Add team user update.

2025-02-01 20:39:44 +01:00 · 2024-01-29 12:58:13 -08:00 · 2024-01-29 12:58:13 -08:00 · 3a5a3ce34f
commit 3a5a3ce34f
parent fec81695e8
2 changed files with 44 additions and 7 deletions
--- a/src/pages/api/teams/[id]/users/[userId].ts
+++ b/src/pages/api/teams/[id]/users/[userId].ts
@ -1,9 +1,9 @@
-import { canDeleteTeamUser } from 'lib/auth';
+import { canDeleteTeamUser, canUpdateTeam } from 'lib/auth';
 import { useAuth, useValidate } from 'lib/middleware';
 import { NextApiRequestQueryBody } from 'lib/types';
 import { NextApiResponse } from 'next';
-import { methodNotAllowed, ok, unauthorized } from 'next-basics';
-import { deleteTeamUser } from 'queries';
+import { badRequest, methodNotAllowed, ok, unauthorized } from 'next-basics';
+import { deleteTeamUser, getTeamUser, updateTeamUser } from 'queries';
 import * as yup from 'yup';

 export interface TeamUserRequestQuery {
@ -11,24 +11,61 @@ export interface TeamUserRequestQuery {
  userId: string;
 }

+export interface TeamUserRequestBody {
+  role: string;
+}
+
 const schema = {
  DELETE: yup.object().shape({
    id: yup.string().uuid().required(),
    userId: yup.string().uuid().required(),
  }),
+  POST: yup.object().shape({
+    role: yup
+      .string()
+      .matches(/team-member|team-guest/i)
+      .required(),
+  }),
 };

-export default async (req: NextApiRequestQueryBody<TeamUserRequestQuery>, res: NextApiResponse) => {
+export default async (
+  req: NextApiRequestQueryBody<TeamUserRequestQuery, TeamUserRequestBody>,
+  res: NextApiResponse,
+) => {
  await useAuth(req, res);
  await useValidate(schema, req, res);

-  if (req.method === 'DELETE') {
  const { id: teamId, userId } = req.query;

+  if (req.method === 'POST') {
+    if (!(await canUpdateTeam(req.auth, teamId))) {
+      return unauthorized(res, 'You must be the owner of this team.');
+    }
+
+    const teamUser = await getTeamUser(teamId, userId);
+
+    if (!teamUser) {
+      return badRequest(res, 'The User does not exists on this team.');
+    }
+
+    const { role } = req.body;
+
+    await updateTeamUser(teamUser.id, { role });
+
+    return ok(res);
+  }
+
+  if (req.method === 'DELETE') {
    if (!(await canDeleteTeamUser(req.auth, teamId, userId))) {
      return unauthorized(res, 'You must be the owner of this team.');
    }

+    const teamUser = await getTeamUser(teamId, userId);
+
+    if (!teamUser) {
+      return badRequest(res, 'The User does not exists on this team.');
+    }
+
    await deleteTeamUser(teamId, userId);

    return ok(res);
--- a/src/pages/api/teams/[id]/users/index.ts
+++ b/src/pages/api/teams/[id]/users/index.ts
@ -31,7 +31,7 @@ const schema = {
 };

 export default async (
-  req: NextApiRequestQueryBody<TeamUserRequestQuery, any>,
+  req: NextApiRequestQueryBody<TeamUserRequestQuery, TeamUserRequestBody>,
  res: NextApiResponse,
 ) => {
  await useAuth(req, res);