fix: rename users id to users userId to easier availability sharing _get endpoint

lib/validations/shared/queryUserId.ts

@@ -0,0 +1,15 @@
+import { withValidation } from "next-validations";
+import { z } from "zod";
+
+import { baseApiParams } from "./baseApiParams";
+
+// Extracted out as utility function so can be reused
+// at different endpoints that require this validation.
+export const schemaQueryUserId = baseApiParams
+  .extend({
+    userId: z
+      .string()
+      .regex(/^\d+$/)
+      .transform((id) => parseInt(id)),
+  })
+  .strict();

pages/api/availability/_get.ts

@@ -7,7 +7,7 @@ import { stringOrNumber } from "@calcom/prisma/zod-utils";
 
 const availabilitySchema = z
   .object({
-    userId: stringOrNumber.optional(),
+    userId: stringOrNumber,
     username: z.string().optional(),
     dateFrom: z.string(),
     dateTo: z.string(),

pages/api/users/[id]/availability/_get.ts

@@ -1,29 +0,0 @@
-import type { NextApiRequest } from "next";
-import { z } from "zod";
-
-import { getUserAvailability } from "@calcom/core/getUserAvailability";
-import { defaultResponder } from "@calcom/lib/server";
-import { stringOrNumber } from "@calcom/prisma/zod-utils";
-
-const availabilitySchema = z
-  .object({
-    id: stringOrNumber,
-    username: z.string().optional(),
-    dateFrom: z.string(),
-    dateTo: z.string(),
-    eventTypeId: stringOrNumber.optional(),
-  })
-  .refine((data) => !!data.username || !!data.id, "Either username or userId should be filled in.");
-
-async function handler(req: NextApiRequest) {
-  const { username, id, eventTypeId, dateTo, dateFrom } = availabilitySchema.parse(req.query);
-  return getUserAvailability({
-    username,
-    dateFrom,
-    dateTo,
-    eventTypeId,
-    userId: id,
-  });
-}
-
-export default defaultResponder(handler);

pages/api/users/[userId]/_delete.ts

@@ -5,7 +5,7 @@ import { defaultResponder } from "@calcom/lib/server";
 import prisma from "@calcom/prisma";
 
 import { isAdminGuard } from "@lib/utils/isAdmin";
-import { schemaQueryIdParseInt } from "@lib/validations/shared/queryIdTransformParseInt";
+import { schemaQueryUserId } from "@lib/validations/shared/queryUserId";
 
 /**
  * @swagger
@@ -32,10 +32,11 @@ import { schemaQueryIdParseInt } from "@lib/validations/shared/queryIdTransformP
  *        description: Authorization information is missing or invalid.
  */
 export async function deleteHandler(req: NextApiRequest) {
-  const query = schemaQueryIdParseInt.parse(req.query);
+  const query = schemaQueryUserId.parse(req.query);
   const isAdmin = await isAdminGuard(req.userId);
   // Here we only check for ownership of the user if the user is not admin, otherwise we let ADMIN's edit any user
-  if (!isAdmin && query.id !== req.userId) throw new HttpError({ statusCode: 401, message: "Unauthorized" });
+  if (!isAdmin && query.userId !== req.userId)
+    throw new HttpError({ statusCode: 401, message: "Unauthorized" });
 
   const user = await prisma.user.findUnique({ where: { id: query.id } });
   if (!user) throw new HttpError({ statusCode: 404, message: "User not found" });

pages/api/users/[userId]/_get.ts

@@ -5,7 +5,7 @@ import { defaultResponder } from "@calcom/lib/server";
 import prisma from "@calcom/prisma";
 
 import { isAdminGuard } from "@lib/utils/isAdmin";
-import { schemaQueryIdParseInt } from "@lib/validations/shared/queryIdTransformParseInt";
+import { schemaQueryUserId } from "@lib/validations/shared/queryUserId";
 import { schemaUserReadPublic } from "@lib/validations/user";
 
 /**
@@ -33,11 +33,12 @@ import { schemaUserReadPublic } from "@lib/validations/user";
  *         description: User was not found
  */
 export async function getHandler(req: NextApiRequest) {
-  const query = schemaQueryIdParseInt.parse(req.query);
+  const query = schemaQueryUserId.parse(req.query);
   const isAdmin = await isAdminGuard(req.userId);
   // Here we only check for ownership of the user if the user is not admin, otherwise we let ADMIN's edit any user
-  if (!isAdmin && query.id !== req.userId) throw new HttpError({ statusCode: 401, message: "Unauthorized" });
-  const data = await prisma.user.findUnique({ where: { id: query.id } });
+  if (!isAdmin && query.userId !== req.userId)
+    throw new HttpError({ statusCode: 401, message: "Unauthorized" });
+  const data = await prisma.user.findUnique({ where: { id: query.userId } });
   const user = schemaUserReadPublic.parse(data);
   return { user };
 }

pages/api/users/[userId]/_patch.ts

@@ -5,7 +5,7 @@ import { defaultResponder } from "@calcom/lib/server";
 import prisma from "@calcom/prisma";
 
 import { isAdminGuard } from "@lib/utils/isAdmin";
-import { schemaQueryIdParseInt } from "@lib/validations/shared/queryIdTransformParseInt";
+import { schemaQueryUserId } from "@lib/validations/shared/queryUserId";
 import { schemaUserEditBodyParams, schemaUserReadPublic } from "@lib/validations/user";
 
 /**
@@ -54,10 +54,11 @@ import { schemaUserEditBodyParams, schemaUserReadPublic } from "@lib/validations
  *        description: Authorization information is missing or invalid.
  */
 export async function patchHandler(req: NextApiRequest) {
-  const query = schemaQueryIdParseInt.parse(req.query);
+  const query = schemaQueryUserId.parse(req.query);
   const isAdmin = await isAdminGuard(req.userId);
   // Here we only check for ownership of the user if the user is not admin, otherwise we let ADMIN's edit any user
-  if (!isAdmin && query.id !== req.userId) throw new HttpError({ statusCode: 401, message: "Unauthorized" });
+  if (!isAdmin && query.userId !== req.userId)
+    throw new HttpError({ statusCode: 401, message: "Unauthorized" });
 
   const body = schemaUserEditBodyParams.parse(req.body);
   const userSchedules = await prisma.schedule.findMany({

pages/api/users/[userId]/availability/index.ts

@@ -4,6 +4,6 @@ import { withMiddleware } from "@lib/helpers/withMiddleware";
 
 export default withMiddleware("HTTP_GET")(
   defaultHandler({
-    GET: import("./_get"),
+    GET: import("@api/availability/_get"),
   })
 );