public-offering
/
cal.pub0.org
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add check for userId and admin to top

pull/9078/head
Joe Au-Yeung 2022-10-05 10:05:04 -04:00
parent 1adace1c0d
commit 95fc04a453
1 changed files with 77 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pages/api/schedules/index.ts
View File

@ -10,6 +10,9 @@ async function createOrlistAllSchedules(
{ method, body, userId, isAdmin, prisma }: NextApiRequest, { method, body, userId, isAdmin, prisma }: NextApiRequest,
res: NextApiResponse<SchedulesResponse | ScheduleResponse> res: NextApiResponse<SchedulesResponse | ScheduleResponse>
) { ) {
if (body.userId && !isAdmin) {
res.status(401).json({ message: "Unauthorized" });
} else {
if (method === "GET") { if (method === "GET") {
/** /**
* @swagger * @swagger
@ -27,7 +30,6 @@ async function createOrlistAllSchedules(
* 404: * 404:
* description: No schedules were found * description: No schedules were found
*/ */
if (body.userId && !isAdmin) res.status(401).json({ message: "Unauthorized" });
const data = await prisma.schedule.findMany({ const data = await prisma.schedule.findMany({
where: { userId: body.userId && isAdmin ? body.userId : userId }, where: { userId: body.userId && isAdmin ? body.userId : userId },
}); });
@ -89,5 +91,6 @@ async function createOrlistAllSchedules(
}); });
} else res.status(405).json({ message: `Method ${method} not allowed` }); } else res.status(405).json({ message: `Method ${method} not allowed` });
} }
}
export default withMiddleware("HTTP_GET_OR_POST")(createOrlistAllSchedules); export default withMiddleware("HTTP_GET_OR_POST")(createOrlistAllSchedules);