42 lines
1.1 KiB
JavaScript
42 lines
1.1 KiB
JavaScript
import Member from '../../../../models/member.js'
|
|
import { connectDB } from '../../../../utils/mongoose.js'
|
|
import { validateBody } from '../../../../utils/validateBody.js'
|
|
import { adminRoleUpdateSchema } from '../../../../utils/schemas.js'
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
const admin = await requireAdmin(event)
|
|
await connectDB()
|
|
|
|
const { role } = await validateBody(event, adminRoleUpdateSchema)
|
|
const memberId = getRouterParam(event, 'id')
|
|
|
|
// Prevent self-demotion
|
|
if (admin._id.toString() === memberId && role !== 'admin') {
|
|
throw createError({
|
|
statusCode: 400,
|
|
statusMessage: 'You cannot remove your own admin role.'
|
|
})
|
|
}
|
|
|
|
const existing = await Member.findById(memberId)
|
|
if (!existing) {
|
|
throw createError({
|
|
statusCode: 404,
|
|
statusMessage: 'Member not found.'
|
|
})
|
|
}
|
|
|
|
const oldRole = existing.role
|
|
const member = await Member.findByIdAndUpdate(
|
|
memberId,
|
|
{ role },
|
|
{ new: true }
|
|
)
|
|
|
|
logActivity(memberId, 'role_changed', {
|
|
from: oldRole,
|
|
to: role
|
|
}, { performedBy: admin._id })
|
|
|
|
return { success: true, member }
|
|
})
|