watson/umami
1
0
Fork 0
mirror of https://github.com/umami-software/umami.git synced 2026-02-04 04:37:11 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix isAdmin check. Fix Schema.

Browse source
This commit is contained in:
Brian Cao 2022-11-21 16:44:42 -08:00
parent 371425ab60
commit d60ad1c782
4 changed files with 18 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

12
pages/api/teams/[id]/user.ts
View file

@ -4,8 +4,8 @@ import { UmamiApi } from 'lib/constants';
import { uuid } from 'lib/crypto';
import { useAuth } from 'lib/middleware';
import { NextApiResponse } from 'next';
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
import { createTeamUser, deleteTeamUser, getUsersByTeamId } from 'queries';
import { badRequest, methodNotAllowed, ok, unauthorized } from 'next-basics';
import { createTeamUser, deleteTeamUser, getUsersByTeamId, getTeamUser } from 'queries';
export interface TeamUserRequestQuery {
id: string;
@ -41,6 +41,13 @@ export default async (
const { user_id: userId } = req.body;
// Check for TeamUser
const teamUser = getTeamUser({ userId, teamId });
if (!teamUser) {
return badRequest(res, 'The User already exists on this Team.');
}
const updated = await createTeamUser({ id: uuid(), userId, teamId });
return ok(res, updated);
@ -50,7 +57,6 @@ export default async (
if (!(await allowQuery(req, UmamiApi.AuthType.TeamOwner))) {
return unauthorized(res, 'You must be the owner of this team.');
}
const { team_user_id } = req.body;
await deleteTeamUser(team_user_id);

8
pages/api/users/[id]/role.ts
View file

@ -42,7 +42,6 @@ export default async (
if (req.method === 'POST') {
const { roleId, teamId } = req.body;
// Check when userRolename changes
const userRole = getUserRole({ userId: id, roleId, teamId });
if (userRole) {
@ -57,13 +56,6 @@ export default async (
if (req.method === 'DELETE') {
const { userRoleId } = req.body;
// Check when userRolename changes
const userRole = getUserRole({ id: userRoleId });
if (userRole) {
return badRequest(res, 'Role already exists for User.');
}
const updated = await deleteUserRole(userRoleId);
return ok(res, updated);

6
pages/api/websites/index.ts
View file

@ -5,6 +5,8 @@ import { useAuth, useCors } from 'lib/middleware';
import { NextApiResponse } from 'next';
import { methodNotAllowed, ok } from 'next-basics';
import { createWebsite, getAllWebsites, getWebsitesByUserId } from 'queries';
import { checkPermission } from 'lib/auth';
import { UmamiApi } from 'lib/constants';
export interface WebsitesRequestQuery {
include_all?: boolean;
@ -25,12 +27,14 @@ export default async (
await useAuth(req, res);
const {
user: { id: userId, isAdmin },
user: { id: userId },
} = req.auth;
if (req.method === 'GET') {
const { include_all } = req.query;
const isAdmin = await checkPermission(req, UmamiApi.Permission.Admin);
const websites =
isAdmin && include_all ? await getAllWebsites() : await getWebsitesByUserId(userId);