Updated roles and permissions logic.
This commit is contained in:
Mike Cao
@@ -1,5 +1,5 @@
|
||||
import { Team } from '@prisma/client';
|
||||
import { NextApiRequestQueryBody } from 'interface/api/nextApi';
|
||||
import { NextApiRequestQueryBody } from 'lib/types';
|
||||
import { canDeleteTeam, canUpdateTeam, canViewTeam } from 'lib/auth';
|
||||
import { useAuth } from 'lib/middleware';
|
||||
import { NextApiResponse } from 'next';
|
||||
@@ -26,7 +26,7 @@ export default async (
|
||||
const { id: teamId } = req.query;
|
||||
|
||||
if (req.method === 'GET') {
|
||||
if (await canViewTeam(userId, teamId)) {
|
||||
if (!(await canViewTeam(userId, teamId))) {
|
||||
return unauthorized(res);
|
||||
}
|
||||
|
||||
@@ -38,7 +38,7 @@ export default async (
|
||||
if (req.method === 'POST') {
|
||||
const { name } = req.body;
|
||||
|
||||
if (await canUpdateTeam(userId, teamId)) {
|
||||
if (!(await canUpdateTeam(userId, teamId))) {
|
||||
return unauthorized(res, 'You must be the owner of this team.');
|
||||
}
|
||||
|
||||
@@ -48,7 +48,7 @@ export default async (
|
||||
}
|
||||
|
||||
if (req.method === 'DELETE') {
|
||||
if (await canDeleteTeam(userId, teamId)) {
|
||||
if (!(await canDeleteTeam(userId, teamId))) {
|
||||
return unauthorized(res, 'You must be the owner of this team.');
|
||||
}
|
||||
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
import { NextApiRequestQueryBody } from 'interface/api/nextApi';
|
||||
import { NextApiRequestQueryBody } from 'lib/types';
|
||||
import { canUpdateTeam, canViewTeam } from 'lib/auth';
|
||||
import { useAuth } from 'lib/middleware';
|
||||
import { NextApiResponse } from 'next';
|
||||
import { badRequest, methodNotAllowed, ok, unauthorized } from 'next-basics';
|
||||
import { createTeamUser, deleteTeamUser, getUser, getUsersByTeamId } from 'queries';
|
||||
import { createTeamUser, deleteTeamUser, getUser, getTeamUsers } from 'queries';
|
||||
|
||||
export interface TeamUserRequestQuery {
|
||||
id: string;
|
||||
@@ -27,17 +27,17 @@ export default async (
|
||||
const { id: teamId } = req.query;
|
||||
|
||||
if (req.method === 'GET') {
|
||||
if (await canViewTeam(userId, teamId)) {
|
||||
if (!(await canViewTeam(userId, teamId))) {
|
||||
return unauthorized(res);
|
||||
}
|
||||
|
||||
const user = await getUsersByTeamId({ teamId });
|
||||
const users = await getTeamUsers(teamId);
|
||||
|
||||
return ok(res, user);
|
||||
return ok(res, users);
|
||||
}
|
||||
|
||||
if (req.method === 'POST') {
|
||||
if (await canUpdateTeam(userId, teamId)) {
|
||||
if (!(await canUpdateTeam(userId, teamId))) {
|
||||
return unauthorized(res, 'You must be the owner of this team.');
|
||||
}
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
import { NextApiRequestQueryBody } from 'interface/api/nextApi';
|
||||
import { canViewTeam } from 'lib/auth';
|
||||
import { useAuth } from 'lib/middleware';
|
||||
import { NextApiResponse } from 'next';
|
||||
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
|
||||
import { getWebsitesByTeamId } from 'queries';
|
||||
import { NextApiRequestQueryBody } from 'lib/types';
|
||||
import { canViewTeam } from 'lib/auth';
|
||||
import { useAuth } from 'lib/middleware';
|
||||
import { getTeamWebsites } from 'queries/admin/team';
|
||||
|
||||
export interface TeamWebsiteRequestQuery {
|
||||
id: string;
|
||||
@@ -30,9 +30,9 @@ export default async (
|
||||
return unauthorized(res);
|
||||
}
|
||||
|
||||
const website = await getWebsitesByTeamId({ teamId });
|
||||
const websites = await getTeamWebsites(teamId);
|
||||
|
||||
return ok(res, website);
|
||||
return ok(res, websites);
|
||||
}
|
||||
|
||||
return methodNotAllowed(res);
|
||||
Reference in New Issue
Block a user