Add ability to get, post, and delete for other users if admin
Joe Au-Yeung
parent
95fc04a453
commit
a5413b40ab
|
|
@ -5,10 +5,16 @@ import { _ScheduleModel as Schedule } from "@calcom/prisma/zod";
|
||||||
const schemaScheduleBaseBodyParams = Schedule.omit({ id: true }).partial();
|
const schemaScheduleBaseBodyParams = Schedule.omit({ id: true }).partial();
|
||||||
|
|
||||||
const schemaScheduleRequiredParams = z.object({
|
const schemaScheduleRequiredParams = z.object({
|
||||||
userId: z.number().optional(),
|
|
||||||
name: z.string(),
|
name: z.string(),
|
||||||
});
|
});
|
||||||
|
|
||||||
export const schemaScheduleBodyParams = schemaScheduleBaseBodyParams.merge(schemaScheduleRequiredParams);
|
export const schemaScheduleBodyParams = schemaScheduleBaseBodyParams.merge(schemaScheduleRequiredParams);
|
||||||
|
|
||||||
export const schemaSchedulePublic = Schedule.omit({});
|
export const schemaSchedulePublic = z
|
||||||
|
.object({ id: z.number() })
|
||||||
|
.merge(Schedule)
|
||||||
|
.merge(
|
||||||
|
z.object({
|
||||||
|
availability: z.array(z.object({ id: z.number() })).optional(),
|
||||||
|
})
|
||||||
|
);
|
||||||
|
|
|
||||||
|
|
@ -9,16 +9,17 @@ import {
|
||||||
} from "@lib/validations/shared/queryIdTransformParseInt";
|
} from "@lib/validations/shared/queryIdTransformParseInt";
|
||||||
|
|
||||||
export async function scheduleById(
|
export async function scheduleById(
|
||||||
{ method, query, body, userId, prisma }: NextApiRequest,
|
{ method, query, body, userId, isAdmin, prisma }: NextApiRequest,
|
||||||
res: NextApiResponse<ScheduleResponse>
|
res: NextApiResponse<ScheduleResponse>
|
||||||
) {
|
) {
|
||||||
|
if (body.userId && !isAdmin) res.status(401).json({ message: "Unauthorized" });
|
||||||
const safeQuery = schemaQueryIdParseInt.safeParse(query);
|
const safeQuery = schemaQueryIdParseInt.safeParse(query);
|
||||||
const safeBody = schemaScheduleBodyParams.safeParse(body);
|
const safeBody = schemaScheduleBodyParams.safeParse(body);
|
||||||
if (!safeQuery.success) {
|
if (!safeQuery.success) {
|
||||||
res.status(400).json({ message: "Your query was invalid" });
|
res.status(400).json({ message: "Your query was invalid" });
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
const userSchedules = await prisma.schedule.findMany({ where: { userId } });
|
const userSchedules = await prisma.schedule.findMany({ where: { userId: body.userId || userId } });
|
||||||
const userScheduleIds = userSchedules.map((schedule) => schedule.id);
|
const userScheduleIds = userSchedules.map((schedule) => schedule.id);
|
||||||
if (!userScheduleIds.includes(safeQuery.data.id)) res.status(401).json({ message: "Unauthorized" });
|
if (!userScheduleIds.includes(safeQuery.data.id)) res.status(401).json({ message: "Unauthorized" });
|
||||||
else {
|
else {
|
||||||
|
|
@ -48,7 +49,10 @@ export async function scheduleById(
|
||||||
*/
|
*/
|
||||||
case "GET":
|
case "GET":
|
||||||
await prisma.schedule
|
await prisma.schedule
|
||||||
.findUnique({ where: { id: safeQuery.data.id } })
|
.findUnique({
|
||||||
|
where: { id: safeQuery.data.id },
|
||||||
|
include: { availability: { select: { id: true } } },
|
||||||
|
})
|
||||||
.then((data) => schemaSchedulePublic.parse(data))
|
.then((data) => schemaSchedulePublic.parse(data))
|
||||||
.then((schedule) => res.status(200).json({ schedule }))
|
.then((schedule) => res.status(200).json({ schedule }))
|
||||||
.catch((error: Error) =>
|
.catch((error: Error) =>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue