public-offering
/
cal.pub0.org
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #168 from calcom/create-schedule-with-availability 

Admin privileges for /schedules
pull/9078/head
Syed Ali Shahbaz 2022-10-07 10:23:41 +02:00 committed by GitHub
parent 2a05f15156 628306793d
commit 0abf286785
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 181 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lib/helpers/safeParseJSON.ts Normal file
View File

@ -0,0 +1,14 @@
export default function parseJSONSafely(str: string) {
try {
return JSON.parse(str);
} catch (e) {
console.error((e as Error).message);
if ((e as Error).message.includes("Unexpected token")) {
return {
success: false,
message: `Invalid JSON in the body: ${(e as Error).message}`,
};
}
return {};
}
}

25
lib/validations/schedule.ts
View File

@ -1,14 +1,31 @@
import { z } from "zod"; import { z } from "zod";
import { _ScheduleModel as Schedule } from "@calcom/prisma/zod"; import { _ScheduleModel as Schedule, _AvailabilityModel as Availability } from "@calcom/prisma/zod";
const schemaScheduleBaseBodyParams = Schedule.omit({ id: true }).partial(); const schemaScheduleBaseBodyParams = Schedule.omit({ id: true }).partial();
const schemaScheduleRequiredParams = z.object({ const schemaScheduleRequiredParams = z.object({
userId: z.number(), name: z.string().optional(),
name: z.string(), userId: z.union([z.number(), z.array(z.number())]).optional(),
}); });
export const schemaScheduleBodyParams = schemaScheduleBaseBodyParams.merge(schemaScheduleRequiredParams); export const schemaScheduleBodyParams = schemaScheduleBaseBodyParams.merge(schemaScheduleRequiredParams);
export const schemaSchedulePublic = Schedule.omit({}); export const schemaSingleScheduleBodyParams = schemaScheduleBaseBodyParams.merge(
z.object({ userId: z.number().optional() })
);
export const schemaCreateScheduleBodyParams = schemaScheduleBaseBodyParams.merge(
z.object({ userId: z.number().optional(), name: z.string() })
);
export const schemaSchedulePublic = z
.object({ id: z.number() })
.merge(Schedule)
.merge(
z.object({
availability: z
.array(Availability.pick({ id: true, eventTypeId: true, days: true, startTime: true, endTime: true }))
.optional(),
})
);

37
pages/api/schedules/[id].ts
View File

@ -1,27 +1,44 @@
import type { NextApiRequest, NextApiResponse } from "next"; import type { NextApiRequest, NextApiResponse } from "next";
import safeParseJSON from "@lib/helpers/safeParseJSON";
import { withMiddleware } from "@lib/helpers/withMiddleware"; import { withMiddleware } from "@lib/helpers/withMiddleware";
import type { ScheduleResponse } from "@lib/types"; import type { ScheduleResponse } from "@lib/types";
import { schemaScheduleBodyParams, schemaSchedulePublic } from "@lib/validations/schedule"; import { schemaSingleScheduleBodyParams, schemaSchedulePublic } from "@lib/validations/schedule";
import { import {
schemaQueryIdParseInt, schemaQueryIdParseInt,
withValidQueryIdTransformParseInt, withValidQueryIdTransformParseInt,
} from "@lib/validations/shared/queryIdTransformParseInt"; } from "@lib/validations/shared/queryIdTransformParseInt";
export async function scheduleById( export async function scheduleById(
{ method, query, body, userId, prisma }: NextApiRequest, { method, query, body, userId, isAdmin, prisma }: NextApiRequest,
res: NextApiResponse<ScheduleResponse> res: NextApiResponse<ScheduleResponse>
) { ) {
body = safeParseJSON(body);
if (!body.success) {
res.status(400).json({ message: body.message });
}
const safeBody = schemaSingleScheduleBodyParams.safeParse(body);
if (!safeBody.success) {
res.status(400).json({ message: "Bad request" });
return;
}
const safeQuery = schemaQueryIdParseInt.safeParse(query); const safeQuery = schemaQueryIdParseInt.safeParse(query);
const safeBody = schemaScheduleBodyParams.safeParse(body); if (safeBody.data.userId && !isAdmin) {
res.status(401).json({ message: "Unauthorized" });
return;
}
if (!safeQuery.success) { if (!safeQuery.success) {
res.status(400).json({ message: "Your query was invalid" }); res.status(400).json({ message: "Your query was invalid" });
return; return;
} }
const userSchedules = await prisma.schedule.findMany({ where: { userId } }); const userSchedules = await prisma.schedule.findMany({ where: { userId: safeBody.data.userId || userId } });
const userScheduleIds = userSchedules.map((schedule) => schedule.id); const userScheduleIds = userSchedules.map((schedule) => schedule.id);
if (!userScheduleIds.includes(safeQuery.data.id)) res.status(401).json({ message: "Unauthorized" }); if (!userScheduleIds.includes(safeQuery.data.id)) {
else { res.status(401).json({ message: "Unauthorized" });
return;
} else {
switch (method) { switch (method) {
/** /**
* @swagger * @swagger
@ -48,7 +65,10 @@ export async function scheduleById(
*/ */
case "GET": case "GET":
await prisma.schedule await prisma.schedule
.findUnique({ where: { id: safeQuery.data.id } }) .findUnique({
where: { id: safeQuery.data.id },
include: { availability: true },
})
.then((data) => schemaSchedulePublic.parse(data)) .then((data) => schemaSchedulePublic.parse(data))
.then((schedule) => res.status(200).json({ schedule })) .then((schedule) => res.status(200).json({ schedule }))
.catch((error: Error) => .catch((error: Error) =>
@ -89,6 +109,9 @@ export async function scheduleById(
return; return;
} }
} }
delete safeBody.data.userId;
await prisma.schedule await prisma.schedule
.update({ where: { id: safeQuery.data.id }, data: safeBody.data }) .update({ where: { id: safeQuery.data.id }, data: safeBody.data })
.then((data) => schemaSchedulePublic.parse(data)) .then((data) => schemaSchedulePublic.parse(data))

176
pages/api/schedules/index.ts
View File

@ -1,72 +1,128 @@
import type { NextApiRequest, NextApiResponse } from "next"; import type { NextApiRequest, NextApiResponse } from "next";
import { getAvailabilityFromSchedule, DEFAULT_SCHEDULE } from "@calcom/lib/availability";
import safeParseJSON from "@lib/helpers/safeParseJSON";
import { withMiddleware } from "@lib/helpers/withMiddleware"; import { withMiddleware } from "@lib/helpers/withMiddleware";
import { ScheduleResponse, SchedulesResponse } from "@lib/types"; import { ScheduleResponse, SchedulesResponse } from "@lib/types";
import { schemaScheduleBodyParams, schemaSchedulePublic } from "@lib/validations/schedule"; import {
schemaScheduleBodyParams,
schemaSchedulePublic,
schemaCreateScheduleBodyParams,
} from "@lib/validations/schedule";
async function createOrlistAllSchedules( async function createOrlistAllSchedules(
{ method, body, userId, prisma }: NextApiRequest, { method, body, userId, isAdmin, prisma }: NextApiRequest,
res: NextApiResponse<SchedulesResponse | ScheduleResponse> res: NextApiResponse<SchedulesResponse | ScheduleResponse>
) { ) {
if (method === "GET") { body = safeParseJSON(body);
/** if (!body.success) {
* @swagger res.status(400).json({ message: body.message });
* /schedules: return;
* get: }
* operationId: listSchedules
* summary: Find all schedules
* tags:
* - schedules
* responses:
* 200:
* description: OK
* 401:
* description: Authorization information is missing or invalid.
* 404:
* description: No schedules were found
*/
const data = await prisma.schedule.findMany({ where: { userId } });
const schedules = data.map((schedule) => schemaSchedulePublic.parse(schedule));
if (schedules) res.status(200).json({ schedules });
else
(error: Error) =>
res.status(404).json({
message: "No Schedules were found",
error,
});
} else if (method === "POST") {
/**
* @swagger
* /schedules:
* post:
* operationId: addSchedule
* summary: Creates a new schedule
* tags:
* - schedules
* responses:
* 201:
* description: OK, schedule created
* 400:
* description: Bad request. Schedule body is invalid.
* 401:
* description: Authorization information is missing or invalid.
*/
const safe = schemaScheduleBodyParams.safeParse(body);
if (!safe.success) {
res.status(400).json({ message: "Invalid request body" });
return;
}
const data = await prisma.schedule.create({ data: { ...safe.data, userId } });
const schedule = schemaSchedulePublic.parse(data);
if (schedule) res.status(201).json({ schedule, message: "Schedule created successfully" }); const safe = schemaScheduleBodyParams.safeParse(body);
else
(error: Error) => if (!safe.success) {
res.status(400).json({ res.status(400).json({ message: "Bad request" });
message: "Could not create new schedule", return;
error, }
});
} else res.status(405).json({ message: `Method ${method} not allowed` }); const safeBody = safe.data;
if (safeBody.userId && !isAdmin) {
res.status(401).json({ message: "Unauthorized" });
return;
} else {
if (method === "GET") {
/**
* @swagger
* /schedules:
* get:
* operationId: listSchedules
* summary: Find all schedules
* tags:
* - schedules
* responses:
* 200:
* description: OK
* 401:
* description: Authorization information is missing or invalid.
* 404:
* description: No schedules were found
*/
const userIds = Array.isArray(safeBody.userId) ? safeBody.userId : [safeBody.userId || userId];
const data = await prisma.schedule.findMany({
where: {
userId: { in: userIds },
},
include: { availability: true },
...(Array.isArray(body.userId) && { orderBy: { userId: "asc" } }),
});
const schedules = data.map((schedule) => schemaSchedulePublic.parse(schedule));
if (schedules) res.status(200).json({ schedules });
else
(error: Error) =>
res.status(404).json({
message: "No Schedules were found",
error,
});
} else if (method === "POST") {
/**
* @swagger
* /schedules:
* post:
* operationId: addSchedule
* summary: Creates a new schedule
* tags:
* - schedules
* responses:
* 201:
* description: OK, schedule created
* 400:
* description: Bad request. Schedule body is invalid.
* 401:
* description: Authorization information is missing or invalid.
*/
const safe = schemaCreateScheduleBodyParams.safeParse(body);
if (body.userId && !isAdmin) {
res.status(401).json({ message: "Unauthorized" });
return;
}
if (!safe.success) {
res.status(400).json({ message: "Invalid request body" });
return;
}
const data = await prisma.schedule.create({
data: {
...safe.data,
userId: safe.data.userId || userId,
availability: {
createMany: {
data: getAvailabilityFromSchedule(DEFAULT_SCHEDULE).map((schedule) => ({
days: schedule.days,
startTime: schedule.startTime,
endTime: schedule.endTime,
})),
},
},
},
});
const schedule = schemaSchedulePublic.parse(data);
if (schedule) res.status(201).json({ schedule, message: "Schedule created successfully" });
else
(error: Error) =>
res.status(400).json({
message: "Could not create new schedule",
error,
});
} else res.status(405).json({ message: `Method ${method} not allowed` });
}
} }
export default withMiddleware("HTTP_GET_OR_POST")(createOrlistAllSchedules); export default withMiddleware("HTTP_GET_OR_POST")(createOrlistAllSchedules);