Updated roles and permissions logic.

pages/api/users/[id]/index.ts

@@ -1,5 +1,5 @@
-import { NextApiRequestQueryBody } from 'interface/api/nextApi';
-import { canDeleteUser, canUpdateUser, canViewUser, checkAdmin } from 'lib/auth';
+import { NextApiRequestQueryBody } from 'lib/types';
+import { canUpdateUser, canViewUser } from 'lib/auth';
 import { useAuth } from 'lib/middleware';
 import { NextApiResponse } from 'next';
 import { badRequest, hashPassword, methodNotAllowed, ok, unauthorized } from 'next-basics';
@@ -21,7 +21,7 @@ export default async (
   await useAuth(req, res);
 
   const {
-    user: { id: userId },
+    user: { id: userId, isAdmin },
   } = req.auth;
   const { id } = req.query;
 
@@ -51,7 +51,7 @@ export default async (
     }
 
     // Only admin can change these fields
-    if (username && (await checkAdmin(userId))) {
+    if (username && isAdmin) {
       data.username = username;
     }
 
@@ -70,7 +70,7 @@ export default async (
   }
 
   if (req.method === 'DELETE') {
-    if (canDeleteUser(userId)) {
+    if (isAdmin) {
       return unauthorized(res);
     }
 

pages/api/users/[id]/password.ts

@@ -1,4 +1,4 @@
-import { NextApiRequestQueryBody } from 'interface/api/nextApi';
+import { NextApiRequestQueryBody } from 'lib/types';
 import { canUpdateUser } from 'lib/auth';
 import { useAuth } from 'lib/middleware';
 import { NextApiResponse } from 'next';

pages/api/users/[id]/role.ts

@@ -1,62 +0,0 @@
-import { UserRole } from '@prisma/client';
-import { NextApiRequestQueryBody } from 'interface/api/nextApi';
-import { canUpdateUserRole } from 'lib/auth';
-import { Role } from 'lib/types';
-import { useAuth } from 'lib/middleware';
-import { NextApiResponse } from 'next';
-import { badRequest, methodNotAllowed, ok, unauthorized } from 'next-basics';
-import { deleteUserRole, getUserRole, getUserRoles, updateUserRole } from 'queries';
-
-export interface UserRoleRequestQuery {
-  id: string;
-}
-export interface UserRoleRequestBody {
-  role: Role;
-  userRoleId?: string;
-}
-
-export default async (
-  req: NextApiRequestQueryBody<UserRoleRequestQuery, UserRoleRequestBody>,
-  res: NextApiResponse<UserRole>,
-) => {
-  await useAuth(req, res);
-
-  const {
-    user: { id: userId },
-  } = req.auth;
-  const { id } = req.query;
-
-  if (await canUpdateUserRole(userId)) {
-    return unauthorized(res);
-  }
-
-  if (req.method === 'GET') {
-    const userRole = await getUserRoles({ userId: id });
-
-    return ok(res, userRole);
-  }
-
-  if (req.method === 'POST') {
-    const { role } = req.body;
-
-    const userRole = await getUserRole({ userId: id });
-
-    if (userRole && userRole.role === role) {
-      return badRequest(res, 'Role already exists for User.');
-    } else {
-      const updated = await updateUserRole({ role }, { id: userRole.id });
-
-      return ok(res, updated);
-    }
-  }
-
-  if (req.method === 'DELETE') {
-    const { userRoleId } = req.body;
-
-    const updated = await deleteUserRole(userRoleId);
-
-    return ok(res, updated);
-  }
-
-  return methodNotAllowed(res);
-};

pages/api/users/[id]/websites.ts

@@ -0,0 +1,57 @@
+import { Prisma } from '@prisma/client';
+import { NextApiRequestQueryBody } from 'lib/types';
+import { uuid } from 'lib/crypto';
+import { useAuth, useCors } from 'lib/middleware';
+import { NextApiResponse } from 'next';
+import { methodNotAllowed, ok } from 'next-basics';
+import { createWebsite, getUserWebsites } from 'queries';
+
+export interface WebsitesRequestQuery {}
+
+export interface WebsitesRequestBody {
+  name: string;
+  domain: string;
+  shareId: string;
+  teamId?: string;
+}
+
+export default async (
+  req: NextApiRequestQueryBody<WebsitesRequestQuery, WebsitesRequestBody>,
+  res: NextApiResponse,
+) => {
+  await useCors(req, res);
+  await useAuth(req, res);
+
+  const {
+    user: { id: userId },
+  } = req.auth;
+
+  if (req.method === 'GET') {
+    const websites = await getUserWebsites(userId);
+
+    return ok(res, websites);
+  }
+
+  if (req.method === 'POST') {
+    const { name, domain, shareId, teamId } = req.body;
+
+    const data: Prisma.WebsiteUncheckedCreateInput = {
+      id: uuid(),
+      name,
+      domain,
+      shareId,
+    };
+
+    if (teamId) {
+      data.teamId = teamId;
+    } else {
+      data.userId = userId;
+    }
+
+    const website = await createWebsite(data);
+
+    return ok(res, website);
+  }
+
+  return methodNotAllowed(res);
+};

pages/api/users/index.ts

@@ -1,7 +1,7 @@
-import { NextApiRequestQueryBody } from 'interface/api/nextApi';
-import { canCreateUser, canViewUsers } from 'lib/auth';
+import { NextApiRequestQueryBody } from 'lib/types';
 import { uuid } from 'lib/crypto';
 import { useAuth } from 'lib/middleware';
+import { ROLES } from 'lib/constants';
 import { NextApiResponse } from 'next';
 import { badRequest, hashPassword, methodNotAllowed, ok, unauthorized } from 'next-basics';
 import { createUser, getUser, getUsers, User } from 'queries';
@@ -19,11 +19,11 @@ export default async (
   await useAuth(req, res);
 
   const {
-    user: { id: userId },
+    user: { isAdmin },
   } = req.auth;
 
   if (req.method === 'GET') {
-    if (canViewUsers(userId)) {
+    if (isAdmin) {
       return unauthorized(res);
     }
 
@@ -33,15 +33,15 @@ export default async (
   }
 
   if (req.method === 'POST') {
-    if (canCreateUser(userId)) {
+    if (isAdmin) {
       return unauthorized(res);
     }
 
     const { username, password, id } = req.body;
 
-    const user = await getUser({ username });
+    const existingUser = await getUser({ username });
 
-    if (user) {
+    if (existingUser) {
       return badRequest(res, 'User already exists');
     }
 
@@ -49,6 +49,7 @@ export default async (
       id: id || uuid(),
       username,
       password: hashPassword(password),
+      role: ROLES.user,
     });
 
     return ok(res, created);