Fix teamWebsite / teamUser.

pages/api/teams/[id]/users/[userId].ts

@@ -0,0 +1,29 @@
+import { canDeleteTeamUser } from 'lib/auth';
+import { useAuth } from 'lib/middleware';
+import { NextApiRequestQueryBody } from 'lib/types';
+import { NextApiResponse } from 'next';
+import { methodNotAllowed, ok, unauthorized } from 'next-basics';
+import { deleteTeamUser } from 'queries';
+
+export interface TeamUserRequestQuery {
+  id: string;
+  userId: string;
+}
+
+export default async (req: NextApiRequestQueryBody<TeamUserRequestQuery>, res: NextApiResponse) => {
+  await useAuth(req, res);
+
+  if (req.method === 'DELETE') {
+    const { id: teamId, userId } = req.query;
+
+    if (!(await canDeleteTeamUser(req.auth, teamId, userId))) {
+      return unauthorized(res, 'You must be the owner of this team.');
+    }
+
+    await deleteTeamUser(teamId, userId);
+
+    return ok(res);
+  }
+
+  return methodNotAllowed(res);
+};

pages/api/teams/[id]/users/index.ts

@@ -1,9 +1,9 @@
-import { NextApiRequestQueryBody } from 'lib/types';
-import { canDeleteTeamUser, canUpdateTeam, canViewTeam } from 'lib/auth';
+import { canUpdateTeam, canViewTeam } from 'lib/auth';
 import { useAuth } from 'lib/middleware';
+import { NextApiRequestQueryBody } from 'lib/types';
 import { NextApiResponse } from 'next';
 import { badRequest, methodNotAllowed, ok, unauthorized } from 'next-basics';
-import { createTeamUser, deleteTeamUser, getUser, getTeamUsers } from 'queries';
+import { createTeamUser, getTeamUsers, getUser } from 'queries';
 
 export interface TeamUserRequestQuery {
   id: string;
@@ -12,7 +12,6 @@ export interface TeamUserRequestQuery {
 export interface TeamUserRequestBody {
   email: string;
   roleId: string;
-  userId?: string;
 }
 
 export default async (
@@ -52,17 +51,5 @@ export default async (
     return ok(res, updated);
   }
 
-  if (req.method === 'DELETE') {
-    const { userId } = req.body;
-
-    if (await canDeleteTeamUser(req.auth, teamId, userId)) {
-      return unauthorized(res, 'You must be the owner of this team.');
-    }
-
-    await deleteTeamUser(teamId, userId);
-
-    return ok(res);
-  }
-
   return methodNotAllowed(res);
 };

pages/api/teams/[id]/websites/[websiteId].ts

@@ -5,24 +5,25 @@ import { NextApiResponse } from 'next';
 import { methodNotAllowed, ok, unauthorized } from 'next-basics';
 import { deleteTeamWebsite } from 'queries/admin/teamWebsite';
 
-export interface TeamWebsiteRequestQuery {
+export interface TeamWebsitesRequestQuery {
   id: string;
+  websiteId: string;
 }
 
 export default async (
-  req: NextApiRequestQueryBody<TeamWebsiteRequestQuery>,
+  req: NextApiRequestQueryBody<TeamWebsitesRequestQuery>,
   res: NextApiResponse,
 ) => {
   await useAuth(req, res);
 
-  const { id: teamWebsiteId } = req.query;
+  const { id: teamId, websiteId } = req.query;
 
   if (req.method === 'DELETE') {
-    if (!(await canDeleteTeamWebsite(req.auth, teamWebsiteId))) {
+    if (!(await canDeleteTeamWebsite(req.auth, teamId, websiteId))) {
       return unauthorized(res);
     }
 
-    const websites = await deleteTeamWebsite(teamWebsiteId);
+    const websites = await deleteTeamWebsite(teamId, websiteId);
 
     return ok(res, websites);
   }