feat: add user role update routes

2025-11-20 23:37:39 +00:00 · 2025-11-20 23:37:39 +00:00 · 34ca61809b
parent ded376d971
commit 34ca61809b
2 changed files with 31 additions and 4 deletions
--- a/auth-routes.lisp
+++ b/auth-routes.lisp
@ -189,3 +189,27 @@
                                                    "deactivated"
                                                    "activated")
                                                (dm:field user "username"))))))))))
+
+(define-api asteroid/user/role (user-id role) ()
+  "API endpoint for setting the access role of an user account"
+  (format t "Role of user: #~a set to ~a~%" user-id role)
+  (require-role :admin)
+  (with-error-handling
+    (let ((user (when user-id
+                   (find-user-by-id user-id)))
+          (user-role (intern (string-upcase role) :keyword)))
+
+      (unless user
+        (error 'not-found-error :message "User not found"))
+
+      ;; Change user role
+      (let ((result (update-user-role user-id user-role)))
+        (if result
+            (api-output `(("status" . "success")
+                          ("message" . ,(format nil "User '~a' is now a ~a."
+                                                (dm:field user "username")
+                                                role))))
+            (api-output `(("status" . "error")
+                          ("message" . ,(format nil "Could not set user '~a' as ~a."
+                                                (dm:field user "username")
+                                                role)))))))))
--- a/static/js/users.js
+++ b/static/js/users.js
@ -90,20 +90,23 @@ function hideUsersTable() {
 async function updateUserRole(userId, newRole) {
    try {
        const formData = new FormData();
+        formData.append('user-id', userId);
        formData.append('role', newRole);

-        const response = await fetch(`/api/asteroid/users/${userId}/role`, {
+        const response = await fetch('/api/asteroid/user/role', {
            method: 'POST',
            body: formData
        });

        const result = await response.json();
+        // Handle Radiance API data wrapping
+        const data = result.data || result;

-        if (result.status === 'success') {
+        if (data.status === 'success') {
            loadUserStats();
-            alert('User role updated successfully');
+            alert(data.message);
        } else {
-            alert('Error updating user role: ' + result.message);
+            alert('Error updating user role: ' + data.message);
        }
    } catch (error) {
        console.error('Error updating user role:', error);