mirror of
https://github.com/kremalicious/umami.git
synced 2025-02-01 20:39:44 +01:00
Add team user update.
This commit is contained in:
Brian Cao
parent
fec81695e8
commit
3a5a3ce34f
@ -1,9 +1,9 @@
|
|||||||
import { canDeleteTeamUser } from 'lib/auth';
|
import { canDeleteTeamUser, canUpdateTeam } from 'lib/auth';
|
||||||
import { useAuth, useValidate } from 'lib/middleware';
|
import { useAuth, useValidate } from 'lib/middleware';
|
||||||
import { NextApiRequestQueryBody } from 'lib/types';
|
import { NextApiRequestQueryBody } from 'lib/types';
|
||||||
import { NextApiResponse } from 'next';
|
import { NextApiResponse } from 'next';
|
||||||
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
|
import { badRequest, methodNotAllowed, ok, unauthorized } from 'next-basics';
|
||||||
import { deleteTeamUser } from 'queries';
|
import { deleteTeamUser, getTeamUser, updateTeamUser } from 'queries';
|
||||||
import * as yup from 'yup';
|
import * as yup from 'yup';
|
||||||
|
|
||||||
export interface TeamUserRequestQuery {
|
export interface TeamUserRequestQuery {
|
||||||
@ -11,24 +11,61 @@ export interface TeamUserRequestQuery {
|
|||||||
userId: string;
|
userId: string;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
export interface TeamUserRequestBody {
|
||||||
|
role: string;
|
||||||
|
}
|
||||||
|
|
||||||
const schema = {
|
const schema = {
|
||||||
DELETE: yup.object().shape({
|
DELETE: yup.object().shape({
|
||||||
id: yup.string().uuid().required(),
|
id: yup.string().uuid().required(),
|
||||||
userId: yup.string().uuid().required(),
|
userId: yup.string().uuid().required(),
|
||||||
}),
|
}),
|
||||||
|
POST: yup.object().shape({
|
||||||
|
role: yup
|
||||||
|
.string()
|
||||||
|
.matches(/team-member|team-guest/i)
|
||||||
|
.required(),
|
||||||
|
}),
|
||||||
};
|
};
|
||||||
|
|
||||||
export default async (req: NextApiRequestQueryBody<TeamUserRequestQuery>, res: NextApiResponse) => {
|
export default async (
|
||||||
|
req: NextApiRequestQueryBody<TeamUserRequestQuery, TeamUserRequestBody>,
|
||||||
|
res: NextApiResponse,
|
||||||
|
) => {
|
||||||
await useAuth(req, res);
|
await useAuth(req, res);
|
||||||
await useValidate(schema, req, res);
|
await useValidate(schema, req, res);
|
||||||
|
|
||||||
if (req.method === 'DELETE') {
|
|
||||||
const { id: teamId, userId } = req.query;
|
const { id: teamId, userId } = req.query;
|
||||||
|
|
||||||
|
if (req.method === 'POST') {
|
||||||
|
if (!(await canUpdateTeam(req.auth, teamId))) {
|
||||||
|
return unauthorized(res, 'You must be the owner of this team.');
|
||||||
|
}
|
||||||
|
|
||||||
|
const teamUser = await getTeamUser(teamId, userId);
|
||||||
|
|
||||||
|
if (!teamUser) {
|
||||||
|
return badRequest(res, 'The User does not exists on this team.');
|
||||||
|
}
|
||||||
|
|
||||||
|
const { role } = req.body;
|
||||||
|
|
||||||
|
await updateTeamUser(teamUser.id, { role });
|
||||||
|
|
||||||
|
return ok(res);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (req.method === 'DELETE') {
|
||||||
if (!(await canDeleteTeamUser(req.auth, teamId, userId))) {
|
if (!(await canDeleteTeamUser(req.auth, teamId, userId))) {
|
||||||
return unauthorized(res, 'You must be the owner of this team.');
|
return unauthorized(res, 'You must be the owner of this team.');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
const teamUser = await getTeamUser(teamId, userId);
|
||||||
|
|
||||||
|
if (!teamUser) {
|
||||||
|
return badRequest(res, 'The User does not exists on this team.');
|
||||||
|
}
|
||||||
|
|
||||||
await deleteTeamUser(teamId, userId);
|
await deleteTeamUser(teamId, userId);
|
||||||
|
|
||||||
return ok(res);
|
return ok(res);
|
||||||
|
|||||||
@ -31,7 +31,7 @@ const schema = {
|
|||||||
};
|
};
|
||||||
|
|
||||||
export default async (
|
export default async (
|
||||||
req: NextApiRequestQueryBody<TeamUserRequestQuery, any>,
|
req: NextApiRequestQueryBody<TeamUserRequestQuery, TeamUserRequestBody>,
|
||||||
res: NextApiResponse,
|
res: NextApiResponse,
|
||||||
) => {
|
) => {
|
||||||
await useAuth(req, res);
|
await useAuth(req, res);
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user