Nils-Johan Gynther
29 lines
899 B
TypeScript
29 lines
899 B
TypeScript
import { NextRequest, NextResponse } from 'next/server';
|
|
import { auth } from '../../../../auth';
|
|
|
|
const API_BASE =
|
|
process.env.NEXT_PUBLIC_API_URL_INTERNAL ?? 'http://recipe-api:8080';
|
|
|
|
export async function PATCH(
|
|
request: NextRequest,
|
|
{ params }: { params: Promise<{ id: string }> },
|
|
) {
|
|
const { id } = await params;
|
|
const session = await auth();
|
|
if (!session || (session.user as any)?.role !== 'admin') {
|
|
return NextResponse.json({ message: 'Förbjuden' }, { status: 403 });
|
|
}
|
|
|
|
const body = await request.json();
|
|
const res = await fetch(`${API_BASE}/api/users/${id}/role`, {
|
|
method: 'PATCH',
|
|
headers: {
|
|
'Content-Type': 'application/json',
|
|
Authorization: `Bearer ${session.accessToken}`,
|
|
},
|
|
body: JSON.stringify(body),
|
|
});
|
|
const data = await res.json();
|
|
return NextResponse.json(data, { status: res.status });
|
|
}
|