Press n or j to go to the next uncovered block, b, p or k for the previous block.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 | 1x 1x 1x 1x 4x 4x 1x 3x 3x 3x 3x 1x 2x 1x 1x 1x 1x | /**
* Admin Super Admin API - Revoke Super Admin Role
* @see JCN-4 Phase 7: Wire E2E Tests to Real Backend
* @see JCN-23 Authorization fix
*/
import { NextRequest, NextResponse } from "next/server";
import { getUser, revokeSuperAdmin } from "@/lib/cognito-admin";
import { requireSuperAdmin, forbiddenResponse } from "@/lib/amplify-server-utils";
interface RouteContext {
params: Promise<{ id: string }>;
}
/**
* DELETE /api/admin/super-admins/[id]
* Revoke super admin role from a user
* Requires: super_admin role
*/
export async function DELETE(request: NextRequest, context: RouteContext) {
// Authorization check
const auth = await requireSuperAdmin();
if (!auth.authorized) {
return forbiddenResponse(auth.error);
}
try {
const { id } = await context.params;
// Check if user exists
const user = await getUser(id);
if (!user) {
return NextResponse.json({ error: "User not found" }, { status: 404 });
}
if (user.platformRole !== "super_admin") {
return NextResponse.json(
{ error: "User is not a super admin" },
{ status: 400 }
);
}
await revokeSuperAdmin(id);
// Return updated user
const updatedUser = await getUser(id);
return NextResponse.json({
success: true,
message: "Super admin role revoked",
user: updatedUser,
});
} catch (error) {
console.error("Error revoking super admin:", error);
return NextResponse.json(
{ error: "Failed to revoke super admin role", details: (error as Error).message },
{ status: 500 }
);
}
}
|