implemented the user view type and website sharing

2026-02-20 20:45:39 +01:00 · 2023-03-28 10:49:20 +03:00 · 2023-03-28 10:49:20 +03:00 · 66e67c7a3b
commit 66e67c7a3b
parent 7a3443cd06
19 changed files with 260 additions and 68 deletions
--- a/pages/api/accounts/[id]/index.js
+++ b/pages/api/accounts/[id]/index.js
@ -19,7 +19,7 @@ export default async (req, res) => {
  }

  if (req.method === 'POST') {
-    const { username, password } = req.body;
+    const { username, password, isViewer, websiteIds } = req.body;

    if (id !== userId && !isAdmin) {
      return unauthorized(res);
@ -29,6 +29,8 @@ export default async (req, res) => {

    const data = {};

+    data.isViewer = isViewer;
+
    if (password) {
      data.password = hashPassword(password);
    }
@ -36,6 +38,24 @@ export default async (req, res) => {
    // Only admin can change these fields
    if (isAdmin) {
      data.username = username;
+
+      const existingWebsiteIds = websiteIds.map(id => parseInt(id));
+
+      const websitesToDisconnect = account.viewwebsites
+        .map(vw => vw.websiteId)
+        .filter(id => !existingWebsiteIds.includes(id));
+
+      const websitesToConnect = existingWebsiteIds.filter(
+        id => !account.viewwebsites.map(vw => vw.websiteId).includes(id),
+      );
+
+      data.viewwebsites = {
+        create: websitesToConnect.map(id => ({ website: { connect: { id } } })),
+        deleteMany: websitesToDisconnect.map(id => ({
+          websiteId: id,
+          userId: account.id,
+        })),
+      };
    }

    // Check when username changes
--- a/pages/api/accounts/index.js
+++ b/pages/api/accounts/index.js
@ -19,7 +19,7 @@ export default async (req, res) => {
  }

  if (req.method === 'POST') {
-    const { username, password, account_uuid } = req.body;
+    const { username, password, account_uuid, websiteIds, isViewer } = req.body;

    const account = await getAccount({ username });

@ -31,6 +31,14 @@ export default async (req, res) => {
      username,
      password: hashPassword(password),
      accountUuid: account_uuid || uuid(),
+      isViewer,
+      viewwebsites: {
+        create: websiteIds
+          .map(id => parseInt(id))
+          .map(id => ({
+            website: { connect: { id } },
+          })),
+      },
    });

    return ok(res, created);
--- a/pages/api/auth/login.js
+++ b/pages/api/auth/login.js
@ -12,8 +12,8 @@ export default async (req, res) => {
  const account = await getAccount({ username });

  if (account && checkPassword(password, account.password)) {
-    const { id, username, isAdmin, accountUuid } = account;
-    const user = { userId: id, username, isAdmin, accountUuid };
+    const { id, username, isAdmin, isViewer, accountUuid } = account;
+    const user = { userId: id, username, isAdmin, isViewer, accountUuid };
    const token = createSecureToken(user, secret());

    return ok(res, { token, user });
--- a/pages/api/realtime/init.js
+++ b/pages/api/realtime/init.js
@ -14,7 +14,9 @@ export default async (req, res) => {
      return unauthorized(res);
    }

-    const websites = await getUserWebsites({ userId });
+    const websites = await getUserWebsites({
+      OR: [{ userId }, { viewers: { some: { userId } } }],
+    });
    const ids = websites.map(({ websiteUuid }) => websiteUuid);
    const token = createToken({ websites: ids }, secret());
    const data = await getRealtimeData(ids, subMinutes(new Date(), 30));
--- a/pages/api/websites/[id]/index.js
+++ b/pages/api/websites/[id]/index.js
@ -9,6 +9,7 @@ export default async (req, res) => {
  await useAuth(req, res);

  const { id: websiteUuid } = req.query;
+  const { accountUuid, isViewer } = req.auth;

  if (req.method === 'GET') {
    if (!(await allowQuery(req, TYPE_WEBSITE))) {
@ -21,12 +22,11 @@ export default async (req, res) => {
  }

  if (req.method === 'POST') {
-    if (!(await allowQuery(req, TYPE_WEBSITE, false))) {
+    if (!(await allowQuery(req, TYPE_WEBSITE, false)) || isViewer) {
      return unauthorized(res);
    }

    const { name, domain, owner, enableShareUrl, shareId } = req.body;
-    const { accountUuid } = req.auth;

    let account;

@ -62,7 +62,7 @@ export default async (req, res) => {
  }

  if (req.method === 'DELETE') {
-    if (!(await allowQuery(req, TYPE_WEBSITE, false))) {
+    if (!(await allowQuery(req, TYPE_WEBSITE, false)) || isViewer) {
      return unauthorized(res);
    }

--- a/pages/api/websites/[id]/reset.js
+++ b/pages/api/websites/[id]/reset.js
@ -9,9 +9,10 @@ export default async (req, res) => {
  await useAuth(req, res);

  const { id: websiteId } = req.query;
+  const { isViewer } = req.auth;

  if (req.method === 'POST') {
-    if (!(await allowQuery(req, TYPE_WEBSITE, false))) {
+    if (!(await allowQuery(req, TYPE_WEBSITE, false)) || isViewer) {
      return unauthorized(res);
    }

--- a/pages/api/websites/index.js
+++ b/pages/api/websites/index.js
@ -8,7 +8,8 @@ export default async (req, res) => {

  const { user_id, include_all } = req.query;

-  const { userId: currentUserId, isAdmin } = req.auth;
+  const { userId: currentUserId, isAdmin, isViewer } = req.auth;
+
  const accountUuid = user_id || req.auth.accountUuid;
  let account;

@ -26,7 +27,9 @@ export default async (req, res) => {
    const websites =
      isAdmin && include_all
        ? await getAllWebsites()
-        : await getUserWebsites({ userId: account?.id });
+        : await getUserWebsites({
+            OR: [{ userId: account?.id }, { viewers: { some: { userId: account?.id } } }],
+          });

    return ok(res, websites);
  }
@ -36,7 +39,7 @@ export default async (req, res) => {

    const website_owner = account ? account.id : +owner;

-    if (website_owner !== currentUserId && !isAdmin) {
+    if ((website_owner !== currentUserId && !isAdmin) || isViewer) {
      return unauthorized(res);
    }