mythic-insight/calcom
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 5

Fixed orphaning team event types (#1086)

Browse source
This commit is contained in:
Alex van Andel 2021-10-31 10:41:42 +00:00 committed by GitHub
parent 307856f8e6
commit b7435b5b93
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 30 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
pages/api/availability/eventtype.ts
View file

@ -1,4 +1,4 @@
import { EventTypeCustomInput, Prisma } from "@prisma/client"; import { Availability, EventTypeCustomInput, MembershipRole, Prisma } from "@prisma/client";
import type { NextApiRequest, NextApiResponse } from "next"; import type { NextApiRequest, NextApiResponse } from "next";
import { getSession } from "@lib/auth"; import { getSession } from "@lib/auth";
@ -61,6 +61,16 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
where: { id: req.body.id }, where: { id: req.body.id },
include: { include: {
users: true, users: true,
team: {
select: {
members: {
select: {
userId: true,
role: true,
},
},
},
},
}, },
}); });
@ -68,20 +78,29 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
return res.status(404).json({ message: "No event exists matching that id." }); return res.status(404).json({ message: "No event exists matching that id." });
} }
const isAuthorized = const isAuthorized = (function () {
event.userId === session.user.id || if (event.team) {
event.users.find((user) => { return event.team.members
return user.id === session.user?.id; .filter((member) => member.role === MembershipRole.OWNER)
}); .map((member) => member.userId)
.includes(session.user.id);
}
return (
event.userId === session.user.id ||
event.users.find((user) => {
return user.id === session.user?.id;
})
);
})();
if (!isAuthorized) { if (!isAuthorized) {
console.warn(`User ${session.user.id} attempted to an access an event ${event.id} they do not own.`); console.warn(`User ${session.user.id} attempted to an access an event ${event.id} they do not own.`);
return res.status(404).json({ message: "No event exists matching that id." }); return res.status(403).json({ message: "No event exists matching that id." });
} }
} }
if (req.method == "PATCH" || req.method == "POST") { if (req.method == "PATCH" || req.method == "POST") {
const data: Prisma.EventTypeUpdateInput = { const data: Prisma.EventTypeCreateInput | Prisma.EventTypeUpdateInput = {
title: req.body.title, title: req.body.title,
slug: req.body.slug.trim(), slug: req.body.slug.trim(),
description: req.body.description, description: req.body.description,
@ -119,10 +138,10 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
const eventType = await prisma.eventType.create({ const eventType = await prisma.eventType.create({
data: { data: {
...data, ...(data as Prisma.EventTypeCreateInput),
users: { users: {
connect: { connect: {
id: parseInt(session.user.id), id: session?.user?.id,
}, },
}, },
}, },
@ -154,7 +173,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
} }
Promise.all( Promise.all(
openingHours.map((schedule) => openingHours.map((schedule: Pick<Availability, "days" | "startTime" | "endTime">) =>
prisma.availability.create({ prisma.availability.create({
data: { data: {
eventTypeId: +req.body.id, eventTypeId: +req.body.id,