import { NextRequest, NextResponse } from "next/server"; import { prisma } from "@/lib/prisma"; import { requireAuth, requireRole, getScopedEstablishmentId, forbidden } from "@/lib/api-auth"; export async function GET(req: NextRequest) { const user = await requireAuth(); if (user instanceof NextResponse) return user; const { searchParams } = new URL(req.url); const requestedId = searchParams.get("establishmentId"); const establishmentId = getScopedEstablishmentId(user, requestedId); if (establishmentId instanceof NextResponse) return establishmentId; const where = establishmentId ? { establishmentId } : {}; const classes = await prisma.class.findMany({ where, include: { _count: { select: { students: true } } }, orderBy: { createdAt: "desc" }, }); return NextResponse.json(classes); } export async function POST(req: NextRequest) { const user = await requireAuth(); if (user instanceof NextResponse) return user; const denied = requireRole(user, "superadmin", "admin"); if (denied) return denied; const body = await req.json(); const requestedId = body.establishmentId; const establishmentId = getScopedEstablishmentId(user, requestedId); if (establishmentId instanceof NextResponse) return establishmentId; if (!establishmentId) return forbidden(); const { name, level } = body; const cls = await prisma.class.create({ data: { establishmentId, name, level }, }); return NextResponse.json(cls, { status: 201 }); }