feat: admin endpoints for bookings

2022-06-15 21:10:19 +02:00 · 2022-06-15 21:10:19 +02:00 · 6349491ae7
parent dd94df8c97
commit 6349491ae7
3 changed files with 31 additions and 15 deletions
--- a/lib/validations/booking.ts
+++ b/lib/validations/booking.ts
@ -3,7 +3,6 @@ import { z } from "zod";
 import { _BookingModel as Booking } from "@calcom/prisma/zod";

 const schemaBookingBaseBodyParams = Booking.pick({
-  uid: true,
  userId: true,
  eventTypeId: true,
  title: true,
--- a/pages/api/bookings/[id].ts
+++ b/pages/api/bookings/[id].ts
@ -11,7 +11,7 @@ import {
 } from "@lib/validations/shared/queryIdTransformParseInt";

 export async function bookingById(
-  { method, query, body, userId }: NextApiRequest,
+  { method, query, body, userId, isAdmin }: NextApiRequest,
  res: NextApiResponse<BookingResponse>
 ) {
  const safeQuery = schemaQueryIdParseInt.safeParse(query);
@ -25,8 +25,10 @@ export async function bookingById(
  });
  if (!userWithBookings) throw new Error("User not found");
  const userBookingIds = userWithBookings.bookings.map((booking: { id: number }) => booking.id).flat();
-  if (!userBookingIds.includes(safeQuery.data.id)) res.status(401).json({ message: "Unauthorized" });
-  else {
+
+  if (!isAdmin) {
+    if (!userBookingIds.includes(safeQuery.data.id)) res.status(401).json({ message: "Unauthorized" });
+  } else {
    switch (method) {
      /**
       * @swagger
--- a/pages/api/bookings/index.ts
+++ b/pages/api/bookings/index.ts
@ -33,16 +33,29 @@ async function createOrlistAllBookings(
     *       404:
     *         description: No bookings were found
     */
-    const data = await prisma.booking.findMany({ where: { userId } });
-    const bookings = data.map((booking) => schemaBookingReadPublic.parse(booking));
-    console.log(`Bookings requested by ${userId}`);
-    if (bookings) res.status(200).json({ bookings });
-    else
-      (error: Error) =>
-        res.status(404).json({
-          message: "No Bookings were found",
-          error,
-        });
+    if (!isAdmin) {
+      const data = await prisma.booking.findMany({ where: { userId } });
+      const bookings = data.map((booking) => schemaBookingReadPublic.parse(booking));
+      if (bookings) res.status(200).json({ bookings });
+      else {
+        (error: Error) =>
+          res.status(404).json({
+            message: "No Bookings were found",
+            error,
+          });
+      }
+    } else {
+      const data = await prisma.booking.findMany();
+      const bookings = data.map((booking) => schemaBookingReadPublic.parse(booking));
+      if (bookings) res.status(200).json({ bookings });
+      else {
+        (error: Error) =>
+          res.status(404).json({
+            message: "No Bookings were found",
+            error,
+          });
+      }
+    }
  } else if (method === "POST") {
    /**
     * @swagger
@ -83,7 +96,9 @@ async function createOrlistAllBookings(
      res.status(400).json({ message: "Bad request. Booking body is invalid." });
      return;
    }
-    safe.data.userId = userId;
+    if (!isAdmin) {
+      safe.data.userId = userId;
+    }
    const data = await prisma.booking.create({ data: { uid: uuidv4(), ...safe.data } });
    const booking = schemaBookingReadPublic.parse(data);