clean up teams api messaging and permissions

src/app/api/teams/[teamId]/route.ts

@@ -41,7 +41,7 @@ export async function POST(request: Request, { params }: { params: Promise<{ tea
   const { teamId } = await params;
 
   if (!(await canUpdateTeam(auth, teamId))) {
-    return unauthorized({ message: 'You must be the owner of this team.' });
+    return unauthorized({ message: 'You must be the owner/manager of this team.' });
   }
 
   const team = await updateTeam(teamId, body);
@@ -62,7 +62,7 @@ export async function DELETE(
   const { teamId } = await params;
 
   if (!(await canDeleteTeam(auth, teamId))) {
-    return unauthorized({ message: 'You must be the owner of this team.' });
+    return unauthorized({ message: 'You must be the owner/manager of this team.' });
   }
 
   await deleteTeam(teamId);

src/app/api/teams/[teamId]/users/[userId]/route.ts

@@ -17,7 +17,7 @@ export async function GET(
   const { teamId, userId } = await params;
 
   if (!(await canUpdateTeam(auth, teamId))) {
-    return unauthorized({ message: 'You must be the owner of this team.' });
+    return unauthorized({ message: 'You must be the owner/manager of this team.' });
   }
 
   const teamUser = await getTeamUser(teamId, userId);
@@ -42,7 +42,7 @@ export async function POST(
   const { teamId, userId } = await params;
 
   if (!(await canUpdateTeam(auth, teamId))) {
-    return unauthorized({ message: 'You must be the owner of this team.' });
+    return unauthorized({ message: 'You must be the owner/manager of this team.' });
   }
 
   const teamUser = await getTeamUser(teamId, userId);
@@ -69,7 +69,7 @@ export async function DELETE(
   const { teamId, userId } = await params;
 
   if (!(await canDeleteTeamUser(auth, teamId, userId))) {
-    return unauthorized({ message: 'You must be the owner of this team.' });
+    return unauthorized({ message: 'You must be the owner/manager of this team.' });
   }
 
   const teamUser = await getTeamUser(teamId, userId);

src/app/api/teams/[teamId]/users/route.ts

@@ -1,9 +1,9 @@
-import { z } from 'zod';
-import { unauthorized, json, badRequest } from '@/lib/response';
-import { canAddUserToTeam, canViewTeam } from '@/permissions';
 import { getQueryFilters, parseRequest } from '@/lib/request';
-import { pagingParams, teamRoleParam, searchParams } from '@/lib/schema';
+import { badRequest, json, unauthorized } from '@/lib/response';
+import { pagingParams, searchParams, teamRoleParam } from '@/lib/schema';
+import { canUpdateTeam, canViewTeam } from '@/permissions';
 import { createTeamUser, getTeamUser, getTeamUsers } from '@/queries/prisma';
+import { z } from 'zod';
 
 export async function GET(request: Request, { params }: { params: Promise<{ teamId: string }> }) {
   const schema = z.object({
@@ -20,7 +20,7 @@ export async function GET(request: Request, { params }: { params: Promise<{ team
   const { teamId } = await params;
 
   if (!(await canViewTeam(auth, teamId))) {
-    return unauthorized({ message: 'You must be the owner of this team.' });
+    return unauthorized({ message: 'You must be a member of this team.' });
   }
 
   const filters = await getQueryFilters(query);
@@ -65,8 +65,8 @@ export async function POST(request: Request, { params }: { params: Promise<{ tea
 
   const { teamId } = await params;
 
-  if (!(await canAddUserToTeam(auth))) {
-    return unauthorized();
+  if (!(await canUpdateTeam(auth, teamId))) {
+    return unauthorized({ message: 'You must be the owner/manager of this team.' });
   }
 
   const { userId, role } = body;

src/permissions/team.ts

@@ -39,10 +39,6 @@ export async function canDeleteTeam({ user }: Auth, teamId: string) {
   return teamUser && hasPermission(teamUser.role, PERMISSIONS.teamDelete);
 }
 
-export async function canAddUserToTeam({ user }: Auth) {
-  return user.isAdmin;
-}
-
 export async function canDeleteTeamUser({ user }: Auth, teamId: string, removeUserId: string) {
   if (user.isAdmin) {
     return true;