mirror of
https://github.com/kremalicious/umami.git
synced 2024-06-30 13:41:50 +02:00
Merge branch 'dev' of https://github.com/umami-software/umami into dev
This commit is contained in:
commit
45d3fa4016
10
lib/auth.ts
10
lib/auth.ts
|
@ -187,19 +187,17 @@ export async function canDeleteTeam({ user }: Auth, teamId: string) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
export async function canDeleteTeamUser({ user }: Auth, teamUserId: string) {
|
export async function canDeleteTeamUser({ user }: Auth, teamId: string, removeUserId: string) {
|
||||||
if (user.isAdmin) {
|
if (user.isAdmin) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (validate(teamUserId)) {
|
if (validate(teamId) && validate(removeUserId)) {
|
||||||
const removeUser = await getTeamUserById(teamUserId);
|
if (removeUserId === user.id) {
|
||||||
|
|
||||||
if (removeUser.userId === user.id) {
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
const teamUser = await getTeamUser(removeUser.teamId, user.id);
|
const teamUser = await getTeamUser(teamId, user.id);
|
||||||
|
|
||||||
return hasPermission(teamUser.role, PERMISSIONS.teamUpdate);
|
return hasPermission(teamUser.role, PERMISSIONS.teamUpdate);
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,28 +0,0 @@
|
||||||
import { canDeleteTeamUser } from 'lib/auth';
|
|
||||||
import { useAuth } from 'lib/middleware';
|
|
||||||
import { NextApiRequestQueryBody } from 'lib/types';
|
|
||||||
import { NextApiResponse } from 'next';
|
|
||||||
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
|
|
||||||
import { deleteTeamUser } from 'queries/admin/teamUser';
|
|
||||||
|
|
||||||
export interface TeamUserRequestQuery {
|
|
||||||
id: string;
|
|
||||||
}
|
|
||||||
|
|
||||||
export default async (req: NextApiRequestQueryBody<TeamUserRequestQuery>, res: NextApiResponse) => {
|
|
||||||
await useAuth(req, res);
|
|
||||||
|
|
||||||
const { id: teamUserId } = req.query;
|
|
||||||
|
|
||||||
if (req.method === 'DELETE') {
|
|
||||||
if (!(await canDeleteTeamUser(req.auth, teamUserId))) {
|
|
||||||
return unauthorized(res);
|
|
||||||
}
|
|
||||||
|
|
||||||
const websites = await deleteTeamUser(teamUserId);
|
|
||||||
|
|
||||||
return ok(res, websites);
|
|
||||||
}
|
|
||||||
|
|
||||||
return methodNotAllowed(res);
|
|
||||||
};
|
|
|
@ -1,5 +1,5 @@
|
||||||
import { NextApiRequestQueryBody } from 'lib/types';
|
import { NextApiRequestQueryBody } from 'lib/types';
|
||||||
import { canUpdateTeam, canViewTeam } from 'lib/auth';
|
import { canDeleteTeamUser, canUpdateTeam, canViewTeam } from 'lib/auth';
|
||||||
import { useAuth } from 'lib/middleware';
|
import { useAuth } from 'lib/middleware';
|
||||||
import { NextApiResponse } from 'next';
|
import { NextApiResponse } from 'next';
|
||||||
import { badRequest, methodNotAllowed, ok, unauthorized } from 'next-basics';
|
import { badRequest, methodNotAllowed, ok, unauthorized } from 'next-basics';
|
||||||
|
@ -12,7 +12,7 @@ export interface TeamUserRequestQuery {
|
||||||
export interface TeamUserRequestBody {
|
export interface TeamUserRequestBody {
|
||||||
email: string;
|
email: string;
|
||||||
roleId: string;
|
roleId: string;
|
||||||
teamUserId?: string;
|
userId?: string;
|
||||||
}
|
}
|
||||||
|
|
||||||
export default async (
|
export default async (
|
||||||
|
@ -53,12 +53,13 @@ export default async (
|
||||||
}
|
}
|
||||||
|
|
||||||
if (req.method === 'DELETE') {
|
if (req.method === 'DELETE') {
|
||||||
if (await canUpdateTeam(req.auth, teamId)) {
|
const { userId } = req.body;
|
||||||
|
|
||||||
|
if (await canDeleteTeamUser(req.auth, teamId, userId)) {
|
||||||
return unauthorized(res, 'You must be the owner of this team.');
|
return unauthorized(res, 'You must be the owner of this team.');
|
||||||
}
|
}
|
||||||
const { teamUserId } = req.body;
|
|
||||||
|
|
||||||
await deleteTeamUser(teamUserId);
|
await deleteTeamUser(teamId, userId);
|
||||||
|
|
||||||
return ok(res);
|
return ok(res);
|
||||||
}
|
}
|
||||||
|
|
|
@ -62,23 +62,22 @@ export async function updateTeamUser(
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
export async function deleteTeamUser(teamUserId: string): Promise<TeamUser> {
|
export async function deleteTeamUser(teamId: string, userId: string): Promise<TeamUser> {
|
||||||
const { client, transaction } = prisma;
|
const { client, transaction } = prisma;
|
||||||
|
|
||||||
const teamUser = await getTeamUserById(teamUserId);
|
|
||||||
|
|
||||||
return transaction([
|
return transaction([
|
||||||
client.teamWebsite.deleteMany({
|
client.teamWebsite.deleteMany({
|
||||||
where: {
|
where: {
|
||||||
teamId: teamUser.teamId,
|
teamId: teamId,
|
||||||
website: {
|
website: {
|
||||||
userId: teamUser.userId,
|
userId: userId,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}),
|
}),
|
||||||
client.teamUser.deleteMany({
|
client.teamUser.deleteMany({
|
||||||
where: {
|
where: {
|
||||||
id: teamUserId,
|
teamId,
|
||||||
|
userId,
|
||||||
},
|
},
|
||||||
}),
|
}),
|
||||||
]);
|
]);
|
||||||
|
|
|
@ -32,7 +32,8 @@ function clickhouseQuery(websiteId: string, startAt: Date, eventType: number) {
|
||||||
session_id as sessionId,
|
session_id as sessionId,
|
||||||
created_at as createdAt,
|
created_at as createdAt,
|
||||||
toUnixTimestamp(created_at) as timestamp,
|
toUnixTimestamp(created_at) as timestamp,
|
||||||
url_path,
|
url_path as urlPath,
|
||||||
|
referrer_domain as referrerDomain,
|
||||||
event_name as eventName
|
event_name as eventName
|
||||||
from website_event
|
from website_event
|
||||||
where event_type = {eventType:UInt32}
|
where event_type = {eventType:UInt32}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user