Phase2.5: Skill SetUp Process
All checks were successful
Build and Push / build (push) Successful in 1m39s
All checks were successful
Build and Push / build (push) Successful in 1m39s
This commit is contained in:
23
src/app/api/skills/pricing/route.ts
Normal file
23
src/app/api/skills/pricing/route.ts
Normal file
@@ -0,0 +1,23 @@
|
||||
import { NextResponse } from "next/server";
|
||||
import { getSessionUser } from "@/lib/session";
|
||||
import { listSkillPricing } from "@/lib/db";
|
||||
|
||||
/**
|
||||
* GET /api/skills/pricing
|
||||
*
|
||||
* Returns the platform-wide skill pricing (daily price + setup fee
|
||||
* per skill) for display in the customer's cost-disclosure dialog
|
||||
* before they enable a priced skill. Any logged-in user can read
|
||||
* this — pricing isn't org-specific and is effectively public
|
||||
* information for anyone who'd be considering activation.
|
||||
*
|
||||
* Empty array means no skill is currently priced.
|
||||
*/
|
||||
export async function GET() {
|
||||
const user = await getSessionUser();
|
||||
if (!user) {
|
||||
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
|
||||
}
|
||||
const rows = await listSkillPricing();
|
||||
return NextResponse.json(rows);
|
||||
}
|
||||
54
src/app/api/skills/requests/[id]/withdraw/route.ts
Normal file
54
src/app/api/skills/requests/[id]/withdraw/route.ts
Normal file
@@ -0,0 +1,54 @@
|
||||
import { NextResponse } from "next/server";
|
||||
import { getSessionUser } from "@/lib/session";
|
||||
import {
|
||||
getSkillActivationRequestById,
|
||||
updateSkillActivationRequestStatus,
|
||||
} from "@/lib/db";
|
||||
|
||||
/**
|
||||
* POST /api/skills/requests/[id]/withdraw
|
||||
*
|
||||
* The owner of a pending activation request can cancel it. This
|
||||
* doesn't touch K8s (the skill was never enabled) — it just flips
|
||||
* the row to 'withdrawn' so the user's UI clears the pending
|
||||
* state and they can try a different skill or retry later.
|
||||
*
|
||||
* Authorization: only the original requester OR a platform admin
|
||||
* can withdraw a request. We deliberately don't allow other org
|
||||
* members to cancel each other's requests in v1 — the partial
|
||||
* unique index would let one user repeatedly cancel another's
|
||||
* pending request.
|
||||
*/
|
||||
export async function POST(
|
||||
_request: Request,
|
||||
{ params }: { params: Promise<{ id: string }> }
|
||||
) {
|
||||
const user = await getSessionUser();
|
||||
if (!user) {
|
||||
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
|
||||
}
|
||||
const { id } = await params;
|
||||
const req = await getSkillActivationRequestById(id);
|
||||
if (!req) {
|
||||
return NextResponse.json({ error: "Request not found" }, { status: 404 });
|
||||
}
|
||||
if (!user.isPlatform && req.zitadelUserId !== user.id) {
|
||||
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
|
||||
}
|
||||
if (req.status !== "pending") {
|
||||
return NextResponse.json(
|
||||
{ error: `Request is already ${req.status}` },
|
||||
{ status: 409 }
|
||||
);
|
||||
}
|
||||
const updated = await updateSkillActivationRequestStatus(id, "withdrawn", {
|
||||
reviewedBy: user.id,
|
||||
});
|
||||
if (!updated) {
|
||||
return NextResponse.json(
|
||||
{ error: "Request status changed during withdraw." },
|
||||
{ status: 409 }
|
||||
);
|
||||
}
|
||||
return NextResponse.json(updated);
|
||||
}
|
||||
40
src/app/api/skills/requests/route.ts
Normal file
40
src/app/api/skills/requests/route.ts
Normal file
@@ -0,0 +1,40 @@
|
||||
import { NextResponse } from "next/server";
|
||||
import { getSessionUser } from "@/lib/session";
|
||||
import { listSkillActivationRequestsForTenant } from "@/lib/db";
|
||||
import { canUserSeeTenant } from "@/lib/visibility";
|
||||
import { getTenant } from "@/lib/k8s";
|
||||
|
||||
/**
|
||||
* GET /api/skills/requests?tenant=<name>
|
||||
*
|
||||
* Returns pending and most-recent-rejected skill activation
|
||||
* requests for the named tenant. Used by the tenant settings page
|
||||
* to render the "Manual review pending" or "Activation rejected"
|
||||
* inline states on PackageCard.
|
||||
*
|
||||
* Authorization: the caller must be able to see the tenant (owner
|
||||
* of its org, assigned user, or platform admin).
|
||||
*/
|
||||
export async function GET(request: Request) {
|
||||
const user = await getSessionUser();
|
||||
if (!user) {
|
||||
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
|
||||
}
|
||||
const { searchParams } = new URL(request.url);
|
||||
const tenantName = searchParams.get("tenant");
|
||||
if (!tenantName) {
|
||||
return NextResponse.json(
|
||||
{ error: "Missing tenant parameter" },
|
||||
{ status: 400 }
|
||||
);
|
||||
}
|
||||
const tenant = await getTenant(tenantName).catch(() => null);
|
||||
if (!tenant) {
|
||||
return NextResponse.json({ error: "Not found" }, { status: 404 });
|
||||
}
|
||||
if (!canUserSeeTenant(user, tenant)) {
|
||||
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
|
||||
}
|
||||
const requests = await listSkillActivationRequestsForTenant(tenantName);
|
||||
return NextResponse.json(requests);
|
||||
}
|
||||
Reference in New Issue
Block a user