Add team user update.

src/pages/api/teams/[id]/users/[userId].ts

@@ -1,9 +1,9 @@
-import { canDeleteTeamUser } from 'lib/auth';
+import { canDeleteTeamUser, canUpdateTeam } from 'lib/auth';
 import { useAuth, useValidate } from 'lib/middleware';
 import { NextApiRequestQueryBody } from 'lib/types';
 import { NextApiResponse } from 'next';
-import { methodNotAllowed, ok, unauthorized } from 'next-basics';
-import { deleteTeamUser } from 'queries';
+import { badRequest, methodNotAllowed, ok, unauthorized } from 'next-basics';
+import { deleteTeamUser, getTeamUser, updateTeamUser } from 'queries';
 import * as yup from 'yup';
 
 export interface TeamUserRequestQuery {
@@ -11,24 +11,61 @@ export interface TeamUserRequestQuery {
   userId: string;
 }
 
+export interface TeamUserRequestBody {
+  role: string;
+}
+
 const schema = {
   DELETE: yup.object().shape({
     id: yup.string().uuid().required(),
     userId: yup.string().uuid().required(),
   }),
+  POST: yup.object().shape({
+    role: yup
+      .string()
+      .matches(/team-member|team-guest/i)
+      .required(),
+  }),
 };
 
-export default async (req: NextApiRequestQueryBody<TeamUserRequestQuery>, res: NextApiResponse) => {
+export default async (
+  req: NextApiRequestQueryBody<TeamUserRequestQuery, TeamUserRequestBody>,
+  res: NextApiResponse,
+) => {
   await useAuth(req, res);
   await useValidate(schema, req, res);
 
-  if (req.method === 'DELETE') {
-    const { id: teamId, userId } = req.query;
+  const { id: teamId, userId } = req.query;
 
+  if (req.method === 'POST') {
+    if (!(await canUpdateTeam(req.auth, teamId))) {
+      return unauthorized(res, 'You must be the owner of this team.');
+    }
+
+    const teamUser = await getTeamUser(teamId, userId);
+
+    if (!teamUser) {
+      return badRequest(res, 'The User does not exists on this team.');
+    }
+
+    const { role } = req.body;
+
+    await updateTeamUser(teamUser.id, { role });
+
+    return ok(res);
+  }
+
+  if (req.method === 'DELETE') {
     if (!(await canDeleteTeamUser(req.auth, teamId, userId))) {
       return unauthorized(res, 'You must be the owner of this team.');
     }
 
+    const teamUser = await getTeamUser(teamId, userId);
+
+    if (!teamUser) {
+      return badRequest(res, 'The User does not exists on this team.');
+    }
+
     await deleteTeamUser(teamId, userId);
 
     return ok(res);

src/pages/api/teams/[id]/users/index.ts

@@ -31,7 +31,7 @@ const schema = {
 };
 
 export default async (
-  req: NextApiRequestQueryBody<TeamUserRequestQuery, any>,
+  req: NextApiRequestQueryBody<TeamUserRequestQuery, TeamUserRequestBody>,
   res: NextApiResponse,
 ) => {
   await useAuth(req, res);