Add check for userId and admin to top
parent
1adace1c0d
commit
95fc04a453
|
@ -10,6 +10,9 @@ async function createOrlistAllSchedules(
|
|||
{ method, body, userId, isAdmin, prisma }: NextApiRequest,
|
||||
res: NextApiResponse<SchedulesResponse | ScheduleResponse>
|
||||
) {
|
||||
if (body.userId && !isAdmin) {
|
||||
res.status(401).json({ message: "Unauthorized" });
|
||||
} else {
|
||||
if (method === "GET") {
|
||||
/**
|
||||
* @swagger
|
||||
|
@ -27,7 +30,6 @@ async function createOrlistAllSchedules(
|
|||
* 404:
|
||||
* description: No schedules were found
|
||||
*/
|
||||
if (body.userId && !isAdmin) res.status(401).json({ message: "Unauthorized" });
|
||||
const data = await prisma.schedule.findMany({
|
||||
where: { userId: body.userId && isAdmin ? body.userId : userId },
|
||||
});
|
||||
|
@ -89,5 +91,6 @@ async function createOrlistAllSchedules(
|
|||
});
|
||||
} else res.status(405).json({ message: `Method ${method} not allowed` });
|
||||
}
|
||||
}
|
||||
|
||||
export default withMiddleware("HTTP_GET_OR_POST")(createOrlistAllSchedules);
|
||||
|
|
Loading…
Reference in New Issue