esdras/sistema-de-chamados
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Allow staff access to admin UI with scoped permissions

Browse source
This commit is contained in:
Esdras Renan 2025-10-13 16:30:52 -03:00
parent d6956cd99d
commit cf31158a9e
11 changed files with 155 additions and 52 deletions
Download patch file Download diff file Expand all files Collapse all files

13
src/app/api/admin/companies/[id]/route.ts
View file

@ -2,13 +2,17 @@ import { NextResponse } from "next/server"
import { Prisma } from "@prisma/client"
import { prisma } from "@/lib/prisma"
import { assertAdminSession } from "@/lib/auth-server"
import { assertStaffSession } from "@/lib/auth-server"
import { isAdmin } from "@/lib/authz"
export const runtime = "nodejs"
export async function PATCH(request: Request, { params }: { params: Promise<{ id: string }> }) {
const session = await assertAdminSession()
const session = await assertStaffSession()
if (!session) return NextResponse.json({ error: "Não autorizado" }, { status: 401 })
if (!isAdmin(session.user.role)) {
return NextResponse.json({ error: "Apenas administradores podem editar empresas" }, { status: 403 })
}
const { id } = await params
const raw = (await request.json()) as Partial<{
name: string
@ -49,8 +53,11 @@ export async function PATCH(request: Request, { params }: { params: Promise<{ id
}
export async function DELETE(_: Request, { params }: { params: Promise<{ id: string }> }) {
const session = await assertAdminSession()
const session = await assertStaffSession()
if (!session) return NextResponse.json({ error: "Não autorizado" }, { status: 401 })
if (!isAdmin(session.user.role)) {
return NextResponse.json({ error: "Apenas administradores podem excluir empresas" }, { status: 403 })
}
const { id } = await params
const company = await prisma.company.findUnique({

10
src/app/api/admin/companies/route.ts
View file

@ -1,12 +1,13 @@
import { NextResponse } from "next/server"
import { prisma } from "@/lib/prisma"
import { assertAdminSession } from "@/lib/auth-server"
import { assertStaffSession } from "@/lib/auth-server"
import { isAdmin } from "@/lib/authz"
export const runtime = "nodejs"
export async function GET() {
const session = await assertAdminSession()
const session = await assertStaffSession()
if (!session) return NextResponse.json({ error: "Não autorizado" }, { status: 401 })
const companies = await prisma.company.findMany({
@ -16,8 +17,11 @@ export async function GET() {
}
export async function POST(request: Request) {
const session = await assertAdminSession()
const session = await assertStaffSession()
if (!session) return NextResponse.json({ error: "Não autorizado" }, { status: 401 })
if (!isAdmin(session.user.role)) {
return NextResponse.json({ error: "Apenas administradores podem criar empresas" }, { status: 403 })
}
const body = (await request.json()) as Partial<{
name: string