Update api for new teams.

src/pages/api/teams/[id]/users/[userId].ts

@@ -1,38 +0,0 @@
-import { canDeleteTeamUser } from 'lib/auth';
-import { useAuth, useValidate } from 'lib/middleware';
-import { NextApiRequestQueryBody } from 'lib/types';
-import { NextApiResponse } from 'next';
-import { methodNotAllowed, ok, unauthorized } from 'next-basics';
-import { deleteTeamUser } from 'queries';
-import * as yup from 'yup';
-
-export interface TeamUserRequestQuery {
-  id: string;
-  userId: string;
-}
-
-const schema = {
-  DELETE: yup.object().shape({
-    id: yup.string().uuid().required(),
-    userId: yup.string().uuid().required(),
-  }),
-};
-
-export default async (req: NextApiRequestQueryBody<TeamUserRequestQuery>, res: NextApiResponse) => {
-  await useAuth(req, res);
-  await useValidate(schema, req, res);
-
-  if (req.method === 'DELETE') {
-    const { id: teamId, userId } = req.query;
-
-    if (!(await canDeleteTeamUser(req.auth, teamId, userId))) {
-      return unauthorized(res, 'You must be the owner of this team.');
-    }
-
-    await deleteTeamUser(teamId, userId);
-
-    return ok(res);
-  }
-
-  return methodNotAllowed(res);
-};

src/pages/api/teams/[id]/users/index.ts

@@ -1,21 +1,33 @@
-import * as yup from 'yup';
-import { canViewTeam } from 'lib/auth';
+import { canAddUserToTeam, canViewTeam } from 'lib/auth';
 import { useAuth, useValidate } from 'lib/middleware';
+import { pageInfo } from 'lib/schema';
 import { NextApiRequestQueryBody, SearchFilter } from 'lib/types';
 import { NextApiResponse } from 'next';
-import { methodNotAllowed, ok, unauthorized } from 'next-basics';
-import { getUsersByTeamId } from 'queries';
-import { pageInfo } from 'lib/schema';
+import { badRequest, methodNotAllowed, ok, unauthorized } from 'next-basics';
+import { createTeamUser, getTeamUser, getUsersByTeamId } from 'queries';
+import * as yup from 'yup';
 
 export interface TeamUserRequestQuery extends SearchFilter {
   id: string;
 }
 
+export interface TeamUserRequestBody {
+  userId: string;
+  role: string;
+}
+
 const schema = {
   GET: yup.object().shape({
     id: yup.string().uuid().required(),
     ...pageInfo,
   }),
+  POST: yup.object().shape({
+    userId: yup.string().uuid().required(),
+    role: yup
+      .string()
+      .matches(/team-member|team-guest/i)
+      .required(),
+  }),
 };
 
 export default async (
@@ -43,5 +55,24 @@ export default async (
     return ok(res, users);
   }
 
+  // admin function only
+  if (req.method === 'POST') {
+    if (!(await canAddUserToTeam(req.auth))) {
+      return unauthorized(res);
+    }
+
+    const { userId, role } = req.body;
+
+    const teamUser = await getTeamUser(teamId, userId);
+
+    if (teamUser) {
+      return badRequest(res, 'User is already a member of the Team.');
+    }
+
+    const users = await createTeamUser(userId, teamId, role);
+
+    return ok(res, users);
+  }
+
   return methodNotAllowed(res);
 };

src/pages/api/teams/[id]/websites/[websiteId].ts

@@ -1,41 +0,0 @@
-import { canDeleteTeamWebsite } from 'lib/auth';
-import { useAuth, useValidate } from 'lib/middleware';
-import { NextApiRequestQueryBody } from 'lib/types';
-import { NextApiResponse } from 'next';
-import { methodNotAllowed, ok, unauthorized } from 'next-basics';
-import * as yup from 'yup';
-import { deleteWebsite } from 'queries/admin/website';
-
-export interface TeamWebsitesRequestQuery {
-  id: string;
-  websiteId: string;
-}
-
-const schema = {
-  DELETE: yup.object().shape({
-    id: yup.string().uuid().required(),
-    websiteId: yup.string().uuid().required(),
-  }),
-};
-
-export default async (
-  req: NextApiRequestQueryBody<TeamWebsitesRequestQuery>,
-  res: NextApiResponse,
-) => {
-  await useAuth(req, res);
-  await useValidate(schema, req, res);
-
-  const { id: teamId, websiteId } = req.query;
-
-  if (req.method === 'DELETE') {
-    if (!(await canDeleteTeamWebsite(req.auth, teamId, websiteId))) {
-      return unauthorized(res);
-    }
-
-    await deleteWebsite(websiteId);
-
-    return ok(res);
-  }
-
-  return methodNotAllowed(res);
-};

src/pages/api/teams/[id]/websites/index.ts

@@ -1,18 +1,21 @@
 import * as yup from 'yup';
-import { canViewTeam } from 'lib/auth';
+import { canCreateTeamWebsite, canViewTeam } from 'lib/auth';
 import { useAuth, useValidate } from 'lib/middleware';
 import { NextApiRequestQueryBody, SearchFilter } from 'lib/types';
 import { pageInfo } from 'lib/schema';
 import { NextApiResponse } from 'next';
 import { methodNotAllowed, ok, unauthorized } from 'next-basics';
-import { getWebsitesByTeamId } from 'queries';
+import { createWebsite, getWebsitesByTeamId } from 'queries';
+import { uuid } from 'lib/crypto';
 
 export interface TeamWebsiteRequestQuery extends SearchFilter {
   id: string;
 }
 
 export interface TeamWebsiteRequestBody {
-  websiteIds?: string[];
+  name: string;
+  domain: string;
+  shareId: string;
 }
 
 const schema = {
@@ -21,8 +24,9 @@ const schema = {
     ...pageInfo,
   }),
   POST: yup.object().shape({
-    id: yup.string().uuid().required(),
-    websiteIds: yup.array().of(yup.string()).min(1).required(),
+    name: yup.string().max(100).required(),
+    domain: yup.string().max(500).required(),
+    shareId: yup.string().max(50).nullable(),
   }),
 };
 
@@ -51,5 +55,17 @@ export default async (
     return ok(res, websites);
   }
 
+  if (req.method === 'POST') {
+    if (!(await canCreateTeamWebsite(req.auth, teamId))) {
+      return unauthorized(res);
+    }
+
+    const { name, domain, shareId } = req.body;
+
+    const website = await createWebsite({ id: uuid(), name, domain, shareId });
+
+    return ok(res, website);
+  }
+
   return methodNotAllowed(res);
 };