Update api for new teams.

2026-02-15 10:05:36 +01:00 · 2024-01-26 11:28:16 -08:00 · 2024-01-26 11:28:16 -08:00 · 80883b5ff1
commit 80883b5ff1
parent f319ce7915
6 changed files with 122 additions and 109 deletions
--- a/src/pages/api/teams/[id]/users/index.ts
+++ b/src/pages/api/teams/[id]/users/index.ts
@ -1,21 +1,33 @@
-import * as yup from 'yup';
-import { canViewTeam } from 'lib/auth';
+import { canAddUserToTeam, canViewTeam } from 'lib/auth';
 import { useAuth, useValidate } from 'lib/middleware';
+import { pageInfo } from 'lib/schema';
 import { NextApiRequestQueryBody, SearchFilter } from 'lib/types';
 import { NextApiResponse } from 'next';
-import { methodNotAllowed, ok, unauthorized } from 'next-basics';
-import { getUsersByTeamId } from 'queries';
-import { pageInfo } from 'lib/schema';
+import { badRequest, methodNotAllowed, ok, unauthorized } from 'next-basics';
+import { createTeamUser, getTeamUser, getUsersByTeamId } from 'queries';
+import * as yup from 'yup';

 export interface TeamUserRequestQuery extends SearchFilter {
  id: string;
 }

+export interface TeamUserRequestBody {
+  userId: string;
+  role: string;
+}
+
 const schema = {
  GET: yup.object().shape({
    id: yup.string().uuid().required(),
    ...pageInfo,
  }),
+  POST: yup.object().shape({
+    userId: yup.string().uuid().required(),
+    role: yup
+      .string()
+      .matches(/team-member|team-guest/i)
+      .required(),
+  }),
 };

 export default async (
@ -43,5 +55,24 @@ export default async (
    return ok(res, users);
  }

+  // admin function only
+  if (req.method === 'POST') {
+    if (!(await canAddUserToTeam(req.auth))) {
+      return unauthorized(res);
+    }
+
+    const { userId, role } = req.body;
+
+    const teamUser = await getTeamUser(teamId, userId);
+
+    if (teamUser) {
+      return badRequest(res, 'User is already a member of the Team.');
+    }
+
+    const users = await createTeamUser(userId, teamId, role);
+
+    return ok(res, users);
+  }
+
  return methodNotAllowed(res);
 };