admins
f2946db57a
Implements GET/POST /api/questions, GET /api/questions/[id] with read tracking, POST /api/questions/[id]/messages with email notifications, PATCH /api/questions/[id]/close for staff, and POST /api/student/question-upload for file attachments. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
32 lines
1.1 KiB
TypeScript
32 lines
1.1 KiB
TypeScript
import { NextRequest, NextResponse } from "next/server";
|
|
import { headers } from "next/headers";
|
|
import { auth } from "@/lib/auth";
|
|
import { prisma } from "@/lib/prisma";
|
|
|
|
export async function PATCH(
|
|
_req: NextRequest,
|
|
{ params }: { params: Promise<{ id: string }> }
|
|
) {
|
|
const session = await auth.api.getSession({ headers: await headers() });
|
|
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
|
|
|
|
if (session.user.role !== "admin" && session.user.role !== "curator") {
|
|
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
|
|
}
|
|
|
|
const { id } = await params;
|
|
|
|
const question = await prisma.studentQuestion.findUnique({ where: { id } });
|
|
if (!question) return NextResponse.json({ error: "Not found" }, { status: 404 });
|
|
if (question.status === "CLOSED") {
|
|
return NextResponse.json({ error: "Already closed" }, { status: 400 });
|
|
}
|
|
|
|
const updated = await prisma.studentQuestion.update({
|
|
where: { id },
|
|
data: { status: "CLOSED", closedAt: new Date(), closedById: session.user.id },
|
|
});
|
|
|
|
return NextResponse.json(updated);
|
|
}
|