add: reject user

controllers/users.controller.js

@@ -68,6 +68,17 @@ class UserController {
     return res.status(response.statusCode).json(response);
   }
 
+  // Reject user
+  static async reject(req, res) {
+    const { id } = req.params;
+    const approverId = req.user.user_id;
+
+    const updatedUser = await UserService.rejectUser(id, approverId);
+    const response = await setResponse(updatedUser, 'User rejected successfully');
+
+    return res.status(response.statusCode).json(response);
+  }
+
   // Soft delete user
   static async delete(req, res) {
     const { id } = req.params;

db/user.db.js

@@ -132,11 +132,12 @@ const updateUserDb = async (userId, data) => {
   return getUserByIdDb(userId);
 };
 
+// Approve user
 const approveUserDb = async (userId, approverId) => {
   const queryText = `
     UPDATE m_users
     SET 
-      is_approve = 1,
+      is_approve = 2,
       approved_by = $1,
       approved_at = CURRENT_TIMESTAMP,
       updated_by = $1,
@@ -144,9 +145,24 @@ const approveUserDb = async (userId, approverId) => {
     WHERE user_id = $2 AND deleted_at IS NULL
   `;
   await pool.query(queryText, [approverId, userId]);
-  return true; // simple, cuma tanda berhasil
+  return true;
 };
 
+// Reject user
+const rejectUserDb = async (userId, approverId) => {
+  const queryText = `
+    UPDATE m_users
+    SET 
+      is_approve = 0,
+      approved_by = $1,
+      approved_at = CURRENT_TIMESTAMP,
+      updated_by = $1,
+      updated_at = CURRENT_TIMESTAMP
+    WHERE user_id = $2 AND deleted_at IS NULL
+  `;
+  await pool.query(queryText, [approverId, userId]);
+  return true;
+}
 
 // Change user password
 const changeUserPasswordDb = async (userId, newPassword) => {
@@ -182,6 +198,7 @@ module.exports = {
   createUserDb,
   updateUserDb,
   approveUserDb,
+  rejectUserDb,
   changeUserPasswordDb,
   deleteUserDb,
 };

routes/users.route.js

@@ -20,4 +20,7 @@ router.route('/change-password/:id')
 router.route('/:id/approve')
   .put(verifyToken.verifyAccessToken, verifyAccess(), UserController.approve);
 
+router.route('/:id/reject')
+  .put(verifyToken.verifyAccessToken, verifyAccess(), UserController.reject);
+
 module.exports = router;

services/user.service.js

@@ -6,6 +6,7 @@ const {
   createUserDb,
   updateUserDb,
   approveUserDb,
+  rejectUserDb,
   deleteUserDb,
   changeUserPasswordDb
 } = require('../db/user.db');
@@ -114,10 +115,14 @@ class UserService {
         throw new ErrorHandler(404, 'User not found');
       }
 
-      if (existingUser.is_approve) {
+      if (existingUser.is_approve === 2) {
         throw new ErrorHandler(400, 'User is already approved');
       }
 
+      if (existingUser.is_approve === 0) {
+        throw new ErrorHandler(400, 'User is already rejected');
+      }
+
       const updatedUser = await approveUserDb(userId, approverId);
       return updatedUser;
     } catch (error) {
@@ -125,6 +130,33 @@ class UserService {
     }
   }
 
+  // Reject user
+  static async rejectUser(userId, approverId) {
+    try {
+      if (!userId) {
+        throw new ErrorHandler(400, 'User ID is required');
+      }
+
+      const existingUser = await getUserByIdDb(userId);
+      if (!existingUser) {
+        throw new ErrorHandler(404, 'User not found');
+      }
+
+      if (existingUser.is_approve === 2) {
+        throw new ErrorHandler(400, 'User is already approved');
+      }
+
+      if (existingUser.is_approve === 0) {
+        throw new ErrorHandler(400, 'User is already rejected');
+      }
+
+      const updatedUser = await rejectUserDb(userId, approverId);
+      return updatedUser;
+    } catch (error) {
+      throw new ErrorHandler(error.statusCode || 500, error.message);
+    }
+  }
+
   // Soft delete user
   static async deleteUser(id, userId) {
     try {