fix availabilites validations

2022-04-25 03:12:33 +02:00 · 2022-04-25 03:12:33 +02:00 · 804fe27458
parent b38f78bbad
commit 804fe27458
3 changed files with 23 additions and 11 deletions
--- a/lib/validations/availability.ts
+++ b/lib/validations/availability.ts
@ -3,14 +3,21 @@ import { z } from "zod";

 import { _AvailabilityModel as Availability } from "@calcom/prisma/zod";

-export const schemaAvailabilityBaseBodyParams = Availability.pick({ userId: true, eventTypeId: true, days: true }).partial();
+export const schemaAvailabilityBaseBodyParams = Availability.pick({
+  startTime: true,
+  endTime: true,
+  date: true,
+  scheduleId: true,
+  days: true,
+}).partial();

 export const schemaAvailabilityPublic = Availability.omit({});

 const schemaAvailabilityRequiredParams = z.object({
-  startTime: z.date().or(z.string()).optional(),
-  endTime: z.date().or(z.string()).optional(),
-  days: z.any().optional(),
+  startTime: z.date().or(z.number()),
+  endTime: z.date().or(z.number()),
+  days: z.array(z.number()).optional(),
+  eventTypeId: z.number().optional(),
 });

 export const schemaAvailabilityBodyParams = schemaAvailabilityBaseBodyParams.merge(
--- a/pages/api/availabilities/[id].ts
+++ b/pages/api/availabilities/[id].ts
@ -94,7 +94,6 @@ import {
 export async function availabilityById(req: NextApiRequest, res: NextApiResponse<AvailabilityResponse>) {
  const { method, query, body } = req;
  const safeQuery = schemaQueryIdParseInt.safeParse(query);
-  const safeBody = schemaAvailabilityBodyParams.safeParse(body);
  if (!safeQuery.success) throw new Error("Invalid request query", safeQuery.error);
  const userId = req.userId;
  const data = await prisma.availability.findMany({ where: { userId } });
@ -113,8 +112,16 @@ export async function availabilityById(req: NextApiRequest, res: NextApiResponse
        break;

      case "PATCH":
+        const safeBody = schemaAvailabilityBodyParams.safeParse(body);
+
        if (!safeBody.success) throw new Error("Invalid request body");
-        const edited = await prisma.availability
+        const userEventTypes = await prisma.eventType.findMany({ where: { userId } });
+        const userEventTypesIds = userEventTypes.map((event) => event.id);
+        if (safeBody.data.eventTypeId && !userEventTypesIds.includes(safeBody.data.eventTypeId)) {
+          res.status(401).json({ message: "Bad request. You're not the owner of eventTypeId" });
+          // throw new Error("Bad request. You're not the owner of eventTypeId");
+        }
+        await prisma.availability
          .update({
            where: { id: safeQuery.data.id },
            data: safeBody.data,
--- a/pages/api/users/[id].ts
+++ b/pages/api/users/[id].ts
@ -39,12 +39,10 @@ import { schemaUserEditBodyParams, schemaUserReadPublic, withValidUser } from "@
 *       - application/json
 *     parameters:
 *      - in: body
- *        name: user
- *        description: The user to edit
+ *        name: name
+ *        description: The users full name
 *        schema:
- *         type: object
- *         $ref: '#/components/schemas/User'
- *        required: true
+ *         type: string
 *      - in: path
 *        name: id
 *        schema: