watson/umami
1
0
Fork 0
mirror of https://github.com/umami-software/umami.git synced 2026-02-12 00:27:11 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fix teamWebsite / teamUser.

Browse source
This commit is contained in:
Brian Cao 2023-04-09 16:04:28 -07:00
parent 53b23420a4
commit 9eff565e7a
14 changed files with 83 additions and 52 deletions
Download patch file Download diff file Expand all files Collapse all files

29
pages/api/teams/[id]/users/[userId].ts Normal file
View file

@ -0,0 +1,29 @@
import { canDeleteTeamUser } from 'lib/auth';
import { useAuth } from 'lib/middleware';
import { NextApiRequestQueryBody } from 'lib/types';
import { NextApiResponse } from 'next';
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
import { deleteTeamUser } from 'queries';
export interface TeamUserRequestQuery {
id: string;
userId: string;
}
export default async (req: NextApiRequestQueryBody<TeamUserRequestQuery>, res: NextApiResponse) => {
await useAuth(req, res);
if (req.method === 'DELETE') {
const { id: teamId, userId } = req.query;
if (!(await canDeleteTeamUser(req.auth, teamId, userId))) {
return unauthorized(res, 'You must be the owner of this team.');
}
await deleteTeamUser(teamId, userId);
return ok(res);
}
return methodNotAllowed(res);
};

55
pages/api/teams/[id]/users/index.ts Normal file
View file

@ -0,0 +1,55 @@
import { canUpdateTeam, canViewTeam } from 'lib/auth';
import { useAuth } from 'lib/middleware';
import { NextApiRequestQueryBody } from 'lib/types';
import { NextApiResponse } from 'next';
import { badRequest, methodNotAllowed, ok, unauthorized } from 'next-basics';
import { createTeamUser, getTeamUsers, getUser } from 'queries';
export interface TeamUserRequestQuery {
id: string;
}
export interface TeamUserRequestBody {
email: string;
roleId: string;
}
export default async (
req: NextApiRequestQueryBody<TeamUserRequestQuery, TeamUserRequestBody>,
res: NextApiResponse,
) => {
await useAuth(req, res);
const { id: teamId } = req.query;
if (req.method === 'GET') {
if (!(await canViewTeam(req.auth, teamId))) {
return unauthorized(res);
}
const users = await getTeamUsers(teamId);
return ok(res, users);
}
if (req.method === 'POST') {
if (!(await canUpdateTeam(req.auth, teamId))) {
return unauthorized(res, 'You must be the owner of this team.');
}
const { email, roleId: roleId } = req.body;
// Check for User
const user = await getUser({ username: email });
if (!user) {
return badRequest(res, 'The User does not exists.');
}
const updated = await createTeamUser(user.id, teamId, roleId);
return ok(res, updated);
}
return methodNotAllowed(res);
};