44 lines
1.7 KiB
TypeScript
44 lines
1.7 KiB
TypeScript
import { NextResponse } from 'next/server';
|
|
import { prisma } from '../../../../lib/prisma';
|
|
import { requireAuth } from '../../../../lib/jwt';
|
|
import { Role, ListingStatus, UserStatus } from '@prisma/client';
|
|
|
|
export async function GET(req: Request) {
|
|
try {
|
|
const auth = await requireAuth(req);
|
|
const isAdmin = auth.role === Role.ADMIN;
|
|
const canUserMod = auth.role === Role.USER_MODERATOR;
|
|
const canListingMod = auth.role === Role.LISTING_MODERATOR;
|
|
if (!isAdmin && !canUserMod && !canListingMod) {
|
|
return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
|
|
}
|
|
|
|
const wantsUsers = isAdmin || canUserMod;
|
|
const wantsListings = isAdmin || canListingMod;
|
|
|
|
const [users, listings] = await Promise.all([
|
|
wantsUsers
|
|
? prisma.user.findMany({
|
|
where: { status: UserStatus.PENDING },
|
|
select: { id: true, email: true, status: true, emailVerifiedAt: true, approvedAt: true, role: true },
|
|
orderBy: { createdAt: 'asc' },
|
|
take: 50,
|
|
})
|
|
: Promise.resolve([]),
|
|
wantsListings
|
|
? prisma.listing.findMany({
|
|
where: { status: ListingStatus.PENDING, removedAt: null },
|
|
select: { id: true, status: true, createdAt: true, owner: { select: { email: true } }, translations: { select: { title: true, slug: true, locale: true } } },
|
|
orderBy: { createdAt: 'asc' },
|
|
take: 50,
|
|
})
|
|
: Promise.resolve([]),
|
|
]);
|
|
|
|
return NextResponse.json({ users, listings, role: auth.role });
|
|
} catch (error) {
|
|
console.error('List pending error', error);
|
|
return NextResponse.json({ error: 'Failed to load pending items' }, { status: 500 });
|
|
}
|
|
}
|
|
export const dynamic = 'force-dynamic';
|