User endpoint refactoring
zomars
parent
4d93b08e4c
commit
58e1ea9bf6
|
|
@ -150,4 +150,6 @@ export const schemaUserReadPublic = User.pick({
|
|||
createdDate: true,
|
||||
verified: true,
|
||||
invitedTo: true,
|
||||
}).merge(schemaUserEditBodyParams);
|
||||
});
|
||||
|
||||
export const schemaUsersReadPublic = z.array(schemaUserReadPublic);
|
||||
|
|
|
|||
|
|
@ -0,0 +1,37 @@
|
|||
import type { NextApiRequest } from "next";
|
||||
|
||||
import { defaultResponder } from "@calcom/lib/server";
|
||||
import prisma from "@calcom/prisma";
|
||||
|
||||
import { isAdminGuard } from "@lib/utils/isAdmin";
|
||||
import { schemaUsersReadPublic } from "@lib/validations/user";
|
||||
|
||||
import { Prisma } from ".prisma/client";
|
||||
|
||||
/**
|
||||
* @swagger
|
||||
* /users:
|
||||
* get:
|
||||
* operationId: listUsers
|
||||
* summary: Find all users.
|
||||
* tags:
|
||||
* - users
|
||||
* responses:
|
||||
* 200:
|
||||
* description: OK
|
||||
* 401:
|
||||
* description: Authorization information is missing or invalid.
|
||||
* 404:
|
||||
* description: No users were found
|
||||
*/
|
||||
async function getHandler({ userId }: NextApiRequest) {
|
||||
const isAdmin = await isAdminGuard(userId);
|
||||
const where: Prisma.UserWhereInput = {};
|
||||
// If user is not ADMIN, return only his data.
|
||||
if (!isAdmin) where.id = userId;
|
||||
const data = await prisma.user.findMany({ where });
|
||||
const users = schemaUsersReadPublic.parse(data);
|
||||
return { users };
|
||||
}
|
||||
|
||||
export default defaultResponder(getHandler);
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
import { HttpError } from "@/../../packages/lib/http-error";
|
||||
import type { NextApiRequest } from "next";
|
||||
|
||||
import { defaultResponder } from "@calcom/lib/server";
|
||||
import prisma from "@calcom/prisma";
|
||||
|
||||
import { isAdminGuard } from "@lib/utils/isAdmin";
|
||||
import { schemaUserCreateBodyParams } from "@lib/validations/user";
|
||||
|
||||
async function postHandler(req: NextApiRequest) {
|
||||
const isAdmin = await isAdminGuard(req.userId);
|
||||
// If user is not ADMIN, return unauthorized.
|
||||
if (!isAdmin) throw new HttpError({ statusCode: 401, message: "You are not authorized" });
|
||||
const data = schemaUserCreateBodyParams.parse(req.body);
|
||||
const user = await prisma.user.create({ data });
|
||||
req.statusCode = 201;
|
||||
return { user };
|
||||
}
|
||||
|
||||
export default defaultResponder(postHandler);
|
||||
|
|
@ -1,60 +1,10 @@
|
|||
import type { NextApiRequest, NextApiResponse } from "next";
|
||||
|
||||
import prisma from "@calcom/prisma";
|
||||
import { defaultHandler } from "@calcom/lib/server";
|
||||
|
||||
import { withMiddleware } from "@lib/helpers/withMiddleware";
|
||||
import { UserResponse, UsersResponse } from "@lib/types";
|
||||
import { isAdminGuard } from "@lib/utils/isAdmin";
|
||||
import { schemaUserReadPublic, schemaUserCreateBodyParams } from "@lib/validations/user";
|
||||
|
||||
/**
|
||||
* @swagger
|
||||
* /users:
|
||||
* get:
|
||||
* operationId: listUsers
|
||||
* summary: Find all users.
|
||||
* tags:
|
||||
* - users
|
||||
* responses:
|
||||
* 200:
|
||||
* description: OK
|
||||
* 401:
|
||||
* description: Authorization information is missing or invalid.
|
||||
* 404:
|
||||
* description: No users were found
|
||||
*/
|
||||
async function getAllorCreateUser(
|
||||
{ userId, method, body }: NextApiRequest,
|
||||
res: NextApiResponse<UsersResponse | UserResponse>
|
||||
) {
|
||||
const isAdmin = await isAdminGuard(userId);
|
||||
if (method === "GET") {
|
||||
if (!isAdmin) {
|
||||
// If user is not ADMIN, return only his data.
|
||||
const data = await prisma.user.findMany({ where: { id: userId } });
|
||||
const users = data.map((user) => schemaUserReadPublic.parse(user));
|
||||
if (users) res.status(200).json({ users });
|
||||
} else {
|
||||
// If user is admin, return all users.
|
||||
const data = await prisma.user.findMany({});
|
||||
const users = data.map((user) => schemaUserReadPublic.parse(user));
|
||||
if (users) res.status(200).json({ users });
|
||||
}
|
||||
} else if (method === "POST") {
|
||||
// If user is not ADMIN, return unauthorized.
|
||||
if (!isAdmin) res.status(401).json({ message: "You are not authorized" });
|
||||
else {
|
||||
const safeBody = schemaUserCreateBodyParams.safeParse(body);
|
||||
if (!safeBody.success) {
|
||||
res.status(400).json({ message: "Your body was invalid" });
|
||||
return;
|
||||
}
|
||||
const user = await prisma.user.create({
|
||||
data: safeBody.data,
|
||||
});
|
||||
res.status(201).json({ user });
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
export default withMiddleware("HTTP_GET_OR_POST")(getAllorCreateUser);
|
||||
export default withMiddleware("HTTP_GET_OR_POST")(
|
||||
defaultHandler({
|
||||
GET: import("./_get"),
|
||||
POST: import("./_post"),
|
||||
})
|
||||
);
|
||||
|
|
|
|||
Loading…
Reference in New Issue