streaper2/afrobiz
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor admin functions in store to use active account - introduce admin middleware

Browse Source
This commit is contained in:
Michael Dausmann
2023-02-24 21:09:49 +11:00
parent f2b3a2617d
commit a341a641e8
6 changed files with 57 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
server/trpc/routers/user.account.router.ts
View File

@@ -1,5 +1,5 @@
import UserAccountService from '~~/lib/services/user.account.service';
import { protectedProcedure, router } from '../trpc'
import { protectedProcedure, router, adminProcedure } from '../trpc'
import { ACCOUNT_ACCESS } from '@prisma/client';
import { z } from 'zod';
@@ -10,7 +10,7 @@ export const userAccountRouter = router({
dbUser: ctx.dbUser,
}
}),
changeAccountPlan: protectedProcedure
changeAccountPlan: adminProcedure
.input(z.object({ account_id: z.number(), plan_id: z.number() }))
.query(async ({ ctx, input }) => {
const uaService = new UserAccountService(ctx.prisma);
@@ -19,16 +19,16 @@ export const userAccountRouter = router({
account,
}
}),
joinUserToAccount: protectedProcedure
.input(z.object({ account_id: z.number() }))
joinUserToAccount: adminProcedure
.input(z.object({ account_id: z.number(), user_id: z.number() }))
.query(async ({ ctx, input }) => {
const uaService = new UserAccountService(ctx.prisma);
const membership = (ctx.dbUser?.id)?await uaService.joinUserToAccount(ctx.dbUser?.id, input.account_id):null;
const membership = (ctx.dbUser?.id)?await uaService.joinUserToAccount(input.user_id, input.account_id):null;
return {
membership,
}
}),
changeUserAccessWithinAccount: protectedProcedure // TODO - should be protectedAdmin (i.e. ctx.dbUser.id should be admin within the session account)
changeUserAccessWithinAccount: adminProcedure
.input(z.object({ user_id: z.number(), account_id: z.number(), access: z.enum([ACCOUNT_ACCESS.ADMIN, ACCOUNT_ACCESS.OWNER, ACCOUNT_ACCESS.READ_ONLY, ACCOUNT_ACCESS.READ_WRITE]) }))
.query(async ({ ctx, input }) => {
const uaService = new UserAccountService(ctx.prisma);
@@ -37,7 +37,7 @@ export const userAccountRouter = router({
membership,
}
}),
claimOwnershipOfAccount: protectedProcedure // TODO - should be protectedAdmin (i.e. ctx.dbUser.id should be admin within the session account)
claimOwnershipOfAccount: adminProcedure
.input(z.object({ account_id: z.number() }))
.query(async ({ ctx, input }) => {
const uaService = new UserAccountService(ctx.prisma);
@@ -46,4 +46,4 @@ export const userAccountRouter = router({
membership,
}
}),
})
})

19
server/trpc/trpc.ts
View File

@@ -9,6 +9,8 @@
*/
import { initTRPC, TRPCError } from '@trpc/server'
import { Context } from './context';
import { z } from 'zod';
import { ACCOUNT_ACCESS } from '@prisma/client';
const t = initTRPC.context<Context>().create()
@@ -26,10 +28,27 @@ const isAuthed = t.middleware(({ next, ctx }) => {
});
});
const isAdminForInputAccountId = t.middleware(({ next, rawInput, ctx }) => {
if (!ctx.dbUser) {
throw new TRPCError({ code: 'UNAUTHORIZED' });
}
const result = z.object({ account_id: z.number() }).safeParse(rawInput);
if (!result.success) throw new TRPCError({ code: 'BAD_REQUEST' });
const { account_id } = result.data;
const test_membership = ctx.dbUser.memberships.find(membership => membership.account_id == account_id);
console.log(`isAdminForInputAccountId test_membership?.access:${test_membership?.access}`);
if(!test_membership || (test_membership?.access !== ACCOUNT_ACCESS.ADMIN && test_membership?.access !== ACCOUNT_ACCESS.OWNER)) {
throw new TRPCError({ code: 'UNAUTHORIZED' });
}
return next({ ctx });
});
/**
* Unprotected procedure
**/
export const publicProcedure = t.procedure;
export const protectedProcedure = t.procedure.use(isAuthed);
export const adminProcedure = protectedProcedure.use(isAdminForInputAccountId);
export const router = t.router;
export const middleware = t.middleware;