perf: improve booking confirm authorization (#8304)

* perf: improve booking confirm authorization * removes unreachable code --------- Co-authored-by: Efraín Rochín <roae.85@gmail.com>
2023-04-17 19:50:34 -04:00 · 2023-04-17 19:50:34 -04:00 · ad958f10bd
parent e5eb7c3906
commit ad958f10bd
1 changed files with 7 additions and 15 deletions
--- a/packages/trpc/server/routers/viewer/bookings.tsx
+++ b/packages/trpc/server/routers/viewer/bookings.tsx
@ -781,30 +781,22 @@ export const bookingsRouter = router({
    });

    const authorized = async () => {
-      // if the organizer
-      if (booking.userId === user.id) {
-        return true;
-      }
-      const eventType = await prisma.eventType.findUnique({
+      const eventType = await prisma.eventType.findFirst({
        where: {
          id: booking.eventTypeId || undefined,
+          schedulingType: SchedulingType.COLLECTIVE,
        },
        select: {
-          id: true,
-          schedulingType: true,
          users: true,
        },
      });
-      if (
-        eventType?.schedulingType === SchedulingType.COLLECTIVE &&
-        eventType.users.find((user) => user.id === user.id)
-      ) {
-        return true;
-      }
-      return false;
+
+      return eventType && eventType.users.find((user) => booking.userId === user.id);
    };

-    if (!(await authorized())) throw new TRPCError({ code: "UNAUTHORIZED", message: "UNAUTHORIZED" });
+    if (booking.userId !== user.id && !(await authorized())) {
+      throw new TRPCError({ code: "UNAUTHORIZED", message: "UNAUTHORIZED" });
+    }

    const isConfirmed = booking.status === BookingStatus.ACCEPTED;
    if (isConfirmed) throw new TRPCError({ code: "BAD_REQUEST", message: "Booking already confirmed" });