tomru/pfadi-bussle
1
0
Fork 0
mirror of https://github.com/tomru/pfadi-bussle.git synced 2026-03-04 15:07:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

rip out all old auth data

Browse Source
This commit is contained in:
Thomas Ruoff
2021-10-02 01:03:02 +02:00
committed by Thomas Ruoff
parent b257bc8258
commit 0e84945ab4
8 changed files with 22 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
pages/api/bookings/[uuid]/bill.ts
View File

@@ -1,12 +1,7 @@
import { Bill } from '../../../../db/bill'
import { createBill, patchBill } from '../../../../db/index'
import withSession, { isAdminSession } from '../../../../lib/session'
export default withSession(async function billHandler(req, res): Promise<void> {
if (!isAdminSession(req)) {
res.status(403).send({ message: 'Not Authorized' })
return
}
export default async function billHandler(req, res): Promise<void> {
const {
method,
@@ -41,4 +36,4 @@ export default withSession(async function billHandler(req, res): Promise<void> {
res.setHeader('Allow', ['POST', 'PATCH'])
res.status(405).end(`Method ${method} Not Allowed`)
}
})
}

21
pages/api/bookings/[uuid]/index.ts
View File

@@ -2,9 +2,8 @@ import { NextApiRequest, NextApiResponse } from 'next'
import { BookingDocument } from '../../../../db/booking'
import { BOOKING_STATUS } from '../../../../db/enums'
import { getBookingByUUID } from '../../../../db/index'
import withSession, { isAdminSession } from '../../../../lib/session'
export default withSession(async function userHandler(
export default async function userHandler(
req: NextApiRequest,
res: NextApiResponse
): Promise<void> {
@@ -21,22 +20,6 @@ export default withSession(async function userHandler(
case 'PATCH':
booking = await getBookingByUUID(uuid)
if (!isAdminSession(req)) {
const deniedPropsForUser = Object.keys(req.body).filter(
(key) => key !== 'status'
)
if (deniedPropsForUser.length) {
res
.status(400)
.end(
`The following attributes cannot be changed: ${deniedPropsForUser.join(
', '
)}`
)
break
}
}
if (!Object.values(BOOKING_STATUS).includes(req.body.status)) {
res
.status(400)
@@ -60,4 +43,4 @@ export default withSession(async function userHandler(
res.setHeader('Allow', ['PATCH'])
res.status(405).end(`Method ${method} Not Allowed`)
}
})
}