From 24ac7d6be09f713eb4809e0305b1aed7e28cc985 Mon Sep 17 00:00:00 2001 From: Francis Cao Date: Fri, 7 Apr 2023 14:23:38 -0700 Subject: [PATCH 1/3] fix urlPath clickhouse --- queries/analytics/event/getEvents.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/queries/analytics/event/getEvents.ts b/queries/analytics/event/getEvents.ts index 32bd1dd9..ddc81528 100644 --- a/queries/analytics/event/getEvents.ts +++ b/queries/analytics/event/getEvents.ts @@ -32,7 +32,7 @@ function clickhouseQuery(websiteId: string, startAt: Date, eventType: number) { session_id as sessionId, created_at as createdAt, toUnixTimestamp(created_at) as timestamp, - url_path, + url_path as urlPath, event_name as eventName from website_event where event_type = {eventType:UInt32} From 7a1ac22dde8285f12b71b4c8899d8f80156cdbe7 Mon Sep 17 00:00:00 2001 From: Francis Cao Date: Fri, 7 Apr 2023 14:37:22 -0700 Subject: [PATCH 2/3] add referrer_domain to getEvent --- queries/analytics/event/getEvents.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/queries/analytics/event/getEvents.ts b/queries/analytics/event/getEvents.ts index ddc81528..b3853f2d 100644 --- a/queries/analytics/event/getEvents.ts +++ b/queries/analytics/event/getEvents.ts @@ -33,6 +33,7 @@ function clickhouseQuery(websiteId: string, startAt: Date, eventType: number) { created_at as createdAt, toUnixTimestamp(created_at) as timestamp, url_path as urlPath, + referrer_domain as referrerDomain, event_name as eventName from website_event where event_type = {eventType:UInt32} From 7b07de7a98d0bd73863a7981164c33491d138198 Mon Sep 17 00:00:00 2001 From: Brian Cao Date: Fri, 7 Apr 2023 22:45:46 -0700 Subject: [PATCH 3/3] Api work for remove user. --- lib/auth.ts | 10 ++++------ pages/api/teamUsers/[id].ts | 28 ---------------------------- pages/api/teams/[id]/users.ts | 11 ++++++----- queries/admin/teamUser.ts | 11 +++++------ 4 files changed, 15 insertions(+), 45 deletions(-) delete mode 100644 pages/api/teamUsers/[id].ts diff --git a/lib/auth.ts b/lib/auth.ts index 7c83034c..a87e7e9d 100644 --- a/lib/auth.ts +++ b/lib/auth.ts @@ -187,19 +187,17 @@ export async function canDeleteTeam({ user }: Auth, teamId: string) { return false; } -export async function canDeleteTeamUser({ user }: Auth, teamUserId: string) { +export async function canDeleteTeamUser({ user }: Auth, teamId: string, removeUserId: string) { if (user.isAdmin) { return true; } - if (validate(teamUserId)) { - const removeUser = await getTeamUserById(teamUserId); - - if (removeUser.userId === user.id) { + if (validate(teamId) && validate(removeUserId)) { + if (removeUserId === user.id) { return true; } - const teamUser = await getTeamUser(removeUser.teamId, user.id); + const teamUser = await getTeamUser(teamId, user.id); return hasPermission(teamUser.role, PERMISSIONS.teamUpdate); } diff --git a/pages/api/teamUsers/[id].ts b/pages/api/teamUsers/[id].ts deleted file mode 100644 index d9f17ebb..00000000 --- a/pages/api/teamUsers/[id].ts +++ /dev/null @@ -1,28 +0,0 @@ -import { canDeleteTeamUser } from 'lib/auth'; -import { useAuth } from 'lib/middleware'; -import { NextApiRequestQueryBody } from 'lib/types'; -import { NextApiResponse } from 'next'; -import { methodNotAllowed, ok, unauthorized } from 'next-basics'; -import { deleteTeamUser } from 'queries/admin/teamUser'; - -export interface TeamUserRequestQuery { - id: string; -} - -export default async (req: NextApiRequestQueryBody, res: NextApiResponse) => { - await useAuth(req, res); - - const { id: teamUserId } = req.query; - - if (req.method === 'DELETE') { - if (!(await canDeleteTeamUser(req.auth, teamUserId))) { - return unauthorized(res); - } - - const websites = await deleteTeamUser(teamUserId); - - return ok(res, websites); - } - - return methodNotAllowed(res); -}; diff --git a/pages/api/teams/[id]/users.ts b/pages/api/teams/[id]/users.ts index a5da215a..9ed41e12 100644 --- a/pages/api/teams/[id]/users.ts +++ b/pages/api/teams/[id]/users.ts @@ -1,5 +1,5 @@ import { NextApiRequestQueryBody } from 'lib/types'; -import { canUpdateTeam, canViewTeam } from 'lib/auth'; +import { canDeleteTeamUser, canUpdateTeam, canViewTeam } from 'lib/auth'; import { useAuth } from 'lib/middleware'; import { NextApiResponse } from 'next'; import { badRequest, methodNotAllowed, ok, unauthorized } from 'next-basics'; @@ -12,7 +12,7 @@ export interface TeamUserRequestQuery { export interface TeamUserRequestBody { email: string; roleId: string; - teamUserId?: string; + userId?: string; } export default async ( @@ -53,12 +53,13 @@ export default async ( } if (req.method === 'DELETE') { - if (await canUpdateTeam(req.auth, teamId)) { + const { userId } = req.body; + + if (await canDeleteTeamUser(req.auth, teamId, userId)) { return unauthorized(res, 'You must be the owner of this team.'); } - const { teamUserId } = req.body; - await deleteTeamUser(teamUserId); + await deleteTeamUser(teamId, userId); return ok(res); } diff --git a/queries/admin/teamUser.ts b/queries/admin/teamUser.ts index 43d9f476..b1c295be 100644 --- a/queries/admin/teamUser.ts +++ b/queries/admin/teamUser.ts @@ -62,23 +62,22 @@ export async function updateTeamUser( }); } -export async function deleteTeamUser(teamUserId: string): Promise { +export async function deleteTeamUser(teamId: string, userId: string): Promise { const { client, transaction } = prisma; - const teamUser = await getTeamUserById(teamUserId); - return transaction([ client.teamWebsite.deleteMany({ where: { - teamId: teamUser.teamId, + teamId: teamId, website: { - userId: teamUser.userId, + userId: userId, }, }, }), client.teamUser.deleteMany({ where: { - id: teamUserId, + teamId, + userId, }, }), ]);