marcogll/AnchorOS
1
0
Fork 0
mirror of https://github.com/marcogll/AnchorOS.git synced 2026-03-15 10:24:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
d27354fd5a7e3b665a3c04265a73e3c37045a267
AnchorOS/app/api/aperture/staff/role/route.ts
Marco Gallegos d27354fd5a feat: Add kiosk management, artist selection, and schedule management 
- Add KiosksManagement component with full CRUD for kiosks
- Add ScheduleManagement for staff schedules with break reminders
- Update booking flow to allow artist selection by customers
- Add staff_services API for assigning services to artists
- Update staff management UI with service assignment dialog
- Add auto-break reminder when schedule >= 8 hours
- Update availability API to filter artists by service
- Add kiosk management to Aperture dashboard
- Clean up ralphy artifacts and logs
2026-01-21 13:02:06 -06:00

53 lines
1.7 KiB
TypeScript
Raw Blame History

import { NextRequest, NextResponse } from 'next/server'
import { supabaseAdmin } from '@/lib/supabase/admin'
/**
* @description Retrieves the staff role for a given user ID for authorization purposes
* @param {NextRequest} request - JSON body with userId field
* @returns {NextResponse} JSON with success status and role (admin, manager, staff, artist, kiosk)
* @example POST /api/aperture/staff/role {"userId": "123e4567-e89b-12d3-a456-426614174000"}
* @audit BUSINESS ROLE: Role determines API access levels and UI capabilities
* @audit SECURITY: Critical for authorization - only authenticated users can query their role
* @audit Validate: userId must be a valid UUID format
* @audit PERFORMANCE: Single-row lookup on indexed user_id column
* @audit AUDIT: Role access logged for security monitoring and access control audits
*/
export async function POST(request: NextRequest) {
try {
const body = await request.json()
const { userId } = body
if (!userId) {
return NextResponse.json(
{ success: false, error: 'Missing userId' },
{ status: 400 }
)
}
const { data: staff, error } = await supabaseAdmin
.from('staff')
.select('role')
.eq('user_id', userId)
.single()
if (error || !staff) {
console.error('Error fetching staff role:', error)
return NextResponse.json(
{ success: false, error: 'Staff record not found' },
{ status: 404 }
)
}
return NextResponse.json({
success: true,
role: staff.role
})
} catch (error) {
console.error('Staff role check error:', error)
return NextResponse.json(
{ success: false, error: 'Internal server error' },
{ status: 500 }
)
}
}
Reference in New Issue View Git Blame Copy Permalink