fix: fixess attends:id endpoit
parent
8c19303baf
commit
096fd40044
|
@ -41,8 +41,7 @@ async function createOrlistAllAttendees(
|
||||||
req: NextApiRequest,
|
req: NextApiRequest,
|
||||||
res: NextApiResponse<AttendeesResponse | AttendeeResponse>
|
res: NextApiResponse<AttendeesResponse | AttendeeResponse>
|
||||||
) {
|
) {
|
||||||
const { method } = req;
|
const { method, userId } = req;
|
||||||
const userId = req.userId;
|
|
||||||
// Here we make sure to only return attendee's of the user's own bookings.
|
// Here we make sure to only return attendee's of the user's own bookings.
|
||||||
const userBookings = await prisma.booking.findMany({
|
const userBookings = await prisma.booking.findMany({
|
||||||
where: {
|
where: {
|
||||||
|
@ -76,14 +75,16 @@ async function createOrlistAllAttendees(
|
||||||
throw new Error("User not found");
|
throw new Error("User not found");
|
||||||
}
|
}
|
||||||
const userBookingIds = userWithBookings.bookings.map((booking: any) => booking.id).flat();
|
const userBookingIds = userWithBookings.bookings.map((booking: any) => booking.id).flat();
|
||||||
if (!userBookingIds.includes(bookingId)) res.status(401).json({ message: "Unauthorized" });
|
// Here we make sure to only return attendee's of the user's own bookings.
|
||||||
|
if (!userBookingIds.includes(parseInt(safe.data.bookingId)))
|
||||||
|
res.status(401).json({ message: "Unauthorized" });
|
||||||
else {
|
else {
|
||||||
delete safe.data.bookingId;
|
delete safe.data.bookingId;
|
||||||
const noBookingId = safe.data;
|
const noBookingId = safe.data;
|
||||||
const data = await prisma.attendee.create({
|
const data = await prisma.attendee.create({
|
||||||
data: {
|
data: {
|
||||||
...noBookingId,
|
...noBookingId,
|
||||||
booking: { connect: { id: bookingId } },
|
booking: { connect: { id: parseInt(bookingId) } },
|
||||||
},
|
},
|
||||||
});
|
});
|
||||||
const attendee = schemaAttendeePublic.parse(data);
|
const attendee = schemaAttendeePublic.parse(data);
|
||||||
|
|
Loading…
Reference in New Issue