Safe parse for userId
Joe Au-Yeung
parent
4ac9c1e6dd
commit
2a7a111855
|
|
@ -1,11 +1,12 @@
|
|||
import { z } from "zod";
|
||||
|
||||
import { _ScheduleModel as Schedule } from "@calcom/prisma/zod";
|
||||
import { _ScheduleModel as Schedule, _AvailabilityModel as Availability } from "@calcom/prisma/zod";
|
||||
|
||||
const schemaScheduleBaseBodyParams = Schedule.omit({ id: true }).partial();
|
||||
|
||||
const schemaScheduleRequiredParams = z.object({
|
||||
name: z.string(),
|
||||
name: z.string().optional(),
|
||||
userId: z.union([z.number(), z.array(z.number())]).optional(),
|
||||
});
|
||||
|
||||
export const schemaScheduleBodyParams = schemaScheduleBaseBodyParams.merge(schemaScheduleRequiredParams);
|
||||
|
|
@ -15,6 +16,8 @@ export const schemaSchedulePublic = z
|
|||
.merge(Schedule)
|
||||
.merge(
|
||||
z.object({
|
||||
availability: z.array(z.object({ id: z.number() })).optional(),
|
||||
availability: z
|
||||
.array(Availability.pick({ id: true, eventTypeId: true, days: true, startTime: true, endTime: true }))
|
||||
.optional(),
|
||||
})
|
||||
);
|
||||
|
|
|
|||
|
|
@ -12,17 +12,18 @@ export async function scheduleById(
|
|||
{ method, query, body, userId, isAdmin, prisma }: NextApiRequest,
|
||||
res: NextApiResponse<ScheduleResponse>
|
||||
) {
|
||||
if (body.userId && !isAdmin) {
|
||||
const safeQuery = schemaQueryIdParseInt.safeParse(query);
|
||||
const safeBody = schemaScheduleBodyParams.safeParse(body);
|
||||
|
||||
if (safeBody.data.userId && !isAdmin) {
|
||||
res.status(401).json({ message: "Unauthorized" });
|
||||
return;
|
||||
}
|
||||
const safeQuery = schemaQueryIdParseInt.safeParse(query);
|
||||
const safeBody = schemaScheduleBodyParams.safeParse(body);
|
||||
if (!safeQuery.success) {
|
||||
res.status(400).json({ message: "Your query was invalid" });
|
||||
return;
|
||||
}
|
||||
const userSchedules = await prisma.schedule.findMany({ where: { userId: body.userId || userId } });
|
||||
const userSchedules = await prisma.schedule.findMany({ where: { userId: safeBody.data.userId || userId } });
|
||||
const userScheduleIds = userSchedules.map((schedule) => schedule.id);
|
||||
if (!userScheduleIds.includes(safeQuery.data.id)) {
|
||||
res.status(401).json({ message: "Unauthorized" });
|
||||
|
|
@ -56,7 +57,7 @@ export async function scheduleById(
|
|||
await prisma.schedule
|
||||
.findUnique({
|
||||
where: { id: safeQuery.data.id },
|
||||
include: { availability: { select: { id: true } } },
|
||||
include: { availability: true },
|
||||
})
|
||||
.then((data) => schemaSchedulePublic.parse(data))
|
||||
.then((schedule) => res.status(200).json({ schedule }))
|
||||
|
|
@ -98,6 +99,9 @@ export async function scheduleById(
|
|||
return;
|
||||
}
|
||||
}
|
||||
|
||||
delete safeBody.data.userId;
|
||||
|
||||
await prisma.schedule
|
||||
.update({ where: { id: safeQuery.data.id }, data: safeBody.data })
|
||||
.then((data) => schemaSchedulePublic.parse(data))
|
||||
|
|
|
|||
Loading…
Reference in New Issue