watson/umami
1
0
Fork 0
mirror of https://github.com/umami-software/umami.git synced 2026-02-15 10:05:36 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Updated roles and permissions logic.

Browse source
This commit is contained in:
Mike Cao 2022-12-06 18:36:41 -08:00
parent 4eb3140e43
commit b57ecf33e6
63 changed files with 432 additions and 546 deletions
Download patch file Download diff file Expand all files Collapse all files

8
pages/api/teams/[id]/index.ts
View file

@ -1,5 +1,5 @@
import { Team } from '@prisma/client';
import { NextApiRequestQueryBody } from 'interface/api/nextApi';
import { NextApiRequestQueryBody } from 'lib/types';
import { canDeleteTeam, canUpdateTeam, canViewTeam } from 'lib/auth';
import { useAuth } from 'lib/middleware';
import { NextApiResponse } from 'next';
@ -26,7 +26,7 @@ export default async (
const { id: teamId } = req.query;
if (req.method === 'GET') {
if (await canViewTeam(userId, teamId)) {
if (!(await canViewTeam(userId, teamId))) {
return unauthorized(res);
}
@ -38,7 +38,7 @@ export default async (
if (req.method === 'POST') {
const { name } = req.body;
if (await canUpdateTeam(userId, teamId)) {
if (!(await canUpdateTeam(userId, teamId))) {
return unauthorized(res, 'You must be the owner of this team.');
}
@ -48,7 +48,7 @@ export default async (
}
if (req.method === 'DELETE') {
if (await canDeleteTeam(userId, teamId)) {
if (!(await canDeleteTeam(userId, teamId))) {
return unauthorized(res, 'You must be the owner of this team.');
}