public-offering
/
cal.pub0.org
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: make booking-references only return user booking related resources

pull/9078/head
Agusti Fernandez Pardo 2022-04-11 15:42:50 +02:00
parent fca49a23c5
commit 9cefd119ee
2 changed files with 73 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
pages/api/booking-references/[id].ts
View File

@ -1,9 +1,11 @@
import { BookingModel } from "@/../../packages/prisma/zod";
import type { NextApiRequest, NextApiResponse } from "next"; import type { NextApiRequest, NextApiResponse } from "next";
import prisma from "@calcom/prisma"; import prisma from "@calcom/prisma";
import { withMiddleware } from "@lib/helpers/withMiddleware"; import { withMiddleware } from "@lib/helpers/withMiddleware";
import type { BookingReferenceResponse } from "@lib/types"; import type { BookingReferenceResponse } from "@lib/types";
import { getCalcomUserId } from "@lib/utils/getCalcomUserId";
import { import {
schemaBookingReferenceBodyParams, schemaBookingReferenceBodyParams,
schemaBookingReferencePublic, schemaBookingReferencePublic,
@ -91,7 +93,17 @@ export async function bookingReferenceById(
const safeBody = schemaBookingReferenceBodyParams.safeParse(body); const safeBody = schemaBookingReferenceBodyParams.safeParse(body);
if (!safeQuery.success) throw new Error("Invalid request query", safeQuery.error); if (!safeQuery.success) throw new Error("Invalid request query", safeQuery.error);
// FIXME: Allow only userId owner of booking ref to edit it // FIXME: Allow only userId owner of booking ref to edit it
const userId = await getCalcomUserId(res);
const userWithBookings = await prisma.user.findUnique({
where: { id: userId },
include: { bookings: true },
});
if (!userWithBookings) throw new Error("User not found");
const userBookingIds = userWithBookings.bookings.map((booking: any) => booking.id).flat();
console.log(userBookingIds);
const bookingReference = await prisma.bookingReference.findUnique({ where: { id: safeQuery.data.id } });
if (!bookingReference) throw new Error("BookingReference not found");
if (userBookingIds.includes(bookingReference.bookingId)) {
switch (method) { switch (method) {
case "GET": case "GET":
await prisma.bookingReference await prisma.bookingReference
@ -99,32 +111,44 @@ export async function bookingReferenceById(
.then((data) => schemaBookingReferencePublic.parse(data)) .then((data) => schemaBookingReferencePublic.parse(data))
.then((booking_reference) => res.status(200).json({ booking_reference })) .then((booking_reference) => res.status(200).json({ booking_reference }))
.catch((error: Error) => .catch((error: Error) =>
res.status(404).json({ message: `BookingReference with id: ${safeQuery.data.id} not found`, error }) res.status(404).json({
message: `BookingReference with id: ${safeQuery.data.id} not found`,
error,
})
); );
break; break;
case "PATCH": case "PATCH":
if (!safeBody.success) throw new Error("Invalid request body"); if (!safeBody.success) {
throw new Error("Invalid request body");
}
await prisma.bookingReference await prisma.bookingReference
.update({ .update({ where: { id: safeQuery.data.id }, data: safeBody.data })
where: { id: safeQuery.data.id },
data: safeBody.data,
})
.then((data) => schemaBookingReferencePublic.parse(data)) .then((data) => schemaBookingReferencePublic.parse(data))
.then((booking_reference) => res.status(200).json({ booking_reference })) .then((booking_reference) => res.status(200).json({ booking_reference }))
.catch((error: Error) => .catch((error: Error) =>
res.status(404).json({ message: `BookingReference with id: ${safeQuery.data.id} not found`, error }) res.status(404).json({
message: `BookingReference with id: ${safeQuery.data.id} not found`,
error,
})
); );
break; break;
case "DELETE": case "DELETE":
await prisma.bookingReference await prisma.bookingReference
.delete({ where: { id: safeQuery.data.id } }) .delete({
where: { id: safeQuery.data.id },
})
.then(() => .then(() =>
res.status(200).json({ message: `BookingReference with id: ${safeQuery.data.id} deleted` }) res.status(200).json({
message: `BookingReference with id: ${safeQuery.data.id} deleted`,
})
) )
.catch((error: Error) => .catch((error: Error) =>
res.status(404).json({ message: `BookingReference with id: ${safeQuery.data.id} not found`, error }) res.status(404).json({
message: `BookingReference with id: ${safeQuery.data.id} not found`,
error,
})
); );
break; break;
@ -132,6 +156,7 @@ export async function bookingReferenceById(
res.status(405).json({ message: "Method not allowed" }); res.status(405).json({ message: "Method not allowed" });
break; break;
} }
} else res.status(401).json({ message: "Unauthorized" });
} }
export default withMiddleware("HTTP_GET_DELETE_PATCH")( export default withMiddleware("HTTP_GET_DELETE_PATCH")(

11
pages/api/booking-references/index.ts
View File

@ -4,6 +4,7 @@ import prisma from "@calcom/prisma";
import { withMiddleware } from "@lib/helpers/withMiddleware"; import { withMiddleware } from "@lib/helpers/withMiddleware";
import { BookingReferenceResponse, BookingReferencesResponse } from "@lib/types"; import { BookingReferenceResponse, BookingReferencesResponse } from "@lib/types";
import { getCalcomUserId } from "@lib/utils/getCalcomUserId";
import { import {
schemaBookingReferenceBodyParams, schemaBookingReferenceBodyParams,
schemaBookingReferencePublic, schemaBookingReferencePublic,
@ -41,8 +42,16 @@ async function createOrlistAllBookingReferences(
res: NextApiResponse<BookingReferencesResponse | BookingReferenceResponse> res: NextApiResponse<BookingReferencesResponse | BookingReferenceResponse>
) { ) {
const { method } = req; const { method } = req;
const userId = await getCalcomUserId(res);
const userWithBookings = await prisma.user.findUnique({
where: { id: userId },
include: { bookings: true },
});
if (!userWithBookings) throw new Error("User not found");
const userBookingIds = userWithBookings.bookings.map((booking: any) => booking.id).flat();
console.log(userBookingIds);
if (method === "GET") { if (method === "GET") {
const data = await prisma.bookingReference.findMany(); const data = await prisma.bookingReference.findMany({ where: { id: { in: userBookingIds } } });
const booking_references = data.map((bookingReference) => const booking_references = data.map((bookingReference) =>
schemaBookingReferencePublic.parse(bookingReference) schemaBookingReferencePublic.parse(bookingReference)
); );