diff --git a/src/lib/auth.ts b/src/lib/auth.ts index 1757f05e..97e20d98 100644 --- a/src/lib/auth.ts +++ b/src/lib/auth.ts @@ -59,6 +59,10 @@ export async function canViewWebsite({ user, shareToken }: Auth, websiteId: stri return !!(await findTeamWebsiteByUserId(websiteId, user.id)); } +export async function canViewAllWebsite({ user }: Auth) { + return user.isAdmin; +} + export async function canCreateWebsite({ user, grant }: Auth) { if (cloudMode) { return !!grant?.find(a => a === PERMISSIONS.websiteCreate); diff --git a/src/lib/schema.ts b/src/lib/schema.ts index 739128b3..c09d262a 100644 --- a/src/lib/schema.ts +++ b/src/lib/schema.ts @@ -8,6 +8,6 @@ export const dateRange = { export const pageInfo = { query: yup.string(), page: yup.number().integer().positive(), - pageSize: yup.number().integer().positive().max(200), + pageSize: yup.number().integer().positive().min(1).max(200), orderBy: yup.string(), }; diff --git a/src/pages/api/websites/index.ts b/src/pages/api/websites/index.ts index b30681cf..099649fa 100644 --- a/src/pages/api/websites/index.ts +++ b/src/pages/api/websites/index.ts @@ -1,10 +1,10 @@ -import { canCreateWebsite } from 'lib/auth'; +import { canCreateWebsite, canViewAllWebsite } from 'lib/auth'; import { uuid } from 'lib/crypto'; import { useAuth, useCors, useValidate } from 'lib/middleware'; import { NextApiRequestQueryBody, SearchFilter } from 'lib/types'; import { NextApiResponse } from 'next'; import { methodNotAllowed, ok, unauthorized } from 'next-basics'; -import { createWebsite } from 'queries'; +import { createWebsite, getWebsites } from 'queries'; import userWebsites from 'pages/api/users/[id]/websites'; import * as yup from 'yup'; import { pageInfo } from 'lib/schema'; @@ -41,6 +41,30 @@ export default async ( } = req.auth; if (req.method === 'GET') { + if (canViewAllWebsite(req.auth)) { + const websites = getWebsites(req.query, { + include: { + teamWebsite: { + include: { + team: { + select: { + name: true, + }, + }, + }, + }, + user: { + select: { + username: true, + id: true, + }, + }, + }, + }); + + return ok(res, websites); + } + if (!req.query.id) { req.query.id = userId; }