public-offering
/
cal.pub0.org
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add ability to get, post, and delete for other users if admin

pull/9078/head
Joe Au-Yeung 2022-10-05 11:04:58 -04:00
parent 95fc04a453
commit a5413b40ab
2 changed files with 15 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/validations/schedule.ts
View File

@ -5,10 +5,16 @@ import { _ScheduleModel as Schedule } from "@calcom/prisma/zod";
const schemaScheduleBaseBodyParams = Schedule.omit({ id: true }).partial();
const schemaScheduleRequiredParams = z.object({
userId: z.number().optional(),
name: z.string(),
});
export const schemaScheduleBodyParams = schemaScheduleBaseBodyParams.merge(schemaScheduleRequiredParams);
export const schemaSchedulePublic = Schedule.omit({});
export const schemaSchedulePublic = z
.object({ id: z.number() })
.merge(Schedule)
.merge(
z.object({
availability: z.array(z.object({ id: z.number() })).optional(),
})
);

10
pages/api/schedules/[id].ts
View File

@ -9,16 +9,17 @@ import {
} from "@lib/validations/shared/queryIdTransformParseInt";
export async function scheduleById(
{ method, query, body, userId, prisma }: NextApiRequest,
{ method, query, body, userId, isAdmin, prisma }: NextApiRequest,
res: NextApiResponse<ScheduleResponse>
) {
if (body.userId && !isAdmin) res.status(401).json({ message: "Unauthorized" });
const safeQuery = schemaQueryIdParseInt.safeParse(query);
const safeBody = schemaScheduleBodyParams.safeParse(body);
if (!safeQuery.success) {
res.status(400).json({ message: "Your query was invalid" });
return;
}
const userSchedules = await prisma.schedule.findMany({ where: { userId } });
const userSchedules = await prisma.schedule.findMany({ where: { userId: body.userId || userId } });
const userScheduleIds = userSchedules.map((schedule) => schedule.id);
if (!userScheduleIds.includes(safeQuery.data.id)) res.status(401).json({ message: "Unauthorized" });
else {
@ -48,7 +49,10 @@ export async function scheduleById(
*/
case "GET":
await prisma.schedule
.findUnique({ where: { id: safeQuery.data.id } })
.findUnique({
where: { id: safeQuery.data.id },
include: { availability: { select: { id: true } } },
})
.then((data) => schemaSchedulePublic.parse(data))
.then((schedule) => res.status(200).json({ schedule }))
.catch((error: Error) =>