feat: make booking-references only return user booking related resources
Agusti Fernandez Pardo
parent
fca49a23c5
commit
9cefd119ee
|
|
@ -1,9 +1,11 @@
|
||||||
|
import { BookingModel } from "@/../../packages/prisma/zod";
|
||||||
import type { NextApiRequest, NextApiResponse } from "next";
|
import type { NextApiRequest, NextApiResponse } from "next";
|
||||||
|
|
||||||
import prisma from "@calcom/prisma";
|
import prisma from "@calcom/prisma";
|
||||||
|
|
||||||
import { withMiddleware } from "@lib/helpers/withMiddleware";
|
import { withMiddleware } from "@lib/helpers/withMiddleware";
|
||||||
import type { BookingReferenceResponse } from "@lib/types";
|
import type { BookingReferenceResponse } from "@lib/types";
|
||||||
|
import { getCalcomUserId } from "@lib/utils/getCalcomUserId";
|
||||||
import {
|
import {
|
||||||
schemaBookingReferenceBodyParams,
|
schemaBookingReferenceBodyParams,
|
||||||
schemaBookingReferencePublic,
|
schemaBookingReferencePublic,
|
||||||
|
|
@ -91,47 +93,70 @@ export async function bookingReferenceById(
|
||||||
const safeBody = schemaBookingReferenceBodyParams.safeParse(body);
|
const safeBody = schemaBookingReferenceBodyParams.safeParse(body);
|
||||||
if (!safeQuery.success) throw new Error("Invalid request query", safeQuery.error);
|
if (!safeQuery.success) throw new Error("Invalid request query", safeQuery.error);
|
||||||
// FIXME: Allow only userId owner of booking ref to edit it
|
// FIXME: Allow only userId owner of booking ref to edit it
|
||||||
|
const userId = await getCalcomUserId(res);
|
||||||
|
const userWithBookings = await prisma.user.findUnique({
|
||||||
|
where: { id: userId },
|
||||||
|
include: { bookings: true },
|
||||||
|
});
|
||||||
|
if (!userWithBookings) throw new Error("User not found");
|
||||||
|
const userBookingIds = userWithBookings.bookings.map((booking: any) => booking.id).flat();
|
||||||
|
console.log(userBookingIds);
|
||||||
|
const bookingReference = await prisma.bookingReference.findUnique({ where: { id: safeQuery.data.id } });
|
||||||
|
if (!bookingReference) throw new Error("BookingReference not found");
|
||||||
|
if (userBookingIds.includes(bookingReference.bookingId)) {
|
||||||
|
switch (method) {
|
||||||
|
case "GET":
|
||||||
|
await prisma.bookingReference
|
||||||
|
.findUnique({ where: { id: safeQuery.data.id } })
|
||||||
|
.then((data) => schemaBookingReferencePublic.parse(data))
|
||||||
|
.then((booking_reference) => res.status(200).json({ booking_reference }))
|
||||||
|
.catch((error: Error) =>
|
||||||
|
res.status(404).json({
|
||||||
|
message: `BookingReference with id: ${safeQuery.data.id} not found`,
|
||||||
|
error,
|
||||||
|
})
|
||||||
|
);
|
||||||
|
break;
|
||||||
|
|
||||||
switch (method) {
|
case "PATCH":
|
||||||
case "GET":
|
if (!safeBody.success) {
|
||||||
await prisma.bookingReference
|
throw new Error("Invalid request body");
|
||||||
.findUnique({ where: { id: safeQuery.data.id } })
|
}
|
||||||
.then((data) => schemaBookingReferencePublic.parse(data))
|
await prisma.bookingReference
|
||||||
.then((booking_reference) => res.status(200).json({ booking_reference }))
|
.update({ where: { id: safeQuery.data.id }, data: safeBody.data })
|
||||||
.catch((error: Error) =>
|
.then((data) => schemaBookingReferencePublic.parse(data))
|
||||||
res.status(404).json({ message: `BookingReference with id: ${safeQuery.data.id} not found`, error })
|
.then((booking_reference) => res.status(200).json({ booking_reference }))
|
||||||
);
|
.catch((error: Error) =>
|
||||||
break;
|
res.status(404).json({
|
||||||
|
message: `BookingReference with id: ${safeQuery.data.id} not found`,
|
||||||
|
error,
|
||||||
|
})
|
||||||
|
);
|
||||||
|
break;
|
||||||
|
|
||||||
case "PATCH":
|
case "DELETE":
|
||||||
if (!safeBody.success) throw new Error("Invalid request body");
|
await prisma.bookingReference
|
||||||
await prisma.bookingReference
|
.delete({
|
||||||
.update({
|
where: { id: safeQuery.data.id },
|
||||||
where: { id: safeQuery.data.id },
|
})
|
||||||
data: safeBody.data,
|
.then(() =>
|
||||||
})
|
res.status(200).json({
|
||||||
.then((data) => schemaBookingReferencePublic.parse(data))
|
message: `BookingReference with id: ${safeQuery.data.id} deleted`,
|
||||||
.then((booking_reference) => res.status(200).json({ booking_reference }))
|
})
|
||||||
.catch((error: Error) =>
|
)
|
||||||
res.status(404).json({ message: `BookingReference with id: ${safeQuery.data.id} not found`, error })
|
.catch((error: Error) =>
|
||||||
);
|
res.status(404).json({
|
||||||
break;
|
message: `BookingReference with id: ${safeQuery.data.id} not found`,
|
||||||
|
error,
|
||||||
|
})
|
||||||
|
);
|
||||||
|
break;
|
||||||
|
|
||||||
case "DELETE":
|
default:
|
||||||
await prisma.bookingReference
|
res.status(405).json({ message: "Method not allowed" });
|
||||||
.delete({ where: { id: safeQuery.data.id } })
|
break;
|
||||||
.then(() =>
|
}
|
||||||
res.status(200).json({ message: `BookingReference with id: ${safeQuery.data.id} deleted` })
|
} else res.status(401).json({ message: "Unauthorized" });
|
||||||
)
|
|
||||||
.catch((error: Error) =>
|
|
||||||
res.status(404).json({ message: `BookingReference with id: ${safeQuery.data.id} not found`, error })
|
|
||||||
);
|
|
||||||
break;
|
|
||||||
|
|
||||||
default:
|
|
||||||
res.status(405).json({ message: "Method not allowed" });
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
export default withMiddleware("HTTP_GET_DELETE_PATCH")(
|
export default withMiddleware("HTTP_GET_DELETE_PATCH")(
|
||||||
|
|
|
||||||
|
|
@ -4,6 +4,7 @@ import prisma from "@calcom/prisma";
|
||||||
|
|
||||||
import { withMiddleware } from "@lib/helpers/withMiddleware";
|
import { withMiddleware } from "@lib/helpers/withMiddleware";
|
||||||
import { BookingReferenceResponse, BookingReferencesResponse } from "@lib/types";
|
import { BookingReferenceResponse, BookingReferencesResponse } from "@lib/types";
|
||||||
|
import { getCalcomUserId } from "@lib/utils/getCalcomUserId";
|
||||||
import {
|
import {
|
||||||
schemaBookingReferenceBodyParams,
|
schemaBookingReferenceBodyParams,
|
||||||
schemaBookingReferencePublic,
|
schemaBookingReferencePublic,
|
||||||
|
|
@ -41,8 +42,16 @@ async function createOrlistAllBookingReferences(
|
||||||
res: NextApiResponse<BookingReferencesResponse | BookingReferenceResponse>
|
res: NextApiResponse<BookingReferencesResponse | BookingReferenceResponse>
|
||||||
) {
|
) {
|
||||||
const { method } = req;
|
const { method } = req;
|
||||||
|
const userId = await getCalcomUserId(res);
|
||||||
|
const userWithBookings = await prisma.user.findUnique({
|
||||||
|
where: { id: userId },
|
||||||
|
include: { bookings: true },
|
||||||
|
});
|
||||||
|
if (!userWithBookings) throw new Error("User not found");
|
||||||
|
const userBookingIds = userWithBookings.bookings.map((booking: any) => booking.id).flat();
|
||||||
|
console.log(userBookingIds);
|
||||||
if (method === "GET") {
|
if (method === "GET") {
|
||||||
const data = await prisma.bookingReference.findMany();
|
const data = await prisma.bookingReference.findMany({ where: { id: { in: userBookingIds } } });
|
||||||
const booking_references = data.map((bookingReference) =>
|
const booking_references = data.map((bookingReference) =>
|
||||||
schemaBookingReferencePublic.parse(bookingReference)
|
schemaBookingReferencePublic.parse(bookingReference)
|
||||||
);
|
);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue