35 lines
1.3 KiB
TypeScript
35 lines
1.3 KiB
TypeScript
import type { Prisma } from "@prisma/client";
|
|
import { MembershipRole } from "@prisma/client";
|
|
import type { NextApiRequest } from "next";
|
|
|
|
import { HttpError } from "@calcom/lib/http-error";
|
|
|
|
import { schemaQueryTeamId } from "~/lib/validations/shared/queryTeamId";
|
|
|
|
async function authMiddleware(req: NextApiRequest) {
|
|
const { userId, prisma, isAdmin } = req;
|
|
const { teamId } = schemaQueryTeamId.parse(req.query);
|
|
/** Admins can skip the ownership verification */
|
|
if (isAdmin) return;
|
|
/** Non-members will see a 404 error which may or not be the desired behavior. */
|
|
await prisma.team.findFirstOrThrow({
|
|
where: { id: teamId, members: { some: { userId } } },
|
|
});
|
|
}
|
|
|
|
export async function checkPermissions(
|
|
req: NextApiRequest,
|
|
role: Prisma.MembershipWhereInput["role"] = MembershipRole.OWNER
|
|
) {
|
|
const { userId, prisma, isAdmin } = req;
|
|
const { teamId } = schemaQueryTeamId.parse(req.query);
|
|
const args: Prisma.TeamFindFirstArgs = { where: { id: teamId } };
|
|
/** If not ADMIN then we check if the actual user belongs to team and matches the required role */
|
|
if (!isAdmin) args.where = { ...args.where, members: { some: { userId, role } } };
|
|
const team = await prisma.team.findFirst(args);
|
|
if (!team) throw new HttpError({ statusCode: 401, message: `Unauthorized: ${role.toString()} required` });
|
|
return team;
|
|
}
|
|
|
|
export default authMiddleware;
|