public-offering
/
cal.pub0.org
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: teams return only userId related data, on POST create ownership membership for userId

pull/9078/head
Agusti Fernandez Pardo 2022-04-20 23:42:49 +02:00
parent e138df47ba
commit ec903b21c6
4 changed files with 78 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
README.md
View File

@ -138,6 +138,17 @@ tests/endpoint/resource.new.test.ts - Create new resource
| teams | ✅ | ✅ | ✅ | ✅ | ✅ |
| users | ✅ | 👤[1] | ✅ | ✅ | ✅ |
## Models missing userId relation.
- daily-event-references
- destination-calendars
- event-types-custom-input
- memberships
- reminder-mails
- schedules
- selected-calendars
- teams
## Models from database that are not exposed
mostly because they're deemed too sensitive can be revisited if needed.
@ -166,3 +177,5 @@ in order to build and deploy properly.
DATABASE_URL=
API_KEY_PREFIX=cal_# This can be changed per envirorment so cal_test_ for staging for example.
If you're self-hosting under our commercial license, you can use any prefix you want for api keys. either leave the default cal_ (not providing any envirorment variable) or modify it

1
lib/types.ts
View File

@ -37,6 +37,7 @@ export type UsersResponse = BaseResponse & {
// Team
export type TeamResponse = BaseResponse & {
team?: Partial<Team>;
owner?: Partial<Membership>;
};
export type TeamsResponse = BaseResponse & {
teams?: Partial<Team>[];

87
pages/api/teams/[id].ts
View File

@ -97,46 +97,59 @@ export async function teamById(req: NextApiRequest, res: NextApiResponse<TeamRes
});
//FIXME: This is a hack to get the teamId from the user's membership
console.log(userWithMemberships);
switch (method) {
case "GET":
await prisma.team
.findUnique({ where: { id: safeQuery.data.id } })
.then((data) => schemaTeamPublic.parse(data))
.then((team) => res.status(200).json({ team }))
.catch((error: Error) =>
res.status(404).json({ message: `Team with id: ${safeQuery.data.id} not found`, error })
);
break;
const userTeamIds = userWithMemberships.map((membership) => membership.teamId);
if (userTeamIds.includes(safeQuery.data.id)) {
switch (method) {
case "GET":
await prisma.team
.findUnique({ where: { id: safeQuery.data.id } })
.then((data) => schemaTeamPublic.parse(data))
.then((team) => res.status(200).json({ team }))
.catch((error: Error) =>
res.status(404).json({
message: `Team with id: ${safeQuery.data.id} not found`,
error,
})
);
break;
case "PATCH":
if (!safeBody.success) throw new Error("Invalid request body");
await prisma.team
.update({
where: { id: safeQuery.data.id },
data: safeBody.data,
})
.then((team) => schemaTeamPublic.parse(team))
.then((team) => res.status(200).json({ team }))
.catch((error: Error) =>
res.status(404).json({ message: `Team with id: ${safeQuery.data.id} not found`, error })
);
break;
case "PATCH":
if (!safeBody.success) {
throw new Error("Invalid request body");
}
await prisma.team
.update({ where: { id: safeQuery.data.id }, data: safeBody.data })
.then((team) => schemaTeamPublic.parse(team))
.then((team) => res.status(200).json({ team }))
.catch((error: Error) =>
res.status(404).json({
message: `Team with id: ${safeQuery.data.id} not found`,
error,
})
);
break;
case "DELETE":
await prisma.team
.delete({ where: { id: safeQuery.data.id } })
.then(() =>
res.status(200).json({ message: `Team with id: ${safeQuery.data.id} deleted successfully` })
)
.catch((error: Error) =>
res.status(404).json({ message: `Team with id: ${safeQuery.data.id} not found`, error })
);
break;
case "DELETE":
await prisma.team
.delete({ where: { id: safeQuery.data.id } })
.then(() =>
res.status(200).json({
message: `Team with id: ${safeQuery.data.id} deleted successfully`,
})
)
.catch((error: Error) =>
res.status(404).json({
message: `Team with id: ${safeQuery.data.id} not found`,
error,
})
);
break;
default:
res.status(405).json({ message: "Method not allowed" });
break;
}
default:
res.status(405).json({ message: "Method not allowed" });
break;
}
} else res.status(401).json({ message: "Unauthorized" });
}
export default withMiddleware("HTTP_GET_DELETE_PATCH")(withValidQueryIdTransformParseInt(teamById));

20
pages/api/teams/index.ts
View File

@ -5,6 +5,7 @@ import prisma from "@calcom/prisma";
import { withMiddleware } from "@lib/helpers/withMiddleware";
import { TeamResponse, TeamsResponse } from "@lib/types";
import { getCalcomUserId } from "@lib/utils/getCalcomUserId";
import { schemaMembershipPublic } from "@lib/validations/membership";
import { schemaTeamBodyParams, schemaTeamPublic, withValidTeam } from "@lib/validations/team";
/**
@ -59,13 +60,20 @@ async function createOrlistAllTeams(req: NextApiRequest, res: NextApiResponse<Te
const safe = schemaTeamBodyParams.safeParse(req.body);
if (!safe.success) throw new Error("Invalid request body");
const team = await prisma.team.create({ data: safe.data });
const membership = await prisma.membership.create({
data: { userId, teamId: team.id, role: "ADMIN" },
});
console.log(membership);
const membership = await prisma.membership
.create({
data: { userId, teamId: team.id, role: "OWNER", accepted: true },
})
.then((membership) => schemaMembershipPublic.parse(membership));
// We're also creating the relation membership of team ownership in this call.
const data = schemaTeamPublic.parse(team);
if (data) res.status(201).json({ team: data, message: "Team created successfully" });
// We are also returning the new ownership relation as owner besides team.
if (data)
res.status(201).json({
team: data,
owner: membership,
message: "Team created successfully, we also made you the owner of this team",
});
else
(error: Error) =>
res.status(400).json({