Merge branch 'dev' of https://github.com/umami-software/umami into dev

# Conflicts:
#	public/iso-3166-2.json

pages/api/auth/login.ts

@@ -45,7 +45,10 @@ export default async (
 
       const token = createSecureToken({ userId: user.id }, secret());
 
-      return ok(res, { token, user });
+      return ok(res, {
+        token,
+        user: { id: user.id, username: user.username, createdAt: user.createdAt },
+      });
     }
 
     return unauthorized(res, 'message.incorrect-username-password');

pages/api/teams/[id]/websites/[websiteId].ts

@@ -23,9 +23,9 @@ export default async (
       return unauthorized(res);
     }
 
-    const websites = await deleteTeamWebsite(teamId, websiteId);
+    await deleteTeamWebsite(teamId, websiteId);
 
-    return ok(res, websites);
+    return ok(res);
   }
 
   return methodNotAllowed(res);

pages/api/teams/[id]/websites/index.ts

@@ -10,7 +10,6 @@ export interface TeamWebsiteRequestQuery {
 }
 
 export interface TeamWebsiteRequestBody {
-  teamWebsiteId?: string;
   websiteIds?: string[];
 }
 
@@ -21,9 +20,6 @@ export default async (
   await useAuth(req, res);
 
   const { id: teamId } = req.query;
-  const {
-    user: { id: userId },
-  } = req.auth;
 
   if (req.method === 'GET') {
     if (!(await canViewTeam(req.auth, teamId))) {

pages/api/users/[id]/index.ts

@@ -1,4 +1,4 @@
-import { NextApiRequestQueryBody, User } from 'lib/types';
+import { NextApiRequestQueryBody, Roles, User } from 'lib/types';
 import { canDeleteUser, canUpdateUser, canViewUser } from 'lib/auth';
 import { useAuth } from 'lib/middleware';
 import { NextApiResponse } from 'next';
@@ -12,6 +12,7 @@ export interface UserRequestQuery {
 export interface UserRequestBody {
   username: string;
   password: string;
+  role: Roles;
 }
 
 export default async (
@@ -40,17 +41,20 @@ export default async (
       return unauthorized(res);
     }
 
-    const { username, password } = req.body;
+    const { username, password, role } = req.body;
 
     const user = await getUser({ id });
 
     const data: any = {};
 
-    // Only admin can change these fields
-    if (password && isAdmin) {
+    if (password) {
       data.password = hashPassword(password);
     }
 
+    if (role && isAdmin) {
+      data.role = role;
+    }
+
     // Only admin can change these fields
     if (username && isAdmin) {
       data.username = username;

pages/api/websites/[id]/index.ts

@@ -41,15 +41,17 @@ export default async (
 
     const { name, domain, shareId } = req.body;
 
+    let website;
+
     try {
-      await updateWebsite(websiteId, { name, domain, shareId });
+      website = await updateWebsite(websiteId, { name, domain, shareId });
     } catch (e: any) {
       if (e.message.includes('Unique constraint') && e.message.includes('share_id')) {
         return serverError(res, 'That share ID is already taken.');
       }
     }
 
-    return ok(res);
+    return ok(res, website);
   }
 
   if (req.method === 'DELETE') {

pages/api/websites/index.ts

@@ -10,7 +10,6 @@ export interface WebsitesRequestBody {
   name: string;
   domain: string;
   shareId: string;
-  teamId?: string;
 }
 
 export default async (
@@ -31,9 +30,9 @@ export default async (
   }
 
   if (req.method === 'POST') {
-    const { name, domain, shareId, teamId } = req.body;
+    const { name, domain, shareId } = req.body;
 
-    if (!(await canCreateWebsite(req.auth, teamId))) {
+    if (!(await canCreateWebsite(req.auth))) {
       return unauthorized(res);
     }
 
@@ -44,11 +43,7 @@ export default async (
       shareId,
     };
 
-    if (teamId) {
-      data.teamId = teamId;
-    } else {
-      data.userId = userId;
-    }
+    data.userId = userId;
 
     const website = await createWebsite(data);