Hugging Face's logo

engresearch
/
tenderhub-webai-verification

document-processing
tender-analysis
verification
multimodal-ai
Model card Files
xet
 Community
tenderhub-webai-verification / apps /web /src /app /api /admin /users /toggle-superuser /route.ts
engresearch's picture
engresearch
Upload folder using huggingface_hub
7f88bdf verified
raw
history blame contribute delete
2.21 kB
import { createServerClient } from "@supabase/ssr";
import { cookies } from "next/headers";
import { NextResponse } from "next/server";
async function checkAdminAccess(supabase: ReturnType<typeof createServerClient>) {
 const { data: { user } } = await supabase.auth.getUser();
 if (!user) return false;
const { data: member } = await supabase
 .from("members")
 .select("is_superuser")
 .eq("user_id", user.id)
 .single();
return member?.is_superuser === true;
}
export async function POST(request: Request) {
 const cookieStore = await cookies();
const supabase = createServerClient(
 process.env.NEXT_PUBLIC_SUPABASE_URL!,
 process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
 {
 cookies: {
 getAll() {
 return cookieStore.getAll();
 },
 setAll() {},
 },
 }
 );
const isAdmin = await checkAdminAccess(supabase);
 if (!isAdmin) {
 return NextResponse.json({ ok: false, error: "Forbidden" }, { status: 403 });
 }
try {
 const { userId, isSuperuser } = await request.json();
if (!userId || typeof isSuperuser !== "boolean") {
 return NextResponse.json(
 { ok: false, error: "Missing required fields" },
 { status: 400 }
 );
 }
// Get current admin user for audit log
 const { data: { user: adminUser } } = await supabase.auth.getUser();
// Update the member
 const { error: updateError } = await supabase
 .from("members")
 .update({ is_superuser: isSuperuser })
 .eq("user_id", userId);
if (updateError) {
 return NextResponse.json(
 { ok: false, error: updateError.message },
 { status: 500 }
 );
 }
// Log the action
 await supabase.from("admin_audit_log").insert({
 admin_user_id: adminUser!.id,
 action: isSuperuser ? "GRANT_SUPERUSER" : "REVOKE_SUPERUSER",
 resource_type: "user",
 resource_id: userId,
 metadata: { previousValue: !isSuperuser, newValue: isSuperuser },
 });
return NextResponse.json({ ok: true, data: { userId, isSuperuser } });
 } catch (error) {
 return NextResponse.json(
 { ok: false, error: "Failed to update user" },
 { status: 500 }
 );
 }
}