commit
fc95d8bb42
|
@ -11,7 +11,6 @@ declare module "next" {
|
||||||
userId: number;
|
userId: number;
|
||||||
method: string;
|
method: string;
|
||||||
query: { [key: string]: string | string[] };
|
query: { [key: string]: string | string[] };
|
||||||
body: any;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,62 @@
|
||||||
|
import { TFunction } from "next-i18next";
|
||||||
|
|
||||||
|
type EventNameObjectType = {
|
||||||
|
attendeeName: string;
|
||||||
|
eventType: string;
|
||||||
|
eventName?: string | null;
|
||||||
|
host: string;
|
||||||
|
location?: string;
|
||||||
|
t: TFunction;
|
||||||
|
};
|
||||||
|
|
||||||
|
export function getEventName(eventNameObj: EventNameObjectType, forAttendeeView = false) {
|
||||||
|
if (!eventNameObj.eventName)
|
||||||
|
return eventNameObj.t("event_between_users", {
|
||||||
|
eventName: eventNameObj.eventType,
|
||||||
|
host: eventNameObj.host,
|
||||||
|
attendeeName: eventNameObj.attendeeName,
|
||||||
|
});
|
||||||
|
|
||||||
|
let eventName = eventNameObj.eventName;
|
||||||
|
let locationString = "";
|
||||||
|
|
||||||
|
if (eventNameObj.eventName.includes("{LOCATION}")) {
|
||||||
|
switch (eventNameObj.location) {
|
||||||
|
case "inPerson":
|
||||||
|
locationString = "In Person";
|
||||||
|
break;
|
||||||
|
case "userPhone":
|
||||||
|
case "phone":
|
||||||
|
locationString = "Phone";
|
||||||
|
break;
|
||||||
|
case "integrations:daily":
|
||||||
|
locationString = "Cal Video";
|
||||||
|
break;
|
||||||
|
case "integrations:zoom":
|
||||||
|
locationString = "Zoom";
|
||||||
|
break;
|
||||||
|
case "integrations:huddle01":
|
||||||
|
locationString = "Huddle01";
|
||||||
|
break;
|
||||||
|
case "integrations:tandem":
|
||||||
|
locationString = "Tandem";
|
||||||
|
break;
|
||||||
|
case "integrations:office365_video":
|
||||||
|
locationString = "MS Teams";
|
||||||
|
break;
|
||||||
|
case "integrations:jitsi":
|
||||||
|
locationString = "Jitsi";
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
eventName = eventName.replace("{LOCATION}", locationString);
|
||||||
|
}
|
||||||
|
|
||||||
|
return (
|
||||||
|
eventName
|
||||||
|
// Need this for compatibility with older event names
|
||||||
|
.replace("{USER}", eventNameObj.attendeeName)
|
||||||
|
.replace("{ATTENDEE}", eventNameObj.attendeeName)
|
||||||
|
.replace("{HOST}", eventNameObj.host)
|
||||||
|
.replace("{HOST/ATTENDEE}", forAttendeeView ? eventNameObj.host : eventNameObj.attendeeName)
|
||||||
|
);
|
||||||
|
}
|
|
@ -0,0 +1,8 @@
|
||||||
|
import { UserPermissionRole } from "@prisma/client";
|
||||||
|
|
||||||
|
import prisma from "@calcom/prisma";
|
||||||
|
|
||||||
|
export const isAdminGuard = async (userId: number) => {
|
||||||
|
const user = await prisma.user.findUnique({ where: { id: userId } });
|
||||||
|
return user?.role === UserPermissionRole.ADMIN;
|
||||||
|
};
|
|
@ -0,0 +1,77 @@
|
||||||
|
import { Webhook } from "@prisma/client";
|
||||||
|
import { compile } from "handlebars";
|
||||||
|
|
||||||
|
// import type { CalendarEvent } from "@calcom/types/Calendar"; Add this to make it strict, change data: any to CalendarEvent type
|
||||||
|
|
||||||
|
type ContentType = "application/json" | "application/x-www-form-urlencoded";
|
||||||
|
|
||||||
|
function applyTemplate(template: string, data: any, contentType: ContentType) {
|
||||||
|
const compiled = compile(template)(data);
|
||||||
|
if (contentType === "application/json") {
|
||||||
|
return JSON.stringify(jsonParse(compiled));
|
||||||
|
}
|
||||||
|
return compiled;
|
||||||
|
}
|
||||||
|
|
||||||
|
function jsonParse(jsonString: string) {
|
||||||
|
try {
|
||||||
|
return JSON.parse(jsonString);
|
||||||
|
} catch (e) {
|
||||||
|
// don't do anything.
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
const sendPayload = async (
|
||||||
|
triggerEvent: string,
|
||||||
|
createdAt: string,
|
||||||
|
webhook: Pick<Webhook, "subscriberUrl" | "appId" | "payloadTemplate">,
|
||||||
|
data: any & {
|
||||||
|
metadata?: { [key: string]: string };
|
||||||
|
rescheduleUid?: string;
|
||||||
|
bookingId?: number;
|
||||||
|
}
|
||||||
|
) => {
|
||||||
|
const { subscriberUrl, appId, payloadTemplate: template } = webhook;
|
||||||
|
if (!subscriberUrl || !data) {
|
||||||
|
throw new Error("Missing required elements to send webhook payload.");
|
||||||
|
}
|
||||||
|
|
||||||
|
const contentType =
|
||||||
|
!template || jsonParse(template) ? "application/json" : "application/x-www-form-urlencoded";
|
||||||
|
|
||||||
|
data.description = data.description || data.additionalNotes;
|
||||||
|
|
||||||
|
let body;
|
||||||
|
|
||||||
|
/* Zapier id is hardcoded in the DB, we send the raw data for this case */
|
||||||
|
if (appId === "zapier") {
|
||||||
|
body = JSON.stringify(data);
|
||||||
|
} else if (template) {
|
||||||
|
body = applyTemplate(template, data, contentType);
|
||||||
|
} else {
|
||||||
|
body = JSON.stringify({
|
||||||
|
triggerEvent: triggerEvent,
|
||||||
|
createdAt: createdAt,
|
||||||
|
payload: data,
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
const response = await fetch(subscriberUrl, {
|
||||||
|
method: "POST",
|
||||||
|
headers: {
|
||||||
|
"Content-Type": contentType,
|
||||||
|
},
|
||||||
|
body,
|
||||||
|
});
|
||||||
|
|
||||||
|
const text = await response.text();
|
||||||
|
|
||||||
|
return {
|
||||||
|
ok: response.ok,
|
||||||
|
status: response.status,
|
||||||
|
message: text,
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
export default sendPayload;
|
|
@ -0,0 +1,42 @@
|
||||||
|
import { WebhookTriggerEvents } from "@prisma/client";
|
||||||
|
|
||||||
|
import prisma from "@calcom/prisma";
|
||||||
|
|
||||||
|
export type GetSubscriberOptions = {
|
||||||
|
userId: number;
|
||||||
|
eventTypeId: number;
|
||||||
|
triggerEvent: WebhookTriggerEvents;
|
||||||
|
};
|
||||||
|
|
||||||
|
const getWebhooks = async (options: GetSubscriberOptions) => {
|
||||||
|
const { userId, eventTypeId } = options;
|
||||||
|
const allWebhooks = await prisma.webhook.findMany({
|
||||||
|
where: {
|
||||||
|
OR: [
|
||||||
|
{
|
||||||
|
userId,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
eventTypeId,
|
||||||
|
},
|
||||||
|
],
|
||||||
|
AND: {
|
||||||
|
eventTriggers: {
|
||||||
|
has: options.triggerEvent,
|
||||||
|
},
|
||||||
|
active: {
|
||||||
|
equals: true,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
select: {
|
||||||
|
subscriberUrl: true,
|
||||||
|
payloadTemplate: true,
|
||||||
|
appId: true,
|
||||||
|
},
|
||||||
|
});
|
||||||
|
|
||||||
|
return allWebhooks;
|
||||||
|
};
|
||||||
|
|
||||||
|
export default getWebhooks;
|
|
@ -13,7 +13,6 @@ const schemaBookingBaseBodyParams = Booking.pick({
|
||||||
|
|
||||||
const schemaBookingCreateParams = z
|
const schemaBookingCreateParams = z
|
||||||
.object({
|
.object({
|
||||||
uid: z.string(),
|
|
||||||
eventTypeId: z.number(),
|
eventTypeId: z.number(),
|
||||||
title: z.string(),
|
title: z.string(),
|
||||||
startTime: z.date().or(z.string()),
|
startTime: z.date().or(z.string()),
|
||||||
|
|
|
@ -85,19 +85,45 @@ const schemaUserEditParams = z.object({
|
||||||
bufferTime: z.number().min(0).max(86400).optional(),
|
bufferTime: z.number().min(0).max(86400).optional(),
|
||||||
startTime: z.number().min(0).max(86400).optional(),
|
startTime: z.number().min(0).max(86400).optional(),
|
||||||
endTime: z.number().min(0).max(86400).optional(),
|
endTime: z.number().min(0).max(86400).optional(),
|
||||||
theme: z.nativeEnum(theme).optional(),
|
theme: z.nativeEnum(theme).optional().nullable(),
|
||||||
timeFormat: z.nativeEnum(timeFormat).optional(),
|
timeFormat: z.nativeEnum(timeFormat).optional(),
|
||||||
defaultScheduleId: z
|
defaultScheduleId: z
|
||||||
.number()
|
.number()
|
||||||
.refine((id: number) => id > 0)
|
.refine((id: number) => id > 0)
|
||||||
.optional(),
|
.optional()
|
||||||
locale: z.nativeEnum(locales).optional(),
|
.nullable(),
|
||||||
|
locale: z.nativeEnum(locales).optional().nullable(),
|
||||||
metadata: jsonSchema,
|
metadata: jsonSchema,
|
||||||
});
|
});
|
||||||
|
|
||||||
|
// @note: These are the values that are editable via PATCH method on the user Model,
|
||||||
|
// merging both BaseBodyParams with RequiredParams, and omiting whatever we want at the end.
|
||||||
|
|
||||||
|
const schemaUserCreateParams = z.object({
|
||||||
|
email: z.string().email(),
|
||||||
|
weekStart: z.nativeEnum(weekdays).optional(),
|
||||||
|
brandColor: z.string().min(4).max(9).regex(/^#/).optional(),
|
||||||
|
darkBrandColor: z.string().min(4).max(9).regex(/^#/).optional(),
|
||||||
|
timeZone: timeZone.optional(),
|
||||||
|
bufferTime: z.number().min(0).max(86400).optional(),
|
||||||
|
startTime: z.number().min(0).max(86400).optional(),
|
||||||
|
endTime: z.number().min(0).max(86400).optional(),
|
||||||
|
theme: z.nativeEnum(theme).optional().nullable(),
|
||||||
|
timeFormat: z.nativeEnum(timeFormat).optional(),
|
||||||
|
defaultScheduleId: z
|
||||||
|
.number()
|
||||||
|
.refine((id: number) => id > 0)
|
||||||
|
.optional()
|
||||||
|
.nullable(),
|
||||||
|
locale: z.nativeEnum(locales).optional(),
|
||||||
|
metadata: jsonSchema,
|
||||||
|
createdDate: z.string().or(z.date()).optional(),
|
||||||
|
});
|
||||||
|
|
||||||
// @note: These are the values that are editable via PATCH method on the user Model,
|
// @note: These are the values that are editable via PATCH method on the user Model,
|
||||||
// merging both BaseBodyParams with RequiredParams, and omiting whatever we want at the end.
|
// merging both BaseBodyParams with RequiredParams, and omiting whatever we want at the end.
|
||||||
export const schemaUserEditBodyParams = schemaUserBaseBodyParams.merge(schemaUserEditParams).omit({});
|
export const schemaUserEditBodyParams = schemaUserBaseBodyParams.merge(schemaUserEditParams).omit({});
|
||||||
|
export const schemaUserCreateBodyParams = schemaUserBaseBodyParams.merge(schemaUserCreateParams).omit({});
|
||||||
|
|
||||||
// @note: These are the values that are always returned when reading a user
|
// @note: These are the values that are always returned when reading a user
|
||||||
export const schemaUserReadPublic = User.pick({
|
export const schemaUserReadPublic = User.pick({
|
||||||
|
@ -124,4 +150,4 @@ export const schemaUserReadPublic = User.pick({
|
||||||
createdDate: true,
|
createdDate: true,
|
||||||
verified: true,
|
verified: true,
|
||||||
invitedTo: true,
|
invitedTo: true,
|
||||||
});
|
}).merge(schemaUserEditBodyParams);
|
||||||
|
|
|
@ -26,7 +26,6 @@ const schemaWebhookBaseBodyParams = Webhook.pick({
|
||||||
|
|
||||||
export const schemaWebhookCreateParams = z
|
export const schemaWebhookCreateParams = z
|
||||||
.object({
|
.object({
|
||||||
id: z.string(),
|
|
||||||
subscriberUrl: z.string().url(),
|
subscriberUrl: z.string().url(),
|
||||||
eventTriggers: z.enum(WEBHOOK_TRIGGER_EVENTS).array(),
|
eventTriggers: z.enum(WEBHOOK_TRIGGER_EVENTS).array(),
|
||||||
active: z.boolean(),
|
active: z.boolean(),
|
||||||
|
@ -52,6 +51,7 @@ export const schemaWebhookReadPublic = Webhook.pick({
|
||||||
eventTypeId: true,
|
eventTypeId: true,
|
||||||
payloadTemplate: true,
|
payloadTemplate: true,
|
||||||
eventTriggers: true,
|
eventTriggers: true,
|
||||||
|
/** @todo: find out how to properly add back and validate those. */
|
||||||
// eventType: true,
|
// eventType: true,
|
||||||
// app: true,
|
// app: true,
|
||||||
appId: true,
|
appId: true,
|
||||||
|
|
|
@ -35,6 +35,7 @@
|
||||||
"next-validations": "^0.2.0",
|
"next-validations": "^0.2.0",
|
||||||
"typescript": "^4.6.4",
|
"typescript": "^4.6.4",
|
||||||
"tzdata": "^1.0.30",
|
"tzdata": "^1.0.30",
|
||||||
|
"uuid": "^8.3.2",
|
||||||
"zod": "^3.16.0"
|
"zod": "^3.16.0"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,10 +1,15 @@
|
||||||
|
import { WebhookTriggerEvents } from "@prisma/client";
|
||||||
import type { NextApiRequest, NextApiResponse } from "next";
|
import type { NextApiRequest, NextApiResponse } from "next";
|
||||||
|
import { v4 as uuidv4 } from "uuid";
|
||||||
|
|
||||||
import prisma from "@calcom/prisma";
|
import prisma from "@calcom/prisma";
|
||||||
|
|
||||||
import { withMiddleware } from "@lib/helpers/withMiddleware";
|
import { withMiddleware } from "@lib/helpers/withMiddleware";
|
||||||
import { BookingResponse, BookingsResponse } from "@lib/types";
|
import { BookingResponse, BookingsResponse } from "@lib/types";
|
||||||
|
import sendPayload from "@lib/utils/sendPayload";
|
||||||
|
import getWebhooks from "@lib/utils/webhookSubscriptions";
|
||||||
import { schemaBookingCreateBodyParams, schemaBookingReadPublic } from "@lib/validations/booking";
|
import { schemaBookingCreateBodyParams, schemaBookingReadPublic } from "@lib/validations/booking";
|
||||||
|
import { schemaEventTypeReadPublic } from "@lib/validations/event-type";
|
||||||
|
|
||||||
async function createOrlistAllBookings(
|
async function createOrlistAllBookings(
|
||||||
{ method, body, userId }: NextApiRequest,
|
{ method, body, userId }: NextApiRequest,
|
||||||
|
@ -78,11 +83,62 @@ async function createOrlistAllBookings(
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
safe.data.userId = userId;
|
safe.data.userId = userId;
|
||||||
const data = await prisma.booking.create({ data: { ...safe.data } });
|
const data = await prisma.booking.create({ data: { uid: uuidv4(), ...safe.data } });
|
||||||
const booking = schemaBookingReadPublic.parse(data);
|
const booking = schemaBookingReadPublic.parse(data);
|
||||||
|
|
||||||
if (booking) res.status(201).json({ booking, message: "Booking created successfully" });
|
if (booking) {
|
||||||
else
|
res.status(201).json({ booking, message: "Booking created successfully" });
|
||||||
|
// Create Calendar Event for webhook payload
|
||||||
|
const eventType = await prisma.eventType
|
||||||
|
.findUnique({ where: { id: booking.eventTypeId as number } })
|
||||||
|
.then((data) => schemaEventTypeReadPublic.parse(data))
|
||||||
|
.catch((e: Error) => {
|
||||||
|
console.error(`Event type with ID: ${booking.eventTypeId} not found`, e);
|
||||||
|
});
|
||||||
|
const evt = {
|
||||||
|
type: eventType?.title || booking.title,
|
||||||
|
title: booking.title,
|
||||||
|
description: "",
|
||||||
|
additionalNotes: "",
|
||||||
|
customInputs: {},
|
||||||
|
startTime: booking.startTime.toISOString(),
|
||||||
|
endTime: booking.endTime.toISOString(),
|
||||||
|
organizer: {
|
||||||
|
name: "",
|
||||||
|
email: "",
|
||||||
|
timeZone: "",
|
||||||
|
language: {
|
||||||
|
locale: "en",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
attendees: [],
|
||||||
|
location: "",
|
||||||
|
destinationCalendar: null,
|
||||||
|
hideCalendar: false,
|
||||||
|
uid: booking.uid,
|
||||||
|
metadata: {},
|
||||||
|
};
|
||||||
|
|
||||||
|
// Send Webhook call if hooked to BOOKING_CREATED
|
||||||
|
const triggerEvent = WebhookTriggerEvents.BOOKING_CREATED;
|
||||||
|
const subscriberOptions = {
|
||||||
|
userId,
|
||||||
|
eventTypeId: booking.eventTypeId as number,
|
||||||
|
triggerEvent,
|
||||||
|
};
|
||||||
|
|
||||||
|
const subscribers = await getWebhooks(subscriberOptions);
|
||||||
|
const bookingId = booking?.id;
|
||||||
|
const promises = subscribers.map((sub) =>
|
||||||
|
sendPayload(triggerEvent, new Date().toISOString(), sub, {
|
||||||
|
...evt,
|
||||||
|
bookingId,
|
||||||
|
}).catch((e) => {
|
||||||
|
console.error(`Error executing webhook for event: ${triggerEvent}, URL: ${sub.subscriberUrl}`, e);
|
||||||
|
})
|
||||||
|
);
|
||||||
|
await Promise.all(promises);
|
||||||
|
} else
|
||||||
(error: Error) => {
|
(error: Error) => {
|
||||||
console.log(error);
|
console.log(error);
|
||||||
res.status(400).json({
|
res.status(400).json({
|
||||||
|
|
|
@ -51,7 +51,7 @@ export async function WebhookById(
|
||||||
case "GET":
|
case "GET":
|
||||||
await prisma.webhook
|
await prisma.webhook
|
||||||
.findUnique({ where: { id: safeQuery.data.id } })
|
.findUnique({ where: { id: safeQuery.data.id } })
|
||||||
// .then((data) => schemaWebhookReadPublic.parse(data))
|
.then((data) => schemaWebhookReadPublic.parse(data))
|
||||||
.then((webhook) => res.status(200).json({ webhook }))
|
.then((webhook) => res.status(200).json({ webhook }))
|
||||||
.catch((error: Error) =>
|
.catch((error: Error) =>
|
||||||
res.status(404).json({
|
res.status(404).json({
|
||||||
|
@ -95,9 +95,29 @@ export async function WebhookById(
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if (safeBody.data.eventTypeId) {
|
||||||
|
const team = await prisma.team.findFirst({
|
||||||
|
where: {
|
||||||
|
eventTypes: {
|
||||||
|
some: {
|
||||||
|
id: safeBody.data.eventTypeId,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
include: {
|
||||||
|
members: true,
|
||||||
|
},
|
||||||
|
});
|
||||||
|
|
||||||
|
// Team should be available and the user should be a member of the team
|
||||||
|
if (!team?.members.some((membership) => membership.userId === userId)) {
|
||||||
|
res.status(401).json({ message: "Unauthorized" });
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
await prisma.webhook
|
await prisma.webhook
|
||||||
.update({ where: { id: safeQuery.data.id }, data: safeBody.data })
|
.update({ where: { id: safeQuery.data.id }, data: safeBody.data })
|
||||||
// .then((data) => schemaWebhookReadPublic.parse(data))
|
.then((data) => schemaWebhookReadPublic.parse(data))
|
||||||
.then((webhook) => res.status(200).json({ webhook }))
|
.then((webhook) => res.status(200).json({ webhook }))
|
||||||
.catch((error: Error) =>
|
.catch((error: Error) =>
|
||||||
res.status(404).json({
|
res.status(404).json({
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
import type { NextApiRequest, NextApiResponse } from "next";
|
import type { NextApiRequest, NextApiResponse } from "next";
|
||||||
|
import { v4 as uuidv4 } from "uuid";
|
||||||
|
|
||||||
import prisma from "@calcom/prisma";
|
import prisma from "@calcom/prisma";
|
||||||
|
|
||||||
|
@ -60,7 +61,27 @@ async function createOrlistAllWebhooks(
|
||||||
res.status(400).json({ message: "Invalid request body" });
|
res.status(400).json({ message: "Invalid request body" });
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
const data = await prisma.webhook.create({ data: { ...safe.data, userId } });
|
if (safe.data.eventTypeId) {
|
||||||
|
const team = await prisma.team.findFirst({
|
||||||
|
where: {
|
||||||
|
eventTypes: {
|
||||||
|
some: {
|
||||||
|
id: safe.data.eventTypeId,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
include: {
|
||||||
|
members: true,
|
||||||
|
},
|
||||||
|
});
|
||||||
|
|
||||||
|
// Team should be available and the user should be a member of the team
|
||||||
|
if (!team?.members.some((membership) => membership.userId === userId)) {
|
||||||
|
res.status(401).json({ message: "Unauthorized" });
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
const data = await prisma.webhook.create({ data: { id: uuidv4(), ...safe.data, userId } });
|
||||||
if (data) res.status(201).json({ webhook: data, message: "Webhook created successfully" });
|
if (data) res.status(201).json({ webhook: data, message: "Webhook created successfully" });
|
||||||
else
|
else
|
||||||
(error: Error) =>
|
(error: Error) =>
|
||||||
|
|
|
@ -4,6 +4,7 @@ import prisma from "@calcom/prisma";
|
||||||
|
|
||||||
import { withMiddleware } from "@lib/helpers/withMiddleware";
|
import { withMiddleware } from "@lib/helpers/withMiddleware";
|
||||||
import type { UserResponse } from "@lib/types";
|
import type { UserResponse } from "@lib/types";
|
||||||
|
import { isAdminGuard } from "@lib/utils/isAdmin";
|
||||||
import {
|
import {
|
||||||
schemaQueryIdParseInt,
|
schemaQueryIdParseInt,
|
||||||
withValidQueryIdTransformParseInt,
|
withValidQueryIdTransformParseInt,
|
||||||
|
@ -20,8 +21,11 @@ export async function userById(
|
||||||
res.status(400).json({ message: "Your query was invalid" });
|
res.status(400).json({ message: "Your query was invalid" });
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
const isAdmin = await isAdminGuard(userId);
|
||||||
|
// Here we only check for ownership of the user if the user is not admin, otherwise we let ADMIN's edit any user
|
||||||
|
if (!isAdmin) {
|
||||||
if (safeQuery.data.id !== userId) res.status(401).json({ message: "Unauthorized" });
|
if (safeQuery.data.id !== userId) res.status(401).json({ message: "Unauthorized" });
|
||||||
else {
|
} else {
|
||||||
switch (method) {
|
switch (method) {
|
||||||
case "GET":
|
case "GET":
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -4,7 +4,8 @@ import prisma from "@calcom/prisma";
|
||||||
|
|
||||||
import { withMiddleware } from "@lib/helpers/withMiddleware";
|
import { withMiddleware } from "@lib/helpers/withMiddleware";
|
||||||
import { UserResponse, UsersResponse } from "@lib/types";
|
import { UserResponse, UsersResponse } from "@lib/types";
|
||||||
import { schemaUserReadPublic } from "@lib/validations/user";
|
import { isAdminGuard } from "@lib/utils/isAdmin";
|
||||||
|
import { schemaUserReadPublic, schemaUserCreateBodyParams } from "@lib/validations/user";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @swagger
|
* @swagger
|
||||||
|
@ -26,34 +27,34 @@ async function getAllorCreateUser(
|
||||||
{ userId, method, body }: NextApiRequest,
|
{ userId, method, body }: NextApiRequest,
|
||||||
res: NextApiResponse<UsersResponse | UserResponse>
|
res: NextApiResponse<UsersResponse | UserResponse>
|
||||||
) {
|
) {
|
||||||
|
const isAdmin = await isAdminGuard(userId);
|
||||||
if (method === "GET") {
|
if (method === "GET") {
|
||||||
const data = await prisma.user.findMany({
|
if (!isAdmin) {
|
||||||
where: {
|
// If user is not ADMIN, return only his data.
|
||||||
id: userId,
|
const data = await prisma.user.findMany({ where: { id: userId } });
|
||||||
},
|
const users = data.map((user) => schemaUserReadPublic.parse(user));
|
||||||
});
|
if (users) res.status(200).json({ users });
|
||||||
|
} else {
|
||||||
|
// If user is admin, return all users.
|
||||||
|
const data = await prisma.user.findMany({});
|
||||||
const users = data.map((user) => schemaUserReadPublic.parse(user));
|
const users = data.map((user) => schemaUserReadPublic.parse(user));
|
||||||
if (users) res.status(200).json({ users });
|
if (users) res.status(200).json({ users });
|
||||||
else
|
|
||||||
(error: Error) =>
|
|
||||||
res.status(404).json({
|
|
||||||
message: "No Users were found",
|
|
||||||
error,
|
|
||||||
});
|
|
||||||
}
|
}
|
||||||
// else if (method === "POST") {
|
} else if (method === "POST") {
|
||||||
// const isAdmin = await prisma.user
|
// If user is not ADMIN, return unauthorized.
|
||||||
// .findUnique({ where: { id: userId } })
|
if (!isAdmin) res.status(401).json({ message: "You are not authorized" });
|
||||||
// .then((user) => user?.role === "ADMIN");
|
else {
|
||||||
// if (!isAdmin) res.status(401).json({ message: "You are not authorized" });
|
const safeBody = schemaUserCreateBodyParams.safeParse(body);
|
||||||
// else {
|
if (!safeBody.success) {
|
||||||
// const user = await prisma.user.create({
|
res.status(400).json({ message: "Your body was invalid" });
|
||||||
// data: schemaUserReadPublic.parse(body),
|
return;
|
||||||
// });
|
}
|
||||||
// res.status(201).json({ user });
|
const user = await prisma.user.create({
|
||||||
// }
|
data: safeBody.data,
|
||||||
// }
|
});
|
||||||
|
res.status(201).json({ user });
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
// No POST endpoint for users for now as a regular user you're expected to signup.
|
|
||||||
|
|
||||||
export default withMiddleware("HTTP_GET_OR_POST")(getAllorCreateUser);
|
export default withMiddleware("HTTP_GET_OR_POST")(getAllorCreateUser);
|
||||||
|
|
Loading…
Reference in New Issue