github/umami
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Updated roles and permissions logic.

Browse Source
This commit is contained in:
Mike Cao
2022-12-06 18:36:41 -08:00
parent 4eb3140e43
commit b57ecf33e6
63 changed files with 432 additions and 546 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
pages/api/teams/[id]/index.ts
View File

@@ -1,5 +1,5 @@
import { Team } from '@prisma/client';
import { NextApiRequestQueryBody } from 'interface/api/nextApi';
import { NextApiRequestQueryBody } from 'lib/types';
import { canDeleteTeam, canUpdateTeam, canViewTeam } from 'lib/auth';
import { useAuth } from 'lib/middleware';
import { NextApiResponse } from 'next';
@@ -26,7 +26,7 @@ export default async (
const { id: teamId } = req.query;
if (req.method === 'GET') {
if (await canViewTeam(userId, teamId)) {
if (!(await canViewTeam(userId, teamId))) {
return unauthorized(res);
}
@@ -38,7 +38,7 @@ export default async (
if (req.method === 'POST') {
const { name } = req.body;
if (await canUpdateTeam(userId, teamId)) {
if (!(await canUpdateTeam(userId, teamId))) {
return unauthorized(res, 'You must be the owner of this team.');
}
@@ -48,7 +48,7 @@ export default async (
}
if (req.method === 'DELETE') {
if (await canDeleteTeam(userId, teamId)) {
if (!(await canDeleteTeam(userId, teamId))) {
return unauthorized(res, 'You must be the owner of this team.');
}

12
pages/api/teams/[id]/user.ts → pages/api/teams/[id]/users.ts
View File

@@ -1,9 +1,9 @@
import { NextApiRequestQueryBody } from 'interface/api/nextApi';
import { NextApiRequestQueryBody } from 'lib/types';
import { canUpdateTeam, canViewTeam } from 'lib/auth';
import { useAuth } from 'lib/middleware';
import { NextApiResponse } from 'next';
import { badRequest, methodNotAllowed, ok, unauthorized } from 'next-basics';
import { createTeamUser, deleteTeamUser, getUser, getUsersByTeamId } from 'queries';
import { createTeamUser, deleteTeamUser, getUser, getTeamUsers } from 'queries';
export interface TeamUserRequestQuery {
id: string;
@@ -27,17 +27,17 @@ export default async (
const { id: teamId } = req.query;
if (req.method === 'GET') {
if (await canViewTeam(userId, teamId)) {
if (!(await canViewTeam(userId, teamId))) {
return unauthorized(res);
}
const user = await getUsersByTeamId({ teamId });
const users = await getTeamUsers(teamId);
return ok(res, user);
return ok(res, users);
}
if (req.method === 'POST') {
if (await canUpdateTeam(userId, teamId)) {
if (!(await canUpdateTeam(userId, teamId))) {
return unauthorized(res, 'You must be the owner of this team.');
}

12
pages/api/teams/[id]/website.ts → pages/api/teams/[id]/websites.ts
View File

@@ -1,9 +1,9 @@
import { NextApiRequestQueryBody } from 'interface/api/nextApi';
import { canViewTeam } from 'lib/auth';
import { useAuth } from 'lib/middleware';
import { NextApiResponse } from 'next';
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
import { getWebsitesByTeamId } from 'queries';
import { NextApiRequestQueryBody } from 'lib/types';
import { canViewTeam } from 'lib/auth';
import { useAuth } from 'lib/middleware';
import { getTeamWebsites } from 'queries/admin/team';
export interface TeamWebsiteRequestQuery {
id: string;
@@ -30,9 +30,9 @@ export default async (
return unauthorized(res);
}
const website = await getWebsitesByTeamId({ teamId });
const websites = await getTeamWebsites(teamId);
return ok(res, website);
return ok(res, websites);
}
return methodNotAllowed(res);

19
pages/api/teams/index.ts
View File

@@ -1,14 +1,14 @@
import { Team } from '@prisma/client';
import { NextApiRequestQueryBody } from 'interface/api/nextApi';
import { NextApiRequestQueryBody } from 'lib/types';
import { canCreateTeam } from 'lib/auth';
import { uuid } from 'lib/crypto';
import { useAuth } from 'lib/middleware';
import { NextApiResponse } from 'next';
import { badRequest, methodNotAllowed, ok, unauthorized } from 'next-basics';
import { createTeam, getTeam, getTeamsByUserId } from 'queries';
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
import { createTeam, getUserTeams } from 'queries';
export interface TeamsRequestBody {
name: string;
description: string;
}
export default async (
@@ -22,27 +22,22 @@ export default async (
} = req.auth;
if (req.method === 'GET') {
const teams = await getTeamsByUserId(userId);
const teams = await getUserTeams(userId);
return ok(res, teams);
}
if (req.method === 'POST') {
if (await canCreateTeam(userId)) {
if (!(await canCreateTeam(userId))) {
return unauthorized(res);
}
const { name } = req.body;
const team = await getTeam({ name });
if (team) {
return badRequest(res, 'Team already exists');
}
const created = await createTeam({
id: uuid(),
name,
userId,
});
return ok(res, created);