enable member deletion and reject pending + bugs
This commit is contained in:
Michael Dausmann
@@ -1,4 +1,5 @@
|
||||
import { router, adminProcedure, publicProcedure, protectedProcedure } from '../trpc'
|
||||
import { TRPCError } from '@trpc/server';
|
||||
import { router, adminProcedure, publicProcedure, protectedProcedure, ownerProcedure } from '../trpc'
|
||||
import { ACCOUNT_ACCESS } from '@prisma/client';
|
||||
import { z } from 'zod';
|
||||
import AccountService from '~~/lib/services/account.service';
|
||||
@@ -23,6 +24,10 @@ export const accountRouter = router({
|
||||
changeActiveAccount: protectedProcedure
|
||||
.input(z.object({ account_id: z.number() }))
|
||||
.mutation(async ({ ctx, input }) => {
|
||||
const activeMembership = ctx.dbUser?.memberships.find(membership => membership.account_id == input.account_id);
|
||||
if(activeMembership?.pending){
|
||||
throw new TRPCError({ code: 'BAD_REQUEST', message:`membership ${activeMembership?.id} is not active so cannot be switched to` });
|
||||
}
|
||||
ctx.activeAccountId = input.account_id;
|
||||
setCookie(ctx.event, 'preferred-active-account-id', input.account_id.toString(), {expires: new Date(Date.now() + 1000 * 60 * 60 * 24 * 365 * 10)});
|
||||
}),
|
||||
@@ -70,6 +75,24 @@ export const accountRouter = router({
|
||||
membership,
|
||||
}
|
||||
}),
|
||||
rejectPendingMembership: adminProcedure
|
||||
.input(z.object({ membership_id: z.number() }))
|
||||
.query(async ({ ctx, input }) => {
|
||||
const accountService = new AccountService();
|
||||
const membership: MembershipWithAccount = await accountService.deleteMembership(ctx.activeAccountId!, input.membership_id);
|
||||
return {
|
||||
membership,
|
||||
}
|
||||
}),
|
||||
deleteMembership: ownerProcedure
|
||||
.input(z.object({ membership_id: z.number() }))
|
||||
.query(async ({ ctx, input }) => {
|
||||
const accountService = new AccountService();
|
||||
const membership: MembershipWithAccount = await accountService.deleteMembership(ctx.activeAccountId!, input.membership_id);
|
||||
return {
|
||||
membership,
|
||||
}
|
||||
}),
|
||||
changeUserAccessWithinAccount: adminProcedure
|
||||
.input(z.object({ user_id: z.number(), access: z.enum([ACCOUNT_ACCESS.ADMIN, ACCOUNT_ACCESS.OWNER, ACCOUNT_ACCESS.READ_ONLY, ACCOUNT_ACCESS.READ_WRITE]) }))
|
||||
.mutation(async ({ ctx, input }) => {
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
import NotesService from '~~/lib/services/notes.service';
|
||||
import { protectedProcedure, publicProcedure, router } from '../trpc';
|
||||
import { memberProcedure, protectedProcedure, publicProcedure, router } from '../trpc';
|
||||
import { z } from 'zod';
|
||||
|
||||
export const notesRouter = router({
|
||||
getForCurrentUser: protectedProcedure
|
||||
getForCurrentUser: memberProcedure
|
||||
.query(async ({ ctx, input }) => {
|
||||
const notesService = new NotesService();
|
||||
const notes = (ctx.activeAccountId)?await notesService.getNotesForAccountId(ctx.activeAccountId):[];
|
||||
@@ -20,7 +20,7 @@ export const notesRouter = router({
|
||||
note,
|
||||
}
|
||||
}),
|
||||
createNote: protectedProcedure
|
||||
createNote: memberProcedure
|
||||
.input(z.object({ note_text: z.string() }))
|
||||
.mutation(async ({ ctx, input }) => {
|
||||
const notesService = new NotesService();
|
||||
@@ -29,7 +29,7 @@ export const notesRouter = router({
|
||||
note,
|
||||
}
|
||||
}),
|
||||
deleteNote: protectedProcedure
|
||||
deleteNote: memberProcedure
|
||||
.input(z.object({ note_id: z.number() }))
|
||||
.mutation(async ({ ctx, input }) => {
|
||||
const notesService = new NotesService();
|
||||
|
||||
@@ -30,6 +30,18 @@ const isAuthed = t.middleware(({ next, ctx }) => {
|
||||
});
|
||||
});
|
||||
|
||||
const isMemberForInputAccountId = t.middleware(({ next, rawInput, ctx }) => {
|
||||
if (!ctx.dbUser || !ctx.activeAccountId) {
|
||||
throw new TRPCError({ code: 'UNAUTHORIZED' });
|
||||
}
|
||||
const activeMembership = ctx.dbUser.memberships.find(membership => membership.account_id == ctx.activeAccountId);
|
||||
if(!activeMembership || activeMembership.pending) {
|
||||
throw new TRPCError({ code: 'UNAUTHORIZED', message:`membership ${activeMembership?.id} is not active` });
|
||||
}
|
||||
|
||||
return next({ ctx });
|
||||
});
|
||||
|
||||
const isAdminForInputAccountId = t.middleware(({ next, rawInput, ctx }) => {
|
||||
if (!ctx.dbUser || !ctx.activeAccountId) {
|
||||
throw new TRPCError({ code: 'UNAUTHORIZED' });
|
||||
@@ -42,11 +54,25 @@ const isAdminForInputAccountId = t.middleware(({ next, rawInput, ctx }) => {
|
||||
return next({ ctx });
|
||||
});
|
||||
|
||||
const isOwnerForInputAccountId = t.middleware(({ next, rawInput, ctx }) => {
|
||||
if (!ctx.dbUser || !ctx.activeAccountId) {
|
||||
throw new TRPCError({ code: 'UNAUTHORIZED' });
|
||||
}
|
||||
const activeMembership = ctx.dbUser.memberships.find(membership => membership.account_id == ctx.activeAccountId);
|
||||
if(!activeMembership || activeMembership?.access !== ACCOUNT_ACCESS.OWNER) {
|
||||
throw new TRPCError({ code: 'UNAUTHORIZED', message:`activeMembership ${activeMembership?.id} is only ${activeMembership?.access}` });
|
||||
}
|
||||
|
||||
return next({ ctx });
|
||||
});
|
||||
|
||||
/**
|
||||
* Procedures
|
||||
**/
|
||||
export const publicProcedure = t.procedure;
|
||||
export const protectedProcedure = t.procedure.use(isAuthed);
|
||||
export const memberProcedure = protectedProcedure.use(isMemberForInputAccountId);
|
||||
export const adminProcedure = protectedProcedure.use(isAdminForInputAccountId);
|
||||
export const ownerProcedure = protectedProcedure.use(isOwnerForInputAccountId);
|
||||
export const router = t.router;
|
||||
export const middleware = t.middleware;
|
||||
|
||||
Reference in New Issue
Block a user