76 lines
2.5 KiB
TypeScript
76 lines
2.5 KiB
TypeScript
'use server';
|
|
|
|
import { z } from "zod";
|
|
import { prisma } from "@/lib/prisma";
|
|
import { hashPassword } from "@/lib/auth";
|
|
import { getServerSession } from "next-auth/next";
|
|
import { authOptions } from "@/lib/auth-config";
|
|
import { redirect } from "next/navigation";
|
|
import { revalidatePath } from "next/cache";
|
|
|
|
const createUserSchema = z.object({
|
|
email: z.string().email("Email invalide"),
|
|
password: z.string().min(8, "Le mot de passe doit faire au moins 8 caractères"),
|
|
role: z.enum(["admin", "teacher"], { message: "Rôle invalide" }),
|
|
establishmentId: z.string().optional().nullable(),
|
|
});
|
|
|
|
export async function createUser(formData: FormData) {
|
|
const session = await getServerSession(authOptions);
|
|
if (!session?.user) throw new Error("Non authentifié");
|
|
|
|
const isSuperadmin = session.user.role === "superadmin";
|
|
if (!isSuperadmin && session.user.role !== "admin") throw new Error("Accès interdit");
|
|
|
|
const raw = Object.fromEntries(formData);
|
|
const parsed = createUserSchema.safeParse(raw);
|
|
if (!parsed.success) {
|
|
throw new Error(parsed.error.issues.map((e: any) => e.message).join(", "));
|
|
}
|
|
|
|
const { email, password, role, establishmentId } = parsed.data;
|
|
|
|
const finalEstablishmentId = isSuperadmin
|
|
? (establishmentId || null)
|
|
: session.user.establishmentId;
|
|
|
|
const existing = await prisma.user.findUnique({ where: { email } });
|
|
if (existing) throw new Error("Cet email est déjà utilisé");
|
|
|
|
const hashed = await hashPassword(password);
|
|
|
|
await prisma.user.create({
|
|
data: {
|
|
email,
|
|
password: hashed,
|
|
role,
|
|
establishmentId: finalEstablishmentId,
|
|
},
|
|
});
|
|
|
|
revalidatePath("/dashboard/users");
|
|
redirect("/dashboard/users");
|
|
}
|
|
|
|
export async function deleteUser(userId: string) {
|
|
const session = await getServerSession(authOptions);
|
|
if (!session?.user) throw new Error("Non authentifié");
|
|
|
|
const isSuperadmin = session.user.role === "superadmin";
|
|
if (!isSuperadmin && session.user.role !== "admin") throw new Error("Accès interdit");
|
|
|
|
if (userId === session.user.id) throw new Error("Vous ne pouvez pas supprimer votre propre compte");
|
|
|
|
const user = await prisma.user.findUnique({ where: { id: userId } });
|
|
if (!user) throw new Error("Utilisateur introuvable");
|
|
|
|
if (!isSuperadmin && user.establishmentId !== session.user.establishmentId) {
|
|
throw new Error("Accès interdit");
|
|
}
|
|
|
|
await prisma.user.delete({ where: { id: userId } });
|
|
|
|
revalidatePath("/dashboard/users");
|
|
redirect("/dashboard/users");
|
|
}
|