MCPcopy
hub / github.com/umami-software/umami / POST

Function POST

src/app/api/users/[userId]/route.ts:27–81  ·  view source on GitHub ↗
(request: Request, { params }: { params: Promise<{ userId: string }> })

Source from the content-addressed store, hash-verified

25}
26
27export async function POST(request: Request, { params }: { params: Promise<{ userId: string }> }) {
28 const schema = z.object({
29 username: z.string().max(255).optional(),
30 password: z.string().min(8).max(255).optional(),
31 role: userRoleParam.optional(),
32 });
33
34 const { auth, body, error } = await parseRequest(request, schema);
35
36 if (error) {
37 return error();
38 }
39
40 const { userId } = await params;
41
42 if (!(await canUpdateUser(auth, userId))) {
43 return unauthorized();
44 }
45
46 const { username, password, role } = body;
47
48 const user = await getUser(userId);
49
50 if (!user) {
51 return notFound();
52 }
53
54 const data: any = {};
55
56 if (password) {
57 data.password = hashPassword(password);
58 }
59
60 // Only admin can change these fields
61 if (role && auth.user.isAdmin) {
62 data.role = role;
63 }
64
65 if (username && auth.user.isAdmin) {
66 data.username = username.toLowerCase();
67 }
68
69 // Check when username changes
70 if (data.username && user.username !== data.username) {
71 const existingUser = await getUserByUsername(data.username);
72
73 if (existingUser && existingUser.id !== userId) {
74 return badRequest({ message: 'User already exists' });
75 }
76 }
77
78 const updated = await updateUser(userId, data);
79
80 return json(updated);
81}
82
83export async function DELETE(
84 request: Request,

Callers

nothing calls this directly

Calls 11

parseRequestFunction · 0.90
canUpdateUserFunction · 0.90
unauthorizedFunction · 0.90
getUserFunction · 0.90
notFoundFunction · 0.90
hashPasswordFunction · 0.90
getUserByUsernameFunction · 0.90
badRequestFunction · 0.90
updateUserFunction · 0.90
jsonFunction · 0.90
errorFunction · 0.85

Tested by

no test coverage detected