41 lines
1.4 KiB
TypeScript
41 lines
1.4 KiB
TypeScript
import { NextResponse } from "next/server";
|
|
import { getSessionUser } from "@/lib/session";
|
|
import { listSkillActivationRequestsForTenant } from "@/lib/db";
|
|
import { canUserSeeTenant } from "@/lib/visibility";
|
|
import { getTenant } from "@/lib/k8s";
|
|
|
|
/**
|
|
* GET /api/skills/requests?tenant=<name>
|
|
*
|
|
* Returns pending and most-recent-rejected skill activation
|
|
* requests for the named tenant. Used by the tenant settings page
|
|
* to render the "Manual review pending" or "Activation rejected"
|
|
* inline states on PackageCard.
|
|
*
|
|
* Authorization: the caller must be able to see the tenant (owner
|
|
* of its org, assigned user, or platform admin).
|
|
*/
|
|
export async function GET(request: Request) {
|
|
const user = await getSessionUser();
|
|
if (!user) {
|
|
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
|
|
}
|
|
const { searchParams } = new URL(request.url);
|
|
const tenantName = searchParams.get("tenant");
|
|
if (!tenantName) {
|
|
return NextResponse.json(
|
|
{ error: "Missing tenant parameter" },
|
|
{ status: 400 }
|
|
);
|
|
}
|
|
const tenant = await getTenant(tenantName).catch(() => null);
|
|
if (!tenant) {
|
|
return NextResponse.json({ error: "Not found" }, { status: 404 });
|
|
}
|
|
if (!canUserSeeTenant(user, tenant)) {
|
|
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
|
|
}
|
|
const requests = await listSkillActivationRequestsForTenant(tenantName);
|
|
return NextResponse.json(requests);
|
|
}
|