Add ability to get, post, and delete for other users if admin
parent
95fc04a453
commit
a5413b40ab
|
@ -5,10 +5,16 @@ import { _ScheduleModel as Schedule } from "@calcom/prisma/zod";
|
|||
const schemaScheduleBaseBodyParams = Schedule.omit({ id: true }).partial();
|
||||
|
||||
const schemaScheduleRequiredParams = z.object({
|
||||
userId: z.number().optional(),
|
||||
name: z.string(),
|
||||
});
|
||||
|
||||
export const schemaScheduleBodyParams = schemaScheduleBaseBodyParams.merge(schemaScheduleRequiredParams);
|
||||
|
||||
export const schemaSchedulePublic = Schedule.omit({});
|
||||
export const schemaSchedulePublic = z
|
||||
.object({ id: z.number() })
|
||||
.merge(Schedule)
|
||||
.merge(
|
||||
z.object({
|
||||
availability: z.array(z.object({ id: z.number() })).optional(),
|
||||
})
|
||||
);
|
||||
|
|
|
@ -9,16 +9,17 @@ import {
|
|||
} from "@lib/validations/shared/queryIdTransformParseInt";
|
||||
|
||||
export async function scheduleById(
|
||||
{ method, query, body, userId, prisma }: NextApiRequest,
|
||||
{ method, query, body, userId, isAdmin, prisma }: NextApiRequest,
|
||||
res: NextApiResponse<ScheduleResponse>
|
||||
) {
|
||||
if (body.userId && !isAdmin) res.status(401).json({ message: "Unauthorized" });
|
||||
const safeQuery = schemaQueryIdParseInt.safeParse(query);
|
||||
const safeBody = schemaScheduleBodyParams.safeParse(body);
|
||||
if (!safeQuery.success) {
|
||||
res.status(400).json({ message: "Your query was invalid" });
|
||||
return;
|
||||
}
|
||||
const userSchedules = await prisma.schedule.findMany({ where: { userId } });
|
||||
const userSchedules = await prisma.schedule.findMany({ where: { userId: body.userId || userId } });
|
||||
const userScheduleIds = userSchedules.map((schedule) => schedule.id);
|
||||
if (!userScheduleIds.includes(safeQuery.data.id)) res.status(401).json({ message: "Unauthorized" });
|
||||
else {
|
||||
|
@ -48,7 +49,10 @@ export async function scheduleById(
|
|||
*/
|
||||
case "GET":
|
||||
await prisma.schedule
|
||||
.findUnique({ where: { id: safeQuery.data.id } })
|
||||
.findUnique({
|
||||
where: { id: safeQuery.data.id },
|
||||
include: { availability: { select: { id: true } } },
|
||||
})
|
||||
.then((data) => schemaSchedulePublic.parse(data))
|
||||
.then((schedule) => res.status(200).json({ schedule }))
|
||||
.catch((error: Error) =>
|
||||
|
|
Loading…
Reference in New Issue