From 34ca61809bb487e144231430a6f6f2f68937dc11 Mon Sep 17 00:00:00 2001
From: Luis Pereira <luispereira.tkd@gmail.com>
Date: Thu, 20 Nov 2025 23:37:39 +0000
Subject: [PATCH] feat: add user role update routes

---
 auth-routes.lisp   | 24 ++++++++++++++++++++++++
 static/js/users.js | 11 +++++++----
 2 files changed, 31 insertions(+), 4 deletions(-)

diff --git a/auth-routes.lisp b/auth-routes.lisp
index 2043cac..362779f 100644
--- a/auth-routes.lisp
+++ b/auth-routes.lisp
@@ -189,3 +189,27 @@
                                                     "deactivated"
                                                     "activated")
                                                 (dm:field user "username"))))))))))
+
+(define-api asteroid/user/role (user-id role) ()
+  "API endpoint for setting the access role of an user account"
+  (format t "Role of user: #~a set to ~a~%" user-id role)
+  (require-role :admin)
+  (with-error-handling
+    (let ((user (when user-id
+                   (find-user-by-id user-id)))
+          (user-role (intern (string-upcase role) :keyword)))
+
+      (unless user
+        (error 'not-found-error :message "User not found"))
+
+      ;; Change user role
+      (let ((result (update-user-role user-id user-role)))
+        (if result
+            (api-output `(("status" . "success")
+                          ("message" . ,(format nil "User '~a' is now a ~a."
+                                                (dm:field user "username")
+                                                role))))
+            (api-output `(("status" . "error")
+                          ("message" . ,(format nil "Could not set user '~a' as ~a."
+                                                (dm:field user "username")
+                                                role)))))))))
diff --git a/static/js/users.js b/static/js/users.js
index c1adabc..1bf3012 100644
--- a/static/js/users.js
+++ b/static/js/users.js
@@ -90,20 +90,23 @@ function hideUsersTable() {
 async function updateUserRole(userId, newRole) {
     try {
         const formData = new FormData();
+        formData.append('user-id', userId);
         formData.append('role', newRole);
 
-        const response = await fetch(`/api/asteroid/users/${userId}/role`, {
+        const response = await fetch('/api/asteroid/user/role', {
             method: 'POST',
             body: formData
         });
 
         const result = await response.json();
+        // Handle Radiance API data wrapping
+        const data = result.data || result;
 
-        if (result.status === 'success') {
+        if (data.status === 'success') {
             loadUserStats();
-            alert('User role updated successfully');
+            alert(data.message);
         } else {
-            alert('Error updating user role: ' + result.message);
+            alert('Error updating user role: ' + data.message);
         }
     } catch (error) {
         console.error('Error updating user role:', error);