diff --git a/16. `docs/api.md b/16. `docs/api.md index 1359335..8f92f60 100644 --- a/16. `docs/api.md +++ b/16. `docs/api.md @@ -11,6 +11,20 @@ ### POST /api/logout - **Description**: Logout the user and revoke the token. - **Response**: JSON object with a success message. +## Admin Management + +### GET /api/admin/users +- **Description**: Get a list of users (restricted to member users). +- **Response**: JSON object with a list of users. + +### POST /api/admin/users/{user}/activate +- **Description**: Activate a user (restricted to member users). +- **Response**: JSON object with a success message. + +### POST /api/admin/users/{user}/deactivate +- **Description**: Deactivate a user (restricted to member users). +- **Response**: JSON object with a success message. + ## Frontend API ### GET /api/frontend diff --git a/app/Http/Middleware/CheckRole.php b/app/Http/Middleware/CheckRole.php new file mode 100644 index 0000000..0eb051e --- /dev/null +++ b/app/Http/Middleware/CheckRole.php @@ -0,0 +1,16 @@ +namespace App\Http\Middleware; + +use Closure; +use Illuminate\Http\Request; + +class CheckRole +{ + public function handle(Request $request, Closure $next, $role) + { + if ($request->user()->role !== $role) { + return response()->json(['error' => 'Unauthorized'], 403); + } + + return $next($request); + } +} diff --git a/database/migrations/xxxx_xx_xx_add_role_to_users_table.php b/database/migrations/xxxx_xx_xx_add_role_to_users_table.php new file mode 100644 index 0000000..1214199 --- /dev/null +++ b/database/migrations/xxxx_xx_xx_add_role_to_users_table.php @@ -0,0 +1,20 @@ +use Illuminate\Database\Migrations\Migration; +use Illuminate\Database\Schema\Blueprint; +use Illuminate\Support\Facades\Schema; + +class AddRoleToUsersTable extends Migration +{ + public function up() + { + Schema::table('users', function (Blueprint $table) { + $table->string('role')->default('member'); + }); + } + + public function down() + { + Schema::table('users', function (Blueprint $table) { + $table->dropColumn('role'); + }); + } +}