From 95fc04a45316ce09161d925cde0231e4867e5a12 Mon Sep 17 00:00:00 2001 From: Joe Au-Yeung Date: Wed, 5 Oct 2022 10:05:04 -0400 Subject: [PATCH] Add check for userId and admin to top --- pages/api/schedules/index.ts | 151 ++++++++++++++++++----------------- 1 file changed, 77 insertions(+), 74 deletions(-) diff --git a/pages/api/schedules/index.ts b/pages/api/schedules/index.ts index e4e2b69105..8a23a6c121 100644 --- a/pages/api/schedules/index.ts +++ b/pages/api/schedules/index.ts @@ -10,84 +10,87 @@ async function createOrlistAllSchedules( { method, body, userId, isAdmin, prisma }: NextApiRequest, res: NextApiResponse ) { - if (method === "GET") { - /** - * @swagger - * /schedules: - * get: - * operationId: listSchedules - * summary: Find all schedules - * tags: - * - schedules - * responses: - * 200: - * description: OK - * 401: - * description: Authorization information is missing or invalid. - * 404: - * description: No schedules were found - */ - if (body.userId && !isAdmin) res.status(401).json({ message: "Unauthorized" }); - const data = await prisma.schedule.findMany({ - where: { userId: body.userId && isAdmin ? body.userId : userId }, - }); - const schedules = data.map((schedule) => schemaSchedulePublic.parse(schedule)); - if (schedules) res.status(200).json({ schedules }); - else - (error: Error) => - res.status(404).json({ - message: "No Schedules were found", - error, - }); - } else if (method === "POST") { - /** - * @swagger - * /schedules: - * post: - * operationId: addSchedule - * summary: Creates a new schedule - * tags: - * - schedules - * responses: - * 201: - * description: OK, schedule created - * 400: - * description: Bad request. Schedule body is invalid. - * 401: - * description: Authorization information is missing or invalid. - */ - const safe = schemaScheduleBodyParams.safeParse(body); - if (body.userId && !isAdmin) res.status(401).json({ message: "Unauthorized" }); + if (body.userId && !isAdmin) { + res.status(401).json({ message: "Unauthorized" }); + } else { + if (method === "GET") { + /** + * @swagger + * /schedules: + * get: + * operationId: listSchedules + * summary: Find all schedules + * tags: + * - schedules + * responses: + * 200: + * description: OK + * 401: + * description: Authorization information is missing or invalid. + * 404: + * description: No schedules were found + */ + const data = await prisma.schedule.findMany({ + where: { userId: body.userId && isAdmin ? body.userId : userId }, + }); + const schedules = data.map((schedule) => schemaSchedulePublic.parse(schedule)); + if (schedules) res.status(200).json({ schedules }); + else + (error: Error) => + res.status(404).json({ + message: "No Schedules were found", + error, + }); + } else if (method === "POST") { + /** + * @swagger + * /schedules: + * post: + * operationId: addSchedule + * summary: Creates a new schedule + * tags: + * - schedules + * responses: + * 201: + * description: OK, schedule created + * 400: + * description: Bad request. Schedule body is invalid. + * 401: + * description: Authorization information is missing or invalid. + */ + const safe = schemaScheduleBodyParams.safeParse(body); + if (body.userId && !isAdmin) res.status(401).json({ message: "Unauthorized" }); - if (!safe.success) { - res.status(400).json({ message: "Invalid request body" }); - return; - } - const data = await prisma.schedule.create({ - data: { - ...safe.data, - userId: body.userId && isAdmin ? body.userId : userId, - availability: { - createMany: { - data: getAvailabilityFromSchedule(DEFAULT_SCHEDULE).map((schedule) => ({ - days: schedule.days, - startTime: schedule.startTime, - endTime: schedule.endTime, - })), + if (!safe.success) { + res.status(400).json({ message: "Invalid request body" }); + return; + } + const data = await prisma.schedule.create({ + data: { + ...safe.data, + userId: body.userId && isAdmin ? body.userId : userId, + availability: { + createMany: { + data: getAvailabilityFromSchedule(DEFAULT_SCHEDULE).map((schedule) => ({ + days: schedule.days, + startTime: schedule.startTime, + endTime: schedule.endTime, + })), + }, }, }, - }, - }); - const schedule = schemaSchedulePublic.parse(data); + }); + const schedule = schemaSchedulePublic.parse(data); - if (schedule) res.status(201).json({ schedule, message: "Schedule created successfully" }); - else - (error: Error) => - res.status(400).json({ - message: "Could not create new schedule", - error, - }); - } else res.status(405).json({ message: `Method ${method} not allowed` }); + if (schedule) res.status(201).json({ schedule, message: "Schedule created successfully" }); + else + (error: Error) => + res.status(400).json({ + message: "Could not create new schedule", + error, + }); + } else res.status(405).json({ message: `Method ${method} not allowed` }); + } } export default withMiddleware("HTTP_GET_OR_POST")(createOrlistAllSchedules);