fix: add event-types admin endpoints

2022-06-04 01:17:01 +02:00 · 2022-06-04 01:17:01 +02:00 · aadde45bb7
parent 3c0f8b5b6d
commit aadde45bb7
1 changed files with 33 additions and 25 deletions
--- a/pages/api/event-types/index.ts
+++ b/pages/api/event-types/index.ts
@ -4,12 +4,14 @@ import prisma from "@calcom/prisma";

 import { withMiddleware } from "@lib/helpers/withMiddleware";
 import { EventTypeResponse, EventTypesResponse } from "@lib/types";
+import { isAdminGuard } from "@lib/utils/isAdmin";
 import { schemaEventTypeCreateBodyParams, schemaEventTypeReadPublic } from "@lib/validations/event-type";

 async function createOrlistAllEventTypes(
  { method, body, userId }: NextApiRequest,
  res: NextApiResponse<EventTypesResponse | EventTypeResponse>
 ) {
+  const isAdmin = await isAdminGuard(userId);
  if (method === "GET") {
    /**
     * @swagger
@ -29,20 +31,27 @@ async function createOrlistAllEventTypes(
     *       404:
     *         description: No event types were found
     */
-    const data = await prisma.user
-      .findUnique({
-        where: { id: userId },
-        rejectOnNotFound: true,
-        select: { eventTypes: true },
-      })
-      .catch((error) => res.status(404).json({ message: "No event types were found", error }));
-    if (data) res.status(200).json({ event_types: data.eventTypes });
-    else
-      (error: Error) =>
-        res.status(404).json({
-          message: "No EventTypes were found",
-          error,
-        });
+    if (!isAdmin) {
+      const data = await prisma.user
+        .findUnique({
+          where: { id: userId },
+          rejectOnNotFound: true,
+          select: { eventTypes: true },
+        })
+        .catch((error) => res.status(404).json({ message: "No event types were found", error }));
+      // @todo: add validations back schemaReadEventType.parse
+      if (data) res.status(200).json({ event_types: data.eventTypes });
+      else
+        (error: Error) =>
+          res.status(404).json({
+            message: "No EventTypes were found",
+            error,
+          });
+    } else {
+      const data = await prisma.eventType.findMany({});
+      const event_types = data.map((eventType) => schemaEventTypeReadPublic.parse(eventType));
+      if (event_types) res.status(200).json({ event_types });
+    }
  } else if (method === "POST") {
    /**
     * @swagger
@ -92,17 +101,16 @@ async function createOrlistAllEventTypes(
      res.status(400).json({ message: "Invalid request body", error: safe.error });
      return;
    }
-
-    const data = await prisma.eventType.create({ data: { ...safe.data, userId } });
-    const event_type = schemaEventTypeReadPublic.parse(data);
-
-    if (data) res.status(201).json({ event_type, message: "EventType created successfully" });
-    else
-      (error: Error) =>
-        res.status(400).json({
-          message: "Could not create new event type",
-          error,
-        });
+    if (!isAdmin) {
+      const data = await prisma.eventType.create({ data: { ...safe.data, userId } });
+      const event_type = schemaEventTypeReadPublic.parse(data);
+      if (data) res.status(201).json({ event_type, message: "EventType created successfully" });
+    } else {
+      // if admin don't re-set userId from input
+      const data = await prisma.eventType.create({ data: { ...safe.data } });
+      const event_type = schemaEventTypeReadPublic.parse(data);
+      if (data) res.status(201).json({ event_type, message: "EventType created successfully" });
+    }
  } else res.status(405).json({ message: `Method ${method} not allowed` });
 }