umami/src/pages/api/teams/[teamId]/users/[userId].ts

import { canDeleteTeamUser, canUpdateTeam } from 'lib/auth';
import { useAuth, useValidate } from 'lib/middleware';
import { NextApiRequestQueryBody } from 'lib/types';
import { NextApiResponse } from 'next';
import { badRequest, methodNotAllowed, ok, unauthorized } from 'next-basics';
import { deleteTeamUser, getTeamUser, updateTeamUser } from 'queries';
import * as yup from 'yup';

export interface TeamUserRequestQuery {
  teamId: string;
  userId: string;
}

export interface TeamUserRequestBody {
  role: string;
}

const schema = {
  DELETE: yup.object().shape({
    teamId: yup.string().uuid().required(),
    userId: yup.string().uuid().required(),
  }),
  POST: yup.object().shape({
    role: yup
      .string()
      .matches(/team-member|team-view-only/i)
      .required(),
  }),
};

export default async (
  req: NextApiRequestQueryBody<TeamUserRequestQuery, TeamUserRequestBody>,
  res: NextApiResponse,
) => {
  await useAuth(req, res);
  await useValidate(schema, req, res);

  const { teamId, userId } = req.query;

  if (req.method === 'GET') {
    if (!(await canUpdateTeam(req.auth, teamId))) {
      return unauthorized(res, 'You must be the owner of this team.');
    }

    const teamUser = await getTeamUser(teamId, userId);

    return ok(res, teamUser);
  }

  if (req.method === 'POST') {
    if (!(await canUpdateTeam(req.auth, teamId))) {
      return unauthorized(res, 'You must be the owner of this team.');
    }

    const teamUser = await getTeamUser(teamId, userId);

    if (!teamUser) {
      return badRequest(res, 'The User does not exists on this team.');
    }

    const { role } = req.body;

    await updateTeamUser(teamUser.id, { role });

    return ok(res);
  }

  if (req.method === 'DELETE') {
    if (!(await canDeleteTeamUser(req.auth, teamId, userId))) {
      return unauthorized(res, 'You must be the owner of this team.');
    }

    const teamUser = await getTeamUser(teamId, userId);

    if (!teamUser) {
      return badRequest(res, 'The User does not exists on this team.');
    }

    await deleteTeamUser(teamId, userId);

    return ok(res);
  }

  return methodNotAllowed(res);
};
Add team user update. 2024-01-29 20:58:13 +00:00			`import { canDeleteTeamUser, canUpdateTeam } from 'lib/auth';`
Re-add user delete. 2024-01-26 19:39:27 +00:00			`import { useAuth, useValidate } from 'lib/middleware';`
			`import { NextApiRequestQueryBody } from 'lib/types';`
			`import { NextApiResponse } from 'next';`
Add team user update. 2024-01-29 20:58:13 +00:00			`import { badRequest, methodNotAllowed, ok, unauthorized } from 'next-basics';`
			`import { deleteTeamUser, getTeamUser, updateTeamUser } from 'queries';`
Re-add user delete. 2024-01-26 19:39:27 +00:00			`import * as yup from 'yup';`

			`export interface TeamUserRequestQuery {`
Renamed id routes for API. 2024-02-01 06:08:48 +00:00			`teamId: string;`
Re-add user delete. 2024-01-26 19:39:27 +00:00			`userId: string;`
			`}`

Add team user update. 2024-01-29 20:58:13 +00:00			`export interface TeamUserRequestBody {`
			`role: string;`
			`}`

Re-add user delete. 2024-01-26 19:39:27 +00:00			`const schema = {`
			`DELETE: yup.object().shape({`
Renamed id routes for API. 2024-02-01 06:08:48 +00:00			`teamId: yup.string().uuid().required(),`
Re-add user delete. 2024-01-26 19:39:27 +00:00			`userId: yup.string().uuid().required(),`
			`}),`
Add team user update. 2024-01-29 20:58:13 +00:00			`POST: yup.object().shape({`
			`role: yup`
			`.string()`
add team member edit and remove confirmation 2024-02-08 21:01:39 +00:00			`.matches(/team-member\|team-view-only/i)`
Add team user update. 2024-01-29 20:58:13 +00:00			`.required(),`
			`}),`
Re-add user delete. 2024-01-26 19:39:27 +00:00			`};`

Add team user update. 2024-01-29 20:58:13 +00:00			`export default async (`
			`req: NextApiRequestQueryBody<TeamUserRequestQuery, TeamUserRequestBody>,`
			`res: NextApiResponse,`
			`) => {`
Re-add user delete. 2024-01-26 19:39:27 +00:00			`await useAuth(req, res);`
			`await useValidate(schema, req, res);`

Renamed id routes for API. 2024-02-01 06:08:48 +00:00			`const { teamId, userId } = req.query;`
Add team user update. 2024-01-29 20:58:13 +00:00
Auto stash before merge of "dev" and "origin/dev" 2024-02-01 20:05:55 +00:00			`if (req.method === 'GET') {`
			`if (!(await canUpdateTeam(req.auth, teamId))) {`
			`return unauthorized(res, 'You must be the owner of this team.');`
			`}`

			`const teamUser = await getTeamUser(teamId, userId);`

			`return ok(res, teamUser);`
			`}`

Add team user update. 2024-01-29 20:58:13 +00:00			`if (req.method === 'POST') {`
			`if (!(await canUpdateTeam(req.auth, teamId))) {`
			`return unauthorized(res, 'You must be the owner of this team.');`
			`}`

			`const teamUser = await getTeamUser(teamId, userId);`

			`if (!teamUser) {`
			`return badRequest(res, 'The User does not exists on this team.');`
			`}`
Re-add user delete. 2024-01-26 19:39:27 +00:00
Add team user update. 2024-01-29 20:58:13 +00:00			`const { role } = req.body;`

			`await updateTeamUser(teamUser.id, { role });`

			`return ok(res);`
			`}`

			`if (req.method === 'DELETE') {`
Re-add user delete. 2024-01-26 19:39:27 +00:00			`if (!(await canDeleteTeamUser(req.auth, teamId, userId))) {`
			`return unauthorized(res, 'You must be the owner of this team.');`
			`}`

Add team user update. 2024-01-29 20:58:13 +00:00			`const teamUser = await getTeamUser(teamId, userId);`

			`if (!teamUser) {`
			`return badRequest(res, 'The User does not exists on this team.');`
			`}`

Re-add user delete. 2024-01-26 19:39:27 +00:00			`await deleteTeamUser(teamId, userId);`

			`return ok(res);`
			`}`

			`return methodNotAllowed(res);`
			`};`