Updated roles and permissions logic.

2026-02-04 04:37:11 +01:00 · 2022-12-06 18:36:41 -08:00 · 2022-12-06 18:36:41 -08:00 · b57ecf33e6
commit b57ecf33e6
parent 4eb3140e43
63 changed files with 432 additions and 546 deletions
--- a/pages/api/teams/[id]/index.ts
+++ b/pages/api/teams/[id]/index.ts
@ -1,5 +1,5 @@
 import { Team } from '@prisma/client';
-import { NextApiRequestQueryBody } from 'interface/api/nextApi';
+import { NextApiRequestQueryBody } from 'lib/types';
 import { canDeleteTeam, canUpdateTeam, canViewTeam } from 'lib/auth';
 import { useAuth } from 'lib/middleware';
 import { NextApiResponse } from 'next';
@ -26,7 +26,7 @@ export default async (
  const { id: teamId } = req.query;

  if (req.method === 'GET') {
-    if (await canViewTeam(userId, teamId)) {
+    if (!(await canViewTeam(userId, teamId))) {
      return unauthorized(res);
    }

@ -38,7 +38,7 @@ export default async (
  if (req.method === 'POST') {
    const { name } = req.body;

-    if (await canUpdateTeam(userId, teamId)) {
+    if (!(await canUpdateTeam(userId, teamId))) {
      return unauthorized(res, 'You must be the owner of this team.');
    }

@ -48,7 +48,7 @@ export default async (
  }

  if (req.method === 'DELETE') {
-    if (await canDeleteTeam(userId, teamId)) {
+    if (!(await canDeleteTeam(userId, teamId))) {
      return unauthorized(res, 'You must be the owner of this team.');
    }

--- a/pages/api/teams/[id]/users.ts
+++ b/pages/api/teams/[id]/users.ts
@ -1,9 +1,9 @@
-import { NextApiRequestQueryBody } from 'interface/api/nextApi';
+import { NextApiRequestQueryBody } from 'lib/types';
 import { canUpdateTeam, canViewTeam } from 'lib/auth';
 import { useAuth } from 'lib/middleware';
 import { NextApiResponse } from 'next';
 import { badRequest, methodNotAllowed, ok, unauthorized } from 'next-basics';
-import { createTeamUser, deleteTeamUser, getUser, getUsersByTeamId } from 'queries';
+import { createTeamUser, deleteTeamUser, getUser, getTeamUsers } from 'queries';

 export interface TeamUserRequestQuery {
  id: string;
@ -27,17 +27,17 @@ export default async (
  const { id: teamId } = req.query;

  if (req.method === 'GET') {
-    if (await canViewTeam(userId, teamId)) {
+    if (!(await canViewTeam(userId, teamId))) {
      return unauthorized(res);
    }

-    const user = await getUsersByTeamId({ teamId });
+    const users = await getTeamUsers(teamId);

-    return ok(res, user);
+    return ok(res, users);
  }

  if (req.method === 'POST') {
-    if (await canUpdateTeam(userId, teamId)) {
+    if (!(await canUpdateTeam(userId, teamId))) {
      return unauthorized(res, 'You must be the owner of this team.');
    }

--- a/pages/api/teams/[id]/websites.ts
+++ b/pages/api/teams/[id]/websites.ts
@ -1,9 +1,9 @@
-import { NextApiRequestQueryBody } from 'interface/api/nextApi';
-import { canViewTeam } from 'lib/auth';
-import { useAuth } from 'lib/middleware';
 import { NextApiResponse } from 'next';
 import { methodNotAllowed, ok, unauthorized } from 'next-basics';
-import { getWebsitesByTeamId } from 'queries';
+import { NextApiRequestQueryBody } from 'lib/types';
+import { canViewTeam } from 'lib/auth';
+import { useAuth } from 'lib/middleware';
+import { getTeamWebsites } from 'queries/admin/team';

 export interface TeamWebsiteRequestQuery {
  id: string;
@ -30,9 +30,9 @@ export default async (
      return unauthorized(res);
    }

-    const website = await getWebsitesByTeamId({ teamId });
+    const websites = await getTeamWebsites(teamId);

-    return ok(res, website);
+    return ok(res, websites);
  }

  return methodNotAllowed(res);
--- a/pages/api/teams/index.ts
+++ b/pages/api/teams/index.ts
@ -1,14 +1,14 @@
 import { Team } from '@prisma/client';
-import { NextApiRequestQueryBody } from 'interface/api/nextApi';
+import { NextApiRequestQueryBody } from 'lib/types';
 import { canCreateTeam } from 'lib/auth';
 import { uuid } from 'lib/crypto';
 import { useAuth } from 'lib/middleware';
 import { NextApiResponse } from 'next';
-import { badRequest, methodNotAllowed, ok, unauthorized } from 'next-basics';
-import { createTeam, getTeam, getTeamsByUserId } from 'queries';
+import { methodNotAllowed, ok, unauthorized } from 'next-basics';
+import { createTeam, getUserTeams } from 'queries';
+
 export interface TeamsRequestBody {
  name: string;
-  description: string;
 }

 export default async (
@ -22,27 +22,22 @@ export default async (
  } = req.auth;

  if (req.method === 'GET') {
-    const teams = await getTeamsByUserId(userId);
+    const teams = await getUserTeams(userId);

    return ok(res, teams);
  }

  if (req.method === 'POST') {
-    if (await canCreateTeam(userId)) {
+    if (!(await canCreateTeam(userId))) {
      return unauthorized(res);
    }

    const { name } = req.body;

-    const team = await getTeam({ name });
-
-    if (team) {
-      return badRequest(res, 'Team already exists');
-    }
-
    const created = await createTeam({
      id: uuid(),
      name,
+      userId,
    });

    return ok(res, created);