diff --git a/lib/validations/user.ts b/lib/validations/user.ts index 2385224f5a..c780dfbed8 100644 --- a/lib/validations/user.ts +++ b/lib/validations/user.ts @@ -150,4 +150,6 @@ export const schemaUserReadPublic = User.pick({ createdDate: true, verified: true, invitedTo: true, -}).merge(schemaUserEditBodyParams); +}); + +export const schemaUsersReadPublic = z.array(schemaUserReadPublic); diff --git a/pages/api/users/_get.ts b/pages/api/users/_get.ts new file mode 100644 index 0000000000..4c4aadaecd --- /dev/null +++ b/pages/api/users/_get.ts @@ -0,0 +1,37 @@ +import type { NextApiRequest } from "next"; + +import { defaultResponder } from "@calcom/lib/server"; +import prisma from "@calcom/prisma"; + +import { isAdminGuard } from "@lib/utils/isAdmin"; +import { schemaUsersReadPublic } from "@lib/validations/user"; + +import { Prisma } from ".prisma/client"; + +/** + * @swagger + * /users: + * get: + * operationId: listUsers + * summary: Find all users. + * tags: + * - users + * responses: + * 200: + * description: OK + * 401: + * description: Authorization information is missing or invalid. + * 404: + * description: No users were found + */ +async function getHandler({ userId }: NextApiRequest) { + const isAdmin = await isAdminGuard(userId); + const where: Prisma.UserWhereInput = {}; + // If user is not ADMIN, return only his data. + if (!isAdmin) where.id = userId; + const data = await prisma.user.findMany({ where }); + const users = schemaUsersReadPublic.parse(data); + return { users }; +} + +export default defaultResponder(getHandler); diff --git a/pages/api/users/_post.ts b/pages/api/users/_post.ts new file mode 100644 index 0000000000..908a9c4bcc --- /dev/null +++ b/pages/api/users/_post.ts @@ -0,0 +1,20 @@ +import { HttpError } from "@/../../packages/lib/http-error"; +import type { NextApiRequest } from "next"; + +import { defaultResponder } from "@calcom/lib/server"; +import prisma from "@calcom/prisma"; + +import { isAdminGuard } from "@lib/utils/isAdmin"; +import { schemaUserCreateBodyParams } from "@lib/validations/user"; + +async function postHandler(req: NextApiRequest) { + const isAdmin = await isAdminGuard(req.userId); + // If user is not ADMIN, return unauthorized. + if (!isAdmin) throw new HttpError({ statusCode: 401, message: "You are not authorized" }); + const data = schemaUserCreateBodyParams.parse(req.body); + const user = await prisma.user.create({ data }); + req.statusCode = 201; + return { user }; +} + +export default defaultResponder(postHandler); diff --git a/pages/api/users/index.ts b/pages/api/users/index.ts index 3839ae21b6..c07846423f 100644 --- a/pages/api/users/index.ts +++ b/pages/api/users/index.ts @@ -1,60 +1,10 @@ -import type { NextApiRequest, NextApiResponse } from "next"; - -import prisma from "@calcom/prisma"; +import { defaultHandler } from "@calcom/lib/server"; import { withMiddleware } from "@lib/helpers/withMiddleware"; -import { UserResponse, UsersResponse } from "@lib/types"; -import { isAdminGuard } from "@lib/utils/isAdmin"; -import { schemaUserReadPublic, schemaUserCreateBodyParams } from "@lib/validations/user"; -/** - * @swagger - * /users: - * get: - * operationId: listUsers - * summary: Find all users. - * tags: - * - users - * responses: - * 200: - * description: OK - * 401: - * description: Authorization information is missing or invalid. - * 404: - * description: No users were found - */ -async function getAllorCreateUser( - { userId, method, body }: NextApiRequest, - res: NextApiResponse -) { - const isAdmin = await isAdminGuard(userId); - if (method === "GET") { - if (!isAdmin) { - // If user is not ADMIN, return only his data. - const data = await prisma.user.findMany({ where: { id: userId } }); - const users = data.map((user) => schemaUserReadPublic.parse(user)); - if (users) res.status(200).json({ users }); - } else { - // If user is admin, return all users. - const data = await prisma.user.findMany({}); - const users = data.map((user) => schemaUserReadPublic.parse(user)); - if (users) res.status(200).json({ users }); - } - } else if (method === "POST") { - // If user is not ADMIN, return unauthorized. - if (!isAdmin) res.status(401).json({ message: "You are not authorized" }); - else { - const safeBody = schemaUserCreateBodyParams.safeParse(body); - if (!safeBody.success) { - res.status(400).json({ message: "Your body was invalid" }); - return; - } - const user = await prisma.user.create({ - data: safeBody.data, - }); - res.status(201).json({ user }); - } - } -} - -export default withMiddleware("HTTP_GET_OR_POST")(getAllorCreateUser); +export default withMiddleware("HTTP_GET_OR_POST")( + defaultHandler({ + GET: import("./_get"), + POST: import("./_post"), + }) +);