cal.pub0.org/pages/api/teams/[teamId]/_auth-middleware.ts

import type { Prisma } from "@prisma/client";
import { MembershipRole } from "@prisma/client";
import type { NextApiRequest } from "next";

import { HttpError } from "@calcom/lib/http-error";

import { schemaQueryTeamId } from "@lib/validations/shared/queryTeamId";

async function authMiddleware(req: NextApiRequest) {
  const { userId, prisma, isAdmin } = req;
  const { teamId } = schemaQueryTeamId.parse(req.query);
  /** Admins can skip the ownership verification */
  if (isAdmin) return;
  /** Non-members will see a 404 error which may or not be the desired behavior. */
  await prisma.team.findFirstOrThrow({
    where: { id: teamId, members: { some: { userId } } },
  });
}

export async function checkPermissions(
  req: NextApiRequest,
  role: Prisma.MembershipWhereInput["role"] = MembershipRole.OWNER
) {
  const { userId, prisma, isAdmin } = req;
  const { teamId } = schemaQueryTeamId.parse(req.query);
  const args: Prisma.TeamFindFirstArgs = { where: { id: teamId } };
  /** If not ADMIN then we check if the actual user belongs to team and matches the required role */
  if (!isAdmin) args.where = { ...args.where, members: { some: { userId, role } } };
  const team = await prisma.team.findFirst(args);
  if (!team) throw new HttpError({ statusCode: 401, message: `Unauthorized: ${role.toString()} required` });
  return team;
}

export default authMiddleware;
added more endpoints and validations for publish-pay teams (#209) ## What does the PR do? - Team billing via API Just like the web project, we validate that team has stripe metadata before converting requestedSlug to slug. Co-authored-by: zomars <zomars@me.com> 2022-11-22 20:24:25 +00:00			`import type { Prisma } from "@prisma/client";`
			`import { MembershipRole } from "@prisma/client";`
Refactors teams 2022-10-11 02:25:47 +00:00			`import type { NextApiRequest } from "next";`

added more endpoints and validations for publish-pay teams (#209) ## What does the PR do? - Team billing via API Just like the web project, we validate that team has stripe metadata before converting requestedSlug to slug. Co-authored-by: zomars <zomars@me.com> 2022-11-22 20:24:25 +00:00			`import { HttpError } from "@calcom/lib/http-error";`

Refactors teams 2022-10-11 02:25:47 +00:00			`import { schemaQueryTeamId } from "@lib/validations/shared/queryTeamId";`

			`async function authMiddleware(req: NextApiRequest) {`
			`const { userId, prisma, isAdmin } = req;`
			`const { teamId } = schemaQueryTeamId.parse(req.query);`
			`/** Admins can skip the ownership verification */`
			`if (isAdmin) return;`
			`/** Non-members will see a 404 error which may or not be the desired behavior. */`
			`await prisma.team.findFirstOrThrow({`
			`where: { id: teamId, members: { some: { userId } } },`
			`});`
			`}`

added more endpoints and validations for publish-pay teams (#209) ## What does the PR do? - Team billing via API Just like the web project, we validate that team has stripe metadata before converting requestedSlug to slug. Co-authored-by: zomars <zomars@me.com> 2022-11-22 20:24:25 +00:00			`export async function checkPermissions(`
			`req: NextApiRequest,`
			`role: Prisma.MembershipWhereInput["role"] = MembershipRole.OWNER`
			`) {`
			`const { userId, prisma, isAdmin } = req;`
			`const { teamId } = schemaQueryTeamId.parse(req.query);`
			`const args: Prisma.TeamFindFirstArgs = { where: { id: teamId } };`
			`/** If not ADMIN then we check if the actual user belongs to team and matches the required role */`
			`if (!isAdmin) args.where = { ...args.where, members: { some: { userId, role } } };`
			`const team = await prisma.team.findFirst(args);`
			if (!team) throw new HttpError({ statusCode: 401, message: `Unauthorized: ${role.toString()} required` });
			`return team;`
			`}`

Refactors teams 2022-10-11 02:25:47 +00:00			`export default authMiddleware;`