_BASE}/api/users/${id}/email`, {
+    method: 'PATCH',
+    headers: {
+      'Content-Type': 'application/json',
+      Authorization: `Bearer ${session.accessToken}`,
+    },
+    body: JSON.stringify(body),
+  });
+  const data = await res.json();
+  return NextResponse.json(data, { status: res.status });
+}
+
@@ -1,4 +1,4 @@
-import { NextResponse } from 'next/server';
+import { NextRequest, NextResponse } from 'next/server';
 import { auth } from '../../../auth';

 const API_BASE =
@@ -17,3 +17,22 @@ export async function GET() {
  const data = await res.json();
  return NextResponse.json(data, { status: res.status });
 }
+
+export async function POST(request: NextRequest) {
+  const session = await auth();
+  if (!session || (session.user as any)?.role !== 'admin') {
+    return NextResponse.json({ message: 'Förbjuden' }, { status: 403 });
+  }
+
+  const body = await request.json();
+  const res = await fetch(`${API_BASE}/api/users`, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      Authorization: `Bearer ${session.accessToken}`,
+    },
+    body: JSON.stringify(body),
+  });
+  const data = await res.json();
+  return NextResponse.json(data, { status: res.status });
+}