umami/pages/api/teams/[id]/index.ts
Brian Cao 561cde6e7e
Add admin check. (#1716)
* Add admin check.

* Fix teamId check.
2022-12-27 15:18:58 -08:00

59 lines
1.4 KiB
TypeScript

import { Team } from '@prisma/client';
import { NextApiRequestQueryBody } from 'lib/types';
import { canDeleteTeam, canUpdateTeam, canViewTeam } from 'lib/auth';
import { useAuth } from 'lib/middleware';
import { NextApiResponse } from 'next';
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
import { deleteTeam, getTeam, updateTeam } from 'queries';
export interface TeamRequestQuery {
id: string;
}
export interface TeamRequestBody {
name: string;
}
export default async (
req: NextApiRequestQueryBody<TeamRequestQuery, TeamRequestBody>,
res: NextApiResponse<Team>,
) => {
await useAuth(req, res);
const { id: teamId } = req.query;
if (req.method === 'GET') {
if (!(await canViewTeam(req.auth, teamId))) {
return unauthorized(res);
}
const user = await getTeam({ id: teamId });
return ok(res, user);
}
if (req.method === 'POST') {
const { name } = req.body;
if (!(await canUpdateTeam(req.auth, teamId))) {
return unauthorized(res, 'You must be the owner of this team.');
}
const updated = await updateTeam({ name }, { id: teamId });
return ok(res, updated);
}
if (req.method === 'DELETE') {
if (!(await canDeleteTeam(req.auth, teamId))) {
return unauthorized(res, 'You must be the owner of this team.');
}
await deleteTeam(teamId);
return ok(res);
}
return methodNotAllowed(res);
};