import express from 'express'; import bcrypt from 'bcryptjs'; import { PrismaClient } from '@prisma/client'; import { auth } from '../middleware/auth.js'; const router = express.Router(); const prisma = new PrismaClient(); // Get all users (admin only) router.get('/', auth, async (req, res) => { try { if (!req.user.isAdmin) { return res.status(403).json({ error: 'Admin access required' }); } const users = await prisma.user.findMany({ select: { id: true, email: true, displayName: true, permissions: true, isAdmin: true } }); res.json(users); } catch (error) { res.status(500).json({ error: 'Server error' }); } }); // Update user permissions (admin only) router.put('/:id/permissions', auth, async (req, res) => { try { if (!req.user.isAdmin) { return res.status(403).json({ error: 'Admin access required' }); } const { id } = req.params; const { permissions } = req.body; const user = await prisma.user.update({ where: { id }, data: { permissions }, select: { id: true, email: true, displayName: true, permissions: true, isAdmin: true } }); res.json(user); } catch (error) { res.status(500).json({ error: 'Server error' }); } }); // Create new user (admin only) router.post('/', auth, async (req, res) => { try { if (!req.user.isAdmin) { return res.status(403).json({ error: 'Admin access required' }); } const { email, password, displayName, permissions } = req.body; const hashedPassword = await bcrypt.hash(password, 10); const user = await prisma.user.create({ data: { email, password: hashedPassword, displayName, permissions }, select: { id: true, email: true, displayName: true, permissions: true, isAdmin: true } }); res.status(201).json(user); } catch (error) { res.status(500).json({ error: 'Server error' }); } }); export default router;