diff --git a/db/postgresql/schema.prisma b/db/postgresql/schema.prisma index d47b9d55..962d9a15 100644 --- a/db/postgresql/schema.prisma +++ b/db/postgresql/schema.prisma @@ -18,8 +18,7 @@ model User { groupUser GroupUser[] userRole UserRole[] teamUser TeamUser[] - Website Website? @relation(fields: [websiteId], references: [id]) - websiteId String? @db.Uuid + Website Website[] @@map("user") } @@ -52,8 +51,8 @@ model Website { createdAt DateTime? @default(now()) @map("created_at") @db.Timestamptz(6) isDeleted Boolean @default(false) @map("is_deleted") - team Team[] - user User[] + team Team? @relation(fields: [teamId], references: [id]) + user User? @relation(fields: [userId], references: [id]) @@index([createdAt]) @@index([shareId]) @@ -183,8 +182,7 @@ model Team { teamUsers TeamUser[] UserRole UserRole[] - Website Website? @relation(fields: [websiteId], references: [id]) - websiteId String? @db.Uuid + Website Website[] @@map("team") } diff --git a/pages/api/teams/[id]/user.ts b/pages/api/teams/[id]/user.ts index 529f0195..8a0bb98b 100644 --- a/pages/api/teams/[id]/user.ts +++ b/pages/api/teams/[id]/user.ts @@ -4,8 +4,8 @@ import { UmamiApi } from 'lib/constants'; import { uuid } from 'lib/crypto'; import { useAuth } from 'lib/middleware'; import { NextApiResponse } from 'next'; -import { methodNotAllowed, ok, unauthorized } from 'next-basics'; -import { createTeamUser, deleteTeamUser, getUsersByTeamId } from 'queries'; +import { badRequest, methodNotAllowed, ok, unauthorized } from 'next-basics'; +import { createTeamUser, deleteTeamUser, getUsersByTeamId, getTeamUser } from 'queries'; export interface TeamUserRequestQuery { id: string; @@ -41,6 +41,13 @@ export default async ( const { user_id: userId } = req.body; + // Check for TeamUser + const teamUser = getTeamUser({ userId, teamId }); + + if (!teamUser) { + return badRequest(res, 'The User already exists on this Team.'); + } + const updated = await createTeamUser({ id: uuid(), userId, teamId }); return ok(res, updated); @@ -50,7 +57,6 @@ export default async ( if (!(await allowQuery(req, UmamiApi.AuthType.TeamOwner))) { return unauthorized(res, 'You must be the owner of this team.'); } - const { team_user_id } = req.body; await deleteTeamUser(team_user_id); diff --git a/pages/api/users/[id]/role.ts b/pages/api/users/[id]/role.ts index aab90ebd..fe3dcbd4 100644 --- a/pages/api/users/[id]/role.ts +++ b/pages/api/users/[id]/role.ts @@ -42,7 +42,6 @@ export default async ( if (req.method === 'POST') { const { roleId, teamId } = req.body; - // Check when userRolename changes const userRole = getUserRole({ userId: id, roleId, teamId }); if (userRole) { @@ -57,13 +56,6 @@ export default async ( if (req.method === 'DELETE') { const { userRoleId } = req.body; - // Check when userRolename changes - const userRole = getUserRole({ id: userRoleId }); - - if (userRole) { - return badRequest(res, 'Role already exists for User.'); - } - const updated = await deleteUserRole(userRoleId); return ok(res, updated); diff --git a/pages/api/websites/index.ts b/pages/api/websites/index.ts index 50469efb..85da6c10 100644 --- a/pages/api/websites/index.ts +++ b/pages/api/websites/index.ts @@ -5,6 +5,8 @@ import { useAuth, useCors } from 'lib/middleware'; import { NextApiResponse } from 'next'; import { methodNotAllowed, ok } from 'next-basics'; import { createWebsite, getAllWebsites, getWebsitesByUserId } from 'queries'; +import { checkPermission } from 'lib/auth'; +import { UmamiApi } from 'lib/constants'; export interface WebsitesRequestQuery { include_all?: boolean; @@ -25,12 +27,14 @@ export default async ( await useAuth(req, res); const { - user: { id: userId, isAdmin }, + user: { id: userId }, } = req.auth; if (req.method === 'GET') { const { include_all } = req.query; + const isAdmin = await checkPermission(req, UmamiApi.Permission.Admin); + const websites = isAdmin && include_all ? await getAllWebsites() : await getWebsitesByUserId(userId);