feat: memberships hardened mode
parent
9c5624c748
commit
b0c0e9fb4c
|
@ -4,6 +4,7 @@ import prisma from "@calcom/prisma";
|
|||
|
||||
import { withMiddleware } from "@lib/helpers/withMiddleware";
|
||||
import type { MembershipResponse } from "@lib/types";
|
||||
import { getCalcomUserId } from "@lib/utils/getCalcomUserId";
|
||||
import { schemaMembershipBodyParams, schemaMembershipPublic } from "@lib/validations/membership";
|
||||
import { schemaQueryIdAsString, withValidQueryIdString } from "@lib/validations/shared/queryIdString";
|
||||
|
||||
|
@ -106,48 +107,82 @@ export async function membershipById(req: NextApiRequest, res: NextApiResponse<M
|
|||
const safeBody = schemaMembershipBodyParams.safeParse(body);
|
||||
if (!safeQuery.success) throw new Error("Invalid request query", safeQuery.error);
|
||||
// This is how we set the userId and teamId in the query for managing compoundId.
|
||||
const [userId, teamId] = safeQuery.data.id.split("_");
|
||||
const [paramUserId, teamId] = safeQuery.data.id.split("_");
|
||||
const userId = getCalcomUserId(res);
|
||||
if (parseInt(paramUserId) === userId) {
|
||||
switch (method) {
|
||||
case "GET":
|
||||
await prisma.membership
|
||||
.findUnique({
|
||||
where: {
|
||||
userId_teamId: {
|
||||
userId: userId,
|
||||
teamId: parseInt(teamId),
|
||||
},
|
||||
},
|
||||
})
|
||||
.then((data) => schemaMembershipPublic.parse(data))
|
||||
.then((membership) => res.status(200).json({ membership }))
|
||||
.catch((error: Error) =>
|
||||
res.status(404).json({
|
||||
message: `Membership with id: ${safeQuery.data.id} not found`,
|
||||
error,
|
||||
})
|
||||
);
|
||||
break;
|
||||
|
||||
switch (method) {
|
||||
case "GET":
|
||||
await prisma.membership
|
||||
.findUnique({ where: { userId_teamId: { userId: parseInt(userId), teamId: parseInt(teamId) } } })
|
||||
.then((data) => schemaMembershipPublic.parse(data))
|
||||
.then((membership) => res.status(200).json({ membership }))
|
||||
.catch((error: Error) =>
|
||||
res.status(404).json({ message: `Membership with id: ${safeQuery.data.id} not found`, error })
|
||||
);
|
||||
break;
|
||||
case "PATCH":
|
||||
if (!safeBody.success) {
|
||||
throw new Error("Invalid request body");
|
||||
}
|
||||
await prisma.membership
|
||||
.update({
|
||||
where: {
|
||||
userId_teamId: {
|
||||
userId: userId,
|
||||
teamId: parseInt(teamId),
|
||||
},
|
||||
},
|
||||
data: safeBody.data,
|
||||
})
|
||||
.then((data) => schemaMembershipPublic.parse(data))
|
||||
.then((membership) => res.status(200).json({ membership }))
|
||||
.catch((error: Error) =>
|
||||
res.status(404).json({
|
||||
message: `Membership with id: ${safeQuery.data.id} not found`,
|
||||
error,
|
||||
})
|
||||
);
|
||||
break;
|
||||
|
||||
case "PATCH":
|
||||
if (!safeBody.success) throw new Error("Invalid request body");
|
||||
await prisma.membership
|
||||
.update({
|
||||
where: { userId_teamId: { userId: parseInt(userId), teamId: parseInt(teamId) } },
|
||||
data: safeBody.data,
|
||||
})
|
||||
.then((data) => schemaMembershipPublic.parse(data))
|
||||
.then((membership) => res.status(200).json({ membership }))
|
||||
.catch((error: Error) =>
|
||||
res.status(404).json({ message: `Membership with id: ${safeQuery.data.id} not found`, error })
|
||||
);
|
||||
break;
|
||||
case "DELETE":
|
||||
await prisma.membership
|
||||
.delete({
|
||||
where: {
|
||||
userId_teamId: {
|
||||
userId: userId,
|
||||
teamId: parseInt(teamId),
|
||||
},
|
||||
},
|
||||
})
|
||||
.then(() =>
|
||||
res.status(200).json({
|
||||
message: `Membership with id: ${safeQuery.data.id} deleted successfully`,
|
||||
})
|
||||
)
|
||||
.catch((error: Error) =>
|
||||
res.status(404).json({
|
||||
message: `Membership with id: ${safeQuery.data.id} not found`,
|
||||
error,
|
||||
})
|
||||
);
|
||||
break;
|
||||
|
||||
case "DELETE":
|
||||
await prisma.membership
|
||||
.delete({ where: { userId_teamId: { userId: parseInt(userId), teamId: parseInt(teamId) } } })
|
||||
.then(() =>
|
||||
res.status(200).json({ message: `Membership with id: ${safeQuery.data.id} deleted successfully` })
|
||||
)
|
||||
.catch((error: Error) =>
|
||||
res.status(404).json({ message: `Membership with id: ${safeQuery.data.id} not found`, error })
|
||||
);
|
||||
break;
|
||||
|
||||
default:
|
||||
res.status(405).json({ message: "Method not allowed" });
|
||||
break;
|
||||
}
|
||||
default:
|
||||
res.status(405).json({ message: "Method not allowed" });
|
||||
break;
|
||||
}
|
||||
} else res.status(401).json({ message: "Unauthorized" });
|
||||
}
|
||||
|
||||
export default withMiddleware("HTTP_GET_DELETE_PATCH")(withValidQueryIdString(membershipById));
|
||||
|
|
|
@ -4,6 +4,7 @@ import prisma from "@calcom/prisma";
|
|||
|
||||
import { withMiddleware } from "@lib/helpers/withMiddleware";
|
||||
import { MembershipResponse, MembershipsResponse } from "@lib/types";
|
||||
import { getCalcomUserId } from "@lib/utils/getCalcomUserId";
|
||||
import { schemaMembershipBodyParams, schemaMembershipPublic } from "@lib/validations/membership";
|
||||
|
||||
/**
|
||||
|
@ -42,8 +43,9 @@ async function createOrlistAllMemberships(
|
|||
res: NextApiResponse<MembershipsResponse | MembershipResponse>
|
||||
) {
|
||||
const { method } = req;
|
||||
const userId = getCalcomUserId(res);
|
||||
if (method === "GET") {
|
||||
const data = await prisma.membership.findMany();
|
||||
const data = await prisma.membership.findMany({ where: { userId } });
|
||||
const memberships = data.map((membership) => schemaMembershipPublic.parse(membership));
|
||||
if (memberships) res.status(200).json({ memberships });
|
||||
else
|
||||
|
@ -56,7 +58,7 @@ async function createOrlistAllMemberships(
|
|||
const safe = schemaMembershipBodyParams.safeParse(req.body);
|
||||
if (!safe.success) throw new Error("Invalid request body");
|
||||
|
||||
const data = await prisma.membership.create({ data: safe.data });
|
||||
const data = await prisma.membership.create({ data: { ...safe.data, userId } });
|
||||
const membership = schemaMembershipPublic.parse(data);
|
||||
|
||||
if (membership) res.status(201).json({ membership, message: "Membership created successfully" });
|
||||
|
|
Loading…
Reference in New Issue