From ce8af8b6a5c0261d430d3a1d413df519248ffa54 Mon Sep 17 00:00:00 2001 From: Joe Au-Yeung Date: Wed, 5 Oct 2022 15:59:34 -0400 Subject: [PATCH 1/3] Allow for admin to edit other user's event types --- pages/api/event-types/[id].ts | 12 +++++++++--- pages/api/event-types/index.ts | 4 +++- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/pages/api/event-types/[id].ts b/pages/api/event-types/[id].ts index dd9ac1a4d9..bd8c823489 100644 --- a/pages/api/event-types/[id].ts +++ b/pages/api/event-types/[id].ts @@ -12,19 +12,24 @@ export async function eventTypeById( { method, query, body, userId, isAdmin, prisma }: NextApiRequest, res: NextApiResponse ) { + if (body.userId && !isAdmin) { + res.status(401).json({ message: "Unauthorized" }); + return; + } const safeQuery = schemaQueryIdParseInt.safeParse(query); if (!safeQuery.success) { res.status(400).json({ message: "Your query was invalid" }); return; } const data = await prisma.user.findUnique({ - where: { id: userId }, + where: { id: body.userId || userId }, rejectOnNotFound: true, select: { eventTypes: true }, }); const userEventTypes = data.eventTypes.map((eventType) => eventType.id); - if (!isAdmin) { - if (!userEventTypes.includes(safeQuery.data.id)) res.status(401).json({ message: "Unauthorized" }); + if (!userEventTypes.includes(safeQuery.data.id)) { + res.status(401).json({ message: "Unauthorized" }); + return; } else { switch (method) { /** @@ -96,6 +101,7 @@ export async function eventTypeById( */ case "PATCH": const safeBody = schemaEventTypeEditBodyParams.safeParse(body); + if (!safeBody.success) { { res.status(400).json({ message: "Invalid request body" }); diff --git a/pages/api/event-types/index.ts b/pages/api/event-types/index.ts index fc05909e2c..c46979385d 100644 --- a/pages/api/event-types/index.ts +++ b/pages/api/event-types/index.ts @@ -44,7 +44,9 @@ async function createOrlistAllEventTypes( error, }); } else { - const data = await prisma.eventType.findMany({}); + const data = await prisma.eventType.findMany({ + where: { userId: isAdmin && body.userId ? body.userId : userId }, + }); const event_types = data.map((eventType) => schemaEventTypeReadPublic.parse(eventType)); if (event_types) res.status(200).json({ event_types }); } From 34f5f5f83f0f4a66392ff17757159b4834689eb8 Mon Sep 17 00:00:00 2001 From: Joe Au-Yeung Date: Thu, 6 Oct 2022 10:55:14 -0400 Subject: [PATCH 2/3] Pass userId as single value or array --- pages/api/event-types/index.ts | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/pages/api/event-types/index.ts b/pages/api/event-types/index.ts index c46979385d..04445a709c 100644 --- a/pages/api/event-types/index.ts +++ b/pages/api/event-types/index.ts @@ -45,8 +45,14 @@ async function createOrlistAllEventTypes( }); } else { const data = await prisma.eventType.findMany({ - where: { userId: isAdmin && body.userId ? body.userId : userId }, + where: { + ...(Array.isArray(body.userId) + ? { userId: { in: body.userId } } + : { userId: body.userId || userId }), + }, + ...(Array.isArray(body.userId) && { orderBy: { userId: "asc" } }), }); + console.log("🚀 ~ file: index.ts ~ line 50 ~ data", data); const event_types = data.map((eventType) => schemaEventTypeReadPublic.parse(eventType)); if (event_types) res.status(200).json({ event_types }); } From 48f270d032da49e39009f110fb14b5a2701607d1 Mon Sep 17 00:00:00 2001 From: Joe Au-Yeung Date: Thu, 6 Oct 2022 10:59:46 -0400 Subject: [PATCH 3/3] Remove console log --- pages/api/event-types/index.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/pages/api/event-types/index.ts b/pages/api/event-types/index.ts index 04445a709c..d5a203e67d 100644 --- a/pages/api/event-types/index.ts +++ b/pages/api/event-types/index.ts @@ -52,7 +52,6 @@ async function createOrlistAllEventTypes( }, ...(Array.isArray(body.userId) && { orderBy: { userId: "asc" } }), }); - console.log("🚀 ~ file: index.ts ~ line 50 ~ data", data); const event_types = data.map((eventType) => schemaEventTypeReadPublic.parse(eventType)); if (event_types) res.status(200).json({ event_types }); }