public-offering
/
cal.pub0.org
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #107 from calcom/feat/admin-events 

Feat: Add admin enpoints for event-types, bookings, attendees
pull/9078/head
Agusti Fernandez Pardo 2022-06-15 21:58:31 +02:00 committed by GitHub
parent 3eda1507c6 26b9e94568
commit 26f861d0d0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 132 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/helpers/verifyApiKey.ts
View File

@ -4,12 +4,15 @@ import { NextMiddleware } from "next-api-middleware";
import { hashAPIKey } from "@calcom/ee/lib/api/apiKeys";
import prisma from "@calcom/prisma";
import { isAdminGuard } from "@lib/utils/isAdmin";
/** @todo figure how to use the one from `@calcom/types`fi */
/** @todo: remove once `@calcom/types` is updated with it.*/
declare module "next" {
export interface NextApiRequest extends IncomingMessage {
userId: number;
method: string;
isAdmin: boolean;
query: { [key: string]: string | string[] };
// eslint-disable-next-line @typescript-eslint/no-explicit-any
session: any;
@ -41,5 +44,8 @@ export const verifyApiKey: NextMiddleware = async (req, res, next) => {
if (!apiKey.userId) return res.status(404).json({ error: "No user found for this apiKey" });
/* We save the user id in the request for later use */
req.userId = apiKey.userId;
/* We save the isAdmin boolean here for later use */
req.isAdmin = await isAdminGuard(req.userId);
await next();
};

2
lib/validations/booking.ts
View File

@ -3,7 +3,6 @@ import { z } from "zod";
import { _BookingModel as Booking } from "@calcom/prisma/zod";
const schemaBookingBaseBodyParams = Booking.pick({
uid: true,
userId: true,
eventTypeId: true,
title: true,
@ -24,7 +23,6 @@ export const schemaBookingCreateBodyParams = schemaBookingBaseBodyParams.merge(s
const schemaBookingEditParams = z
.object({
uid: z.string().optional(),
title: z.string().optional(),
startTime: z.date().optional(),
endTime: z.date().optional(),

10
pages/api/attendees/[id].ts
View File

@ -11,7 +11,7 @@ import {
} from "@lib/validations/shared/queryIdTransformParseInt";
export async function attendeeById(
{ method, query, body, userId }: NextApiRequest,
{ method, query, body, userId, isAdmin }: NextApiRequest,
res: NextApiResponse<AttendeeResponse>
) {
const safeQuery = schemaQueryIdParseInt.safeParse(query);
@ -33,9 +33,11 @@ export async function attendeeById(
.flat()
.map((attendee) => attendee.id)
);
// @note: Here we make sure to only return attendee's of the user's own bookings.
if (!userBookingsAttendeeIds.includes(safeQuery.data.id)) res.status(401).json({ message: "Unauthorized" });
else {
// @note: Here we make sure to only return attendee's of the user's own bookings if the user is not an admin.
if (!isAdmin) {
if (!userBookingsAttendeeIds.includes(safeQuery.data.id))
res.status(401).json({ message: "Unauthorized" });
} else {
switch (method) {
/**
* @swagger

50
pages/api/attendees/index.ts
View File

@ -1,16 +1,18 @@
import type { NextApiRequest, NextApiResponse } from "next";
import db from "@calcom/prisma";
import prisma from "@calcom/prisma";
import { withMiddleware } from "@lib/helpers/withMiddleware";
import { AttendeeResponse, AttendeesResponse } from "@lib/types";
import { schemaAttendeeCreateBodyParams, schemaAttendeeReadPublic } from "@lib/validations/attendee";
async function createOrlistAllAttendees(
{ method, userId, body }: NextApiRequest,
{ method, userId, body, isAdmin }: NextApiRequest,
res: NextApiResponse<AttendeesResponse | AttendeeResponse>
) {
const userBookings = await db.booking.findMany({
let attendees;
if (!isAdmin) {
const userBookings = await prisma.booking.findMany({
where: {
userId,
},
@ -18,7 +20,11 @@ async function createOrlistAllAttendees(
attendees: true,
},
});
const attendees = userBookings.map((booking) => booking.attendees).flat();
attendees = userBookings.map((booking) => booking.attendees).flat();
} else {
const data = await prisma.attendee.findMany();
attendees = data.map((attendee) => schemaAttendeeReadPublic.parse(attendee));
}
if (method === "GET") {
/**
* @swagger
@ -37,12 +43,7 @@ async function createOrlistAllAttendees(
* description: No attendees were found
*/
if (attendees) res.status(200).json({ attendees });
else
(error: Error) =>
res.status(404).json({
message: "No Attendees were found",
error,
});
else (error: Error) => res.status(400).json({ error });
} else if (method === "POST") {
/**
* @swagger
@ -90,16 +91,39 @@ async function createOrlistAllAttendees(
res.status(400).json({ message: "Invalid request body", error: safePost.error });
return;
}
const userWithBookings = await db.user.findUnique({ where: { id: userId }, include: { bookings: true } });
if (!isAdmin) {
const userWithBookings = await prisma.user.findUnique({
where: { id: userId },
include: { bookings: true },
});
if (!userWithBookings) {
res.status(404).json({ message: "User not found" });
return;
}
const userBookingIds = userWithBookings.bookings.map((booking: { id: number }) => booking.id).flat();
// Here we make sure to only return attendee's of the user's own bookings.
if (!userBookingIds.includes(safePost.data.bookingId)) res.status(401).json({ message: "Unauthorized" });
if (!userBookingIds.includes(safePost.data.bookingId))
res.status(401).json({ message: "Unauthorized" });
else {
const data = await db.attendee.create({
const data = await prisma.attendee.create({
data: {
email: safePost.data.email,
name: safePost.data.name,
timeZone: safePost.data.timeZone,
booking: { connect: { id: safePost.data.bookingId } },
},
});
const attendee = schemaAttendeeReadPublic.parse(data);
if (attendee) {
res.status(201).json({
attendee,
message: "Attendee created successfully",
});
} else (error: Error) => res.status(400).json({ error });
}
} else {
const data = await prisma.attendee.create({
data: {
email: safePost.data.email,
name: safePost.data.name,

6
pages/api/bookings/[id].ts
View File

@ -11,7 +11,7 @@ import {
} from "@lib/validations/shared/queryIdTransformParseInt";
export async function bookingById(
{ method, query, body, userId }: NextApiRequest,
{ method, query, body, userId, isAdmin }: NextApiRequest,
res: NextApiResponse<BookingResponse>
) {
const safeQuery = schemaQueryIdParseInt.safeParse(query);
@ -25,8 +25,10 @@ export async function bookingById(
});
if (!userWithBookings) throw new Error("User not found");
const userBookingIds = userWithBookings.bookings.map((booking: { id: number }) => booking.id).flat();
if (!isAdmin) {
if (!userBookingIds.includes(safeQuery.data.id)) res.status(401).json({ message: "Unauthorized" });
else {
} else {
switch (method) {
/**
* @swagger

21
pages/api/bookings/index.ts
View File

@ -12,7 +12,7 @@ import { schemaBookingCreateBodyParams, schemaBookingReadPublic } from "@lib/val
import { schemaEventTypeReadPublic } from "@lib/validations/event-type";
async function createOrlistAllBookings(
{ method, body, userId }: NextApiRequest,
{ method, body, userId, isAdmin }: NextApiRequest,
res: NextApiResponse<BookingsResponse | BookingResponse>
) {
console.log("userIduserId", userId);
@ -33,16 +33,29 @@ async function createOrlistAllBookings(
* 404:
* description: No bookings were found
*/
if (!isAdmin) {
const data = await prisma.booking.findMany({ where: { userId } });
const bookings = data.map((booking) => schemaBookingReadPublic.parse(booking));
console.log(`Bookings requested by ${userId}`);
if (bookings) res.status(200).json({ bookings });
else
else {
(error: Error) =>
res.status(404).json({
message: "No Bookings were found",
error,
});
}
} else {
const data = await prisma.booking.findMany();
const bookings = data.map((booking) => schemaBookingReadPublic.parse(booking));
if (bookings) res.status(200).json({ bookings });
else {
(error: Error) =>
res.status(404).json({
message: "No Bookings were found",
error,
});
}
}
} else if (method === "POST") {
/**
* @swagger
@ -83,7 +96,9 @@ async function createOrlistAllBookings(
res.status(400).json({ message: "Bad request. Booking body is invalid." });
return;
}
if (!isAdmin) {
safe.data.userId = userId;
}
const data = await prisma.booking.create({ data: { uid: uuidv4(), ...safe.data } });
const booking = schemaBookingReadPublic.parse(data);

8
pages/api/event-types/[id].ts
View File

@ -11,7 +11,7 @@ import {
} from "@lib/validations/shared/queryIdTransformParseInt";
export async function eventTypeById(
{ method, query, body, userId }: NextApiRequest,
{ method, query, body, userId, isAdmin }: NextApiRequest,
res: NextApiResponse<EventTypeResponse>
) {
const safeQuery = schemaQueryIdParseInt.safeParse(query);
@ -19,15 +19,15 @@ export async function eventTypeById(
res.status(400).json({ message: "Your query was invalid" });
return;
}
const data = await await prisma.user.findUnique({
const data = await prisma.user.findUnique({
where: { id: userId },
rejectOnNotFound: true,
select: { eventTypes: true },
});
const userEventTypes = data.eventTypes.map((eventType) => eventType.id);
if (!isAdmin) {
if (!userEventTypes.includes(safeQuery.data.id)) res.status(401).json({ message: "Unauthorized" });
else {
} else {
switch (method) {
/**
* @swagger

24
pages/api/event-types/index.ts
View File

@ -7,7 +7,7 @@ import { EventTypeResponse, EventTypesResponse } from "@lib/types";
import { schemaEventTypeCreateBodyParams, schemaEventTypeReadPublic } from "@lib/validations/event-type";
async function createOrlistAllEventTypes(
{ method, body, userId }: NextApiRequest,
{ method, body, userId, isAdmin }: NextApiRequest,
res: NextApiResponse<EventTypesResponse | EventTypeResponse>
) {
if (method === "GET") {
@ -29,6 +29,7 @@ async function createOrlistAllEventTypes(
* 404:
* description: No event types were found
*/
if (!isAdmin) {
const data = await prisma.user
.findUnique({
where: { id: userId },
@ -36,6 +37,7 @@ async function createOrlistAllEventTypes(
select: { eventTypes: true },
})
.catch((error) => res.status(404).json({ message: "No event types were found", error }));
// @todo: add validations back schemaReadEventType.parse
if (data) res.status(200).json({ event_types: data.eventTypes });
else
(error: Error) =>
@ -43,6 +45,11 @@ async function createOrlistAllEventTypes(
message: "No EventTypes were found",
error,
});
} else {
const data = await prisma.eventType.findMany({});
const event_types = data.map((eventType) => schemaEventTypeReadPublic.parse(eventType));
if (event_types) res.status(200).json({ event_types });
}
} else if (method === "POST") {
/**
* @swagger
@ -92,17 +99,16 @@ async function createOrlistAllEventTypes(
res.status(400).json({ message: "Invalid request body", error: safe.error });
return;
}
if (!isAdmin) {
const data = await prisma.eventType.create({ data: { ...safe.data, userId } });
const event_type = schemaEventTypeReadPublic.parse(data);
if (data) res.status(201).json({ event_type, message: "EventType created successfully" });
else
(error: Error) =>
res.status(400).json({
message: "Could not create new event type",
error,
});
} else {
// if admin don't re-set userId from input
const data = await prisma.eventType.create({ data: { ...safe.data } });
const event_type = schemaEventTypeReadPublic.parse(data);
if (data) res.status(201).json({ event_type, message: "EventType created successfully" });
}
} else res.status(405).json({ message: `Method ${method} not allowed` });
}