Press n or j to go to the next uncovered block, b, p or k for the previous block.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 | 1x 1x 1x 1x 2x 2x 1x 1x 1x 1x 1x 1x 1x 1x 5x 5x 1x 4x 4x 4x 4x 1x 3x 3x 2x 3x 1x 2x 1x 1x 1x 1x | /**
* Admin Super Admins API - List and Create Super Admins
* @see JCN-4 Phase 7: Wire E2E Tests to Real Backend
* @see JCN-23 Authorization fix
*/
import { NextRequest, NextResponse } from "next/server";
import {
listSuperAdmins,
getUser,
grantSuperAdmin,
searchUsersByEmail,
} from "@/lib/cognito-admin";
import { requireSuperAdmin, forbiddenResponse } from "@/lib/amplify-server-utils";
/**
* GET /api/admin/super-admins
* List all users with platform_role = 'super_admin'
* Requires: super_admin role
*/
export async function GET(request: NextRequest) {
// Authorization check
const auth = await requireSuperAdmin();
if (!auth.authorized) {
return forbiddenResponse(auth.error);
}
try {
const searchParams = request.nextUrl.searchParams;
const limit = parseInt(searchParams.get("limit") || "60", 10);
const token = searchParams.get("token") || undefined;
const result = await listSuperAdmins({ limit, paginationToken: token });
return NextResponse.json({
users: result.users,
total: result.users.length,
nextToken: result.paginationToken,
});
} catch (error) {
console.error("Error listing super admins:", error);
return NextResponse.json(
{ error: "Failed to list super admins", details: (error as Error).message },
{ status: 500 }
);
}
}
/**
* POST /api/admin/super-admins
* Grant super admin role to a user
* Requires: super_admin role
*
* Body: { email: string }
*/
export async function POST(request: NextRequest) {
// Authorization check
const auth = await requireSuperAdmin();
if (!auth.authorized) {
return forbiddenResponse(auth.error);
}
try {
const body = await request.json();
const { email } = body;
if (!email) {
return NextResponse.json(
{ error: "Email is required" },
{ status: 400 }
);
}
// Find user by email
const users = await searchUsersByEmail(email);
const user = users.find(
(u) => u.email.toLowerCase() === email.toLowerCase()
);
if (!user) {
return NextResponse.json(
{ error: "User not found with that email" },
{ status: 404 }
);
}
if (user.platformRole === "super_admin") {
return NextResponse.json(
{ error: "User is already a super admin" },
{ status: 400 }
);
}
// Grant super admin role
await grantSuperAdmin(user.id);
// Return updated user
const updatedUser = await getUser(user.id);
return NextResponse.json({
success: true,
message: "Super admin role granted",
user: updatedUser,
});
} catch (error) {
console.error("Error granting super admin:", error);
return NextResponse.json(
{ error: "Failed to grant super admin role", details: (error as Error).message },
{ status: 500 }
);
}
}
|