55 lines
1.6 KiB
TypeScript
55 lines
1.6 KiB
TypeScript
|
import type { NextApiRequest, NextApiResponse } from "next";
|
||
|
|
||
|
import { getSession } from "@lib/auth";
|
||
|
import prisma from "@lib/prisma";
|
||
|
import { getTeamWithMembers } from "@lib/queries/teams";
|
||
|
|
||
|
export default async function handler(req: NextApiRequest, res: NextApiResponse) {
|
||
|
const session = await getSession({ req: req });
|
||
|
if (!session) {
|
||
|
return res.status(401).json({ message: "Not authenticated" });
|
||
|
}
|
||
|
if (!session.user?.id) {
|
||
|
console.log("Received session token without a user id.");
|
||
|
return res.status(500).json({ message: "Something went wrong." });
|
||
|
}
|
||
|
if (!req.query.team) {
|
||
|
console.log("Missing team query param.");
|
||
|
return res.status(500).json({ message: "Something went wrong." });
|
||
|
}
|
||
|
|
||
|
const teamId = parseInt(req.query.team as string);
|
||
|
|
||
|
// GET /api/teams/{team}
|
||
|
if (req.method === "GET") {
|
||
|
const team = await getTeamWithMembers(teamId);
|
||
|
return res.status(200).json({ team });
|
||
|
}
|
||
|
// DELETE /api/teams/{team}
|
||
|
if (req.method === "DELETE") {
|
||
|
const membership = await prisma.membership.findFirst({
|
||
|
where: {
|
||
|
userId: session.user.id,
|
||
|
teamId,
|
||
|
},
|
||
|
});
|
||
|
|
||
|
if (!membership || membership.role !== "OWNER") {
|
||
|
console.log(`User ${session.user.id} tried deleting an organization they don't own.`);
|
||
|
return res.status(403).json({ message: "Forbidden." });
|
||
|
}
|
||
|
|
||
|
await prisma.membership.delete({
|
||
|
where: {
|
||
|
userId_teamId: { userId: session.user.id, teamId },
|
||
|
},
|
||
|
});
|
||
|
await prisma.team.delete({
|
||
|
where: {
|
||
|
id: teamId,
|
||
|
},
|
||
|
});
|
||
|
return res.status(204).send(null);
|
||
|
}
|
||
|
}
|