feat: add CRUD forms with Server Actions for establishments, users, classes, students
This commit is contained in:
@@ -0,0 +1,75 @@
|
||||
'use server';
|
||||
|
||||
import { z } from "zod";
|
||||
import { prisma } from "@/lib/prisma";
|
||||
import { hashPassword } from "@/lib/auth";
|
||||
import { getServerSession } from "next-auth/next";
|
||||
import { authOptions } from "@/lib/auth-config";
|
||||
import { redirect } from "next/navigation";
|
||||
import { revalidatePath } from "next/cache";
|
||||
|
||||
const createUserSchema = z.object({
|
||||
email: z.string().email("Email invalide"),
|
||||
password: z.string().min(8, "Le mot de passe doit faire au moins 8 caractères"),
|
||||
role: z.enum(["admin", "teacher"], { message: "Rôle invalide" }),
|
||||
establishmentId: z.string().optional().nullable(),
|
||||
});
|
||||
|
||||
export async function createUser(formData: FormData) {
|
||||
const session = await getServerSession(authOptions);
|
||||
if (!session?.user) throw new Error("Non authentifié");
|
||||
|
||||
const isSuperadmin = session.user.role === "superadmin";
|
||||
if (!isSuperadmin && session.user.role !== "admin") throw new Error("Accès interdit");
|
||||
|
||||
const raw = Object.fromEntries(formData);
|
||||
const parsed = createUserSchema.safeParse(raw);
|
||||
if (!parsed.success) {
|
||||
throw new Error(parsed.error.issues.map((e: any) => e.message).join(", "));
|
||||
}
|
||||
|
||||
const { email, password, role, establishmentId } = parsed.data;
|
||||
|
||||
const finalEstablishmentId = isSuperadmin
|
||||
? (establishmentId || null)
|
||||
: session.user.establishmentId;
|
||||
|
||||
const existing = await prisma.user.findUnique({ where: { email } });
|
||||
if (existing) throw new Error("Cet email est déjà utilisé");
|
||||
|
||||
const hashed = await hashPassword(password);
|
||||
|
||||
await prisma.user.create({
|
||||
data: {
|
||||
email,
|
||||
password: hashed,
|
||||
role,
|
||||
establishmentId: finalEstablishmentId,
|
||||
},
|
||||
});
|
||||
|
||||
revalidatePath("/dashboard/users");
|
||||
redirect("/dashboard/users");
|
||||
}
|
||||
|
||||
export async function deleteUser(userId: string) {
|
||||
const session = await getServerSession(authOptions);
|
||||
if (!session?.user) throw new Error("Non authentifié");
|
||||
|
||||
const isSuperadmin = session.user.role === "superadmin";
|
||||
if (!isSuperadmin && session.user.role !== "admin") throw new Error("Accès interdit");
|
||||
|
||||
if (userId === session.user.id) throw new Error("Vous ne pouvez pas supprimer votre propre compte");
|
||||
|
||||
const user = await prisma.user.findUnique({ where: { id: userId } });
|
||||
if (!user) throw new Error("Utilisateur introuvable");
|
||||
|
||||
if (!isSuperadmin && user.establishmentId !== session.user.establishmentId) {
|
||||
throw new Error("Accès interdit");
|
||||
}
|
||||
|
||||
await prisma.user.delete({ where: { id: userId } });
|
||||
|
||||
revalidatePath("/dashboard/users");
|
||||
redirect("/dashboard/users");
|
||||
}
|
||||
Reference in New Issue
Block a user