Open /websites endpoint to view all.

2024-11-22 01:46:58 +01:00 · 2023-12-03 19:52:40 -08:00 · 2023-12-03 19:52:40 -08:00 · 467790b67a
commit 467790b67a
parent b314cc88f5
3 changed files with 31 additions and 3 deletions
--- a/src/lib/auth.ts
+++ b/src/lib/auth.ts
@ -59,6 +59,10 @@ export async function canViewWebsite({ user, shareToken }: Auth, websiteId: stri
  return !!(await findTeamWebsiteByUserId(websiteId, user.id));
 }

+export async function canViewAllWebsite({ user }: Auth) {
+  return user.isAdmin;
+}
+
 export async function canCreateWebsite({ user, grant }: Auth) {
  if (cloudMode) {
    return !!grant?.find(a => a === PERMISSIONS.websiteCreate);
--- a/src/lib/schema.ts
+++ b/src/lib/schema.ts
@ -8,6 +8,6 @@ export const dateRange = {
 export const pageInfo = {
  query: yup.string(),
  page: yup.number().integer().positive(),
-  pageSize: yup.number().integer().positive().max(200),
+  pageSize: yup.number().integer().positive().min(1).max(200),
  orderBy: yup.string(),
 };
--- a/src/pages/api/websites/index.ts
+++ b/src/pages/api/websites/index.ts
@ -1,10 +1,10 @@
-import { canCreateWebsite } from 'lib/auth';
+import { canCreateWebsite, canViewAllWebsite } from 'lib/auth';
 import { uuid } from 'lib/crypto';
 import { useAuth, useCors, useValidate } from 'lib/middleware';
 import { NextApiRequestQueryBody, SearchFilter } from 'lib/types';
 import { NextApiResponse } from 'next';
 import { methodNotAllowed, ok, unauthorized } from 'next-basics';
-import { createWebsite } from 'queries';
+import { createWebsite, getWebsites } from 'queries';
 import userWebsites from 'pages/api/users/[id]/websites';
 import * as yup from 'yup';
 import { pageInfo } from 'lib/schema';
@ -41,6 +41,30 @@ export default async (
  } = req.auth;

  if (req.method === 'GET') {
+    if (canViewAllWebsite(req.auth)) {
+      const websites = getWebsites(req.query, {
+        include: {
+          teamWebsite: {
+            include: {
+              team: {
+                select: {
+                  name: true,
+                },
+              },
+            },
+          },
+          user: {
+            select: {
+              username: true,
+              id: true,
+            },
+          },
+        },
+      });
+
+      return ok(res, websites);
+    }
+
    if (!req.query.id) {
      req.query.id = userId;
    }