Updated roles and permissions logic.

2026-02-04 04:37:11 +01:00 · 2022-12-06 18:36:41 -08:00 · 2022-12-06 18:36:41 -08:00 · b57ecf33e6
commit b57ecf33e6
parent 4eb3140e43
63 changed files with 432 additions and 546 deletions
--- a/pages/api/teams/[id]/websites.ts
+++ b/pages/api/teams/[id]/websites.ts
@ -0,0 +1,39 @@
+import { NextApiResponse } from 'next';
+import { methodNotAllowed, ok, unauthorized } from 'next-basics';
+import { NextApiRequestQueryBody } from 'lib/types';
+import { canViewTeam } from 'lib/auth';
+import { useAuth } from 'lib/middleware';
+import { getTeamWebsites } from 'queries/admin/team';
+
+export interface TeamWebsiteRequestQuery {
+  id: string;
+}
+
+export interface TeamWebsiteRequestBody {
+  website_id: string;
+  team_website_id?: string;
+}
+
+export default async (
+  req: NextApiRequestQueryBody<TeamWebsiteRequestQuery, TeamWebsiteRequestBody>,
+  res: NextApiResponse,
+) => {
+  await useAuth(req, res);
+
+  const {
+    user: { id: userId },
+  } = req.auth;
+  const { id: teamId } = req.query;
+
+  if (req.method === 'GET') {
+    if (await canViewTeam(userId, teamId)) {
+      return unauthorized(res);
+    }
+
+    const websites = await getTeamWebsites(teamId);
+
+    return ok(res, websites);
+  }
+
+  return methodNotAllowed(res);
+};