Skip to content

BSL-39-AdminEventsAPI #37

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
sanjanamanivannan wants to merge 3 commits into
base: main
Choose a base branch
from
Open

BSL-39-AdminEventsAPI #37

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
dcb97e1
BSL-38: add public events list page
sanjanamanivannan Mar 3, 2026
527919f
BSL-39: admin events API
sanjanamanivannan Mar 3, 2026
db5a5d7
BSL-39: admin events API
sanjanamanivannan Mar 4, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 52 additions & 5 deletions app/api/admin/events/route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,28 +1,75 @@
import { NextResponse } from "next/server";
import { prisma } from "@/lib/prisma";
import { auth } from "@/auth";

Copy link
Copy Markdown
Collaborator

@rohanarcot rohanarcot Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

import { hasRole } from "@/lib/rbac";

this logic already exists in lib/rbac.ts, you can use the hasRole function

function isAmbassadorOrHigher(role: string) {
return role === "AMBASSADOR" || role === "SUPER_ADMIN";
}
Comment on lines +5 to +7
Copy link
Copy Markdown
Collaborator

@rohanarcot rohanarcot Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can remove this and replace with hasRole (will make the comment below again)


async function requireAmbassadorOrHigher() {
const session = await auth();
const email = session?.user?.email;

Copy link
Copy Markdown
Collaborator

@rohanarcot rohanarcot Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

add const role = session?.user?.role;

Copy link
Copy Markdown
Collaborator

@rohanarcot rohanarcot Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The rols is already in the session token set by auth.ts so you do not need to query the DB for it on every request. Can use session?.user?.role directly and only query the DB for the user id (which is needed for createdByUserID in POST)

if (!email) {
Copy link
Copy Markdown
Collaborator

@rohanarcot rohanarcot Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

make this if (!email || !role) {

return { ok: false as const, status: 401 as const, error: "Unauthorized" };
}

const user = await prisma.user.findUnique({
where: { email },
select: { id: true, role: true },
Copy link
Copy Markdown
Collaborator

@rohanarcot rohanarcot Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can remove role: true

});

if (!user) {
return { ok: false as const, status: 401 as const, error: "Unauthorized" };
}

if (!isAmbassadorOrHigher(user.role)) {
Copy link
Copy Markdown
Collaborator

@rohanarcot rohanarcot Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

replace this with if (!hasRole(user.role, "AMBASSADOR")) {

Copy link
Copy Markdown
Collaborator

@rohanarcot rohanarcot Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So delete the isAmbassadorOrHigher function entirely and import hasRole (I made these comments above)

Copy link
Copy Markdown
Collaborator

@rohanarcot rohanarcot Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also move this hasRole conditional check above the findUnique function above

return { ok: false as const, status: 403 as const, error: "Forbidden" };
}

return { ok: true as const, user };
}

// GET /api/admin/events (admin list)
export async function GET() {
// TODO: require admin (RBAC)
const gate = await requireAmbassadorOrHigher();
if (!gate.ok) {
return NextResponse.json({ error: gate.error }, { status: gate.status });
}

const events = await prisma.event.findMany({
orderBy: { startAt: "asc" },
});

return NextResponse.json(events);
}
Comment on lines 40 to 45
Copy link
Copy Markdown
Collaborator

@rohanarcot rohanarcot Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add try/catch here.. it would look something like this:

  try {
    const events = await prisma.event.findMany({
      orderBy: { startAt: "asc" },
    });
    return NextResponse.json(events);
  } catch (err) {
    console.error("GET /api/admin/events:", err);
    return NextResponse.json({ error: "Failed to fetch events" }, { status: 500 });
  }

(Also have to do it for POST below.. ill leave comment)


// POST /api/admin/events (create)
export async function POST(req: Request) {
// TODO: require admin (RBAC)
const gate = await requireAmbassadorOrHigher();
if (!gate.ok) {
return NextResponse.json({ error: gate.error }, { status: gate.status });
}

const body = await req.json();

if (!body.title || !body.startAt || !body.createdByUserId) {

if (!body.title || !body.startAt) {
return NextResponse.json(
{ error: "title, startAt, createdByUserId are required" },
{ error: "title and startAt are required" },
{ status: 400 }
);
}

const startAt = new Date(body.startAt);
const endAt = body.endAt ? new Date(body.endAt) : null;

if (isNaN(startAt.getTime())) {
return NextResponse.json({ error: "Invalid startAt" }, { status: 400 });
}
if (endAt && isNaN(endAt.getTime())) {
return NextResponse.json({ error: "Invalid endAt" }, { status: 400 });
}
if (endAt && endAt < startAt) {
return NextResponse.json(
{ error: "endAt cannot be before startAt" },
Expand All @@ -38,7 +85,7 @@ export async function POST(req: Request) {
endAt,
location: body.location ?? null,
link: body.link ?? null,
createdByUserId: body.createdByUserId, // later: get from session
createdByUserId: gate.user.id, // imported from db
},
});

Expand Down
5 changes: 5 additions & 0 deletions app/api/events/route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,12 @@ import { NextResponse } from "next/server";
import { prisma } from "@/lib/prisma";

export async function GET() {
const now = new Date();

const events = await prisma.event.findMany({
where: {
startAt: { gte: now },
},
orderBy: { startAt: "asc" },
});

Expand Down
59 changes: 54 additions & 5 deletions app/events/page.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,61 @@
import React from "react";
import PublicLayout from '@/components/layout/PublicLayout';
"use client";

import { useEffect, useState } from "react";
import PublicLayout from "@/components/layout/PublicLayout";

type Event = {
id: string;
title?: string | null;
name?: string | null;
startAt: string; // ISO string coming from JSON
location?: string | null;
};

export default function EventsPage() {
const [events, setEvents] = useState<Event[] | null>(null);

useEffect(() => {
async function load() {
const res = await fetch("/api/events");
if (!res.ok) {
setEvents([]);
return;
}
const data = (await res.json()) as Event[];
setEvents(data);
}
load();
}, []);

const items = events ?? [];

return (
<PublicLayout>
<div className="max-w-4xl mx-auto px-6 py-20">
<h1 className="text-4xl font-semibold mb-6">Events</h1>
<p className="text-lg text-gray-700">No events yet — this is a placeholder page so the navbar link doesn&apos;t 404.</p>
<div className="mx-auto max-w-4xl px-6 py-12">
<h1 className="text-3xl font-semibold">Events</h1>
<p className="mt-2 text-gray-600">Upcoming events</p>

{events === null ? (
<div className="mt-8 text-gray-600">Loading…</div>
) : items.length === 0 ? (
<div className="mt-8 rounded-lg border p-6 text-gray-600">
No upcoming events right now. Check back soon.
</div>
) : (
<ul className="mt-8 space-y-4">
{items.map((e) => (
<li key={e.id} className="rounded-lg border p-4">
<div className="font-medium">
{e.title ?? e.name ?? "Untitled event"}
</div>
<div className="mt-1 text-sm text-gray-600">
{new Date(e.startAt).toLocaleString()}
{e.location ? ` • ${e.location}` : ""}
</div>
</li>
))}
</ul>
)}
</div>
</PublicLayout>
);
Expand Down