lomavuokraus/app/api/admin/pending/route.ts

import { NextResponse } from "next/server";
import { prisma } from "../../../../lib/prisma";
import { requireAuth } from "../../../../lib/jwt";
import { Role, ListingStatus, UserStatus } from "@prisma/client";

export async function GET(req: Request) {
  try {
    const auth = await requireAuth(req);
    const isAdmin = auth.role === Role.ADMIN;
    const canUserMod = auth.role === Role.USER_MODERATOR;
    const canListingMod = auth.role === Role.LISTING_MODERATOR;
    if (!isAdmin && !canUserMod && !canListingMod) {
      return NextResponse.json({ error: "Forbidden" }, { status: 403 });
    }

    const wantsUsers = isAdmin || canUserMod;
    const wantsListings = isAdmin || canListingMod;

    const [users, listings] = await Promise.all([
      wantsUsers
        ? prisma.user.findMany({
            where: { status: UserStatus.PENDING },
            select: {
              id: true,
              email: true,
              status: true,
              emailVerifiedAt: true,
              approvedAt: true,
              role: true,
            },
            orderBy: { createdAt: "asc" },
            take: 50,
          })
        : Promise.resolve([]),
      wantsListings
        ? prisma.listing.findMany({
            where: { status: ListingStatus.PENDING, removedAt: null },
            select: {
              id: true,
              status: true,
              createdAt: true,
              evChargingAvailable: true,
              evChargingOnSite: true,
              wheelchairAccessible: true,
              owner: { select: { email: true } },
              translations: {
                select: { title: true, slug: true, locale: true },
              },
            },
            orderBy: { createdAt: "asc" },
            take: 50,
          })
        : Promise.resolve([]),
    ]);

    return NextResponse.json({ users, listings, role: auth.role });
  } catch (error) {
    console.error("List pending error", error);
    if (String(error).includes("Unauthorized")) {
      return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
    }
    return NextResponse.json(
      { error: "Failed to load pending items" },
      { status: 500 },
    );
  }
}
export const dynamic = "force-dynamic";