Merge pull request #170 from calcom/admin-event-types
Allow for admin to edit other user's event typespull/9078/head
commit
7909d90915
|
@ -12,19 +12,24 @@ export async function eventTypeById(
|
|||
{ method, query, body, userId, isAdmin, prisma }: NextApiRequest,
|
||||
res: NextApiResponse<EventTypeResponse>
|
||||
) {
|
||||
if (body.userId && !isAdmin) {
|
||||
res.status(401).json({ message: "Unauthorized" });
|
||||
return;
|
||||
}
|
||||
const safeQuery = schemaQueryIdParseInt.safeParse(query);
|
||||
if (!safeQuery.success) {
|
||||
res.status(400).json({ message: "Your query was invalid" });
|
||||
return;
|
||||
}
|
||||
const data = await prisma.user.findUnique({
|
||||
where: { id: userId },
|
||||
where: { id: body.userId || userId },
|
||||
rejectOnNotFound: true,
|
||||
select: { eventTypes: true },
|
||||
});
|
||||
const userEventTypes = data.eventTypes.map((eventType) => eventType.id);
|
||||
if (!isAdmin) {
|
||||
if (!userEventTypes.includes(safeQuery.data.id)) res.status(401).json({ message: "Unauthorized" });
|
||||
if (!userEventTypes.includes(safeQuery.data.id)) {
|
||||
res.status(401).json({ message: "Unauthorized" });
|
||||
return;
|
||||
} else {
|
||||
switch (method) {
|
||||
/**
|
||||
|
@ -96,6 +101,7 @@ export async function eventTypeById(
|
|||
*/
|
||||
case "PATCH":
|
||||
const safeBody = schemaEventTypeEditBodyParams.safeParse(body);
|
||||
|
||||
if (!safeBody.success) {
|
||||
{
|
||||
res.status(400).json({ message: "Invalid request body" });
|
||||
|
|
|
@ -44,7 +44,14 @@ async function createOrlistAllEventTypes(
|
|||
error,
|
||||
});
|
||||
} else {
|
||||
const data = await prisma.eventType.findMany({});
|
||||
const data = await prisma.eventType.findMany({
|
||||
where: {
|
||||
...(Array.isArray(body.userId)
|
||||
? { userId: { in: body.userId } }
|
||||
: { userId: body.userId || userId }),
|
||||
},
|
||||
...(Array.isArray(body.userId) && { orderBy: { userId: "asc" } }),
|
||||
});
|
||||
const event_types = data.map((eventType) => schemaEventTypeReadPublic.parse(eventType));
|
||||
if (event_types) res.status(200).json({ event_types });
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue