From b6a1e45fcfcd194076694ad25d49fef69fe58d96 Mon Sep 17 00:00:00 2001 From: Thomas Ruoff Date: Wed, 16 Jun 2021 23:18:24 +0200 Subject: [PATCH] one api endpoint for admin/non-admin --- helpers/bill.ts | 4 +- helpers/booking.ts | 2 +- pages/api/admin/booking/[uuid]/index.ts | 57 -------------------- pages/api/{admin => }/booking/[uuid]/bill.ts | 0 pages/api/booking/[uuid]/index.ts | 42 +++++++++------ 5 files changed, 28 insertions(+), 77 deletions(-) delete mode 100644 pages/api/admin/booking/[uuid]/index.ts rename pages/api/{admin => }/booking/[uuid]/bill.ts (100%) diff --git a/helpers/bill.ts b/helpers/bill.ts index 36fc134..73e5f4e 100644 --- a/helpers/bill.ts +++ b/helpers/bill.ts @@ -75,7 +75,7 @@ export async function createBill( bookingUuid: string, bill: Bill ): Promise { - return fetch(`/api/admin/booking/${bookingUuid}/bill`, { + return fetch(`/api/booking/${bookingUuid}/bill`, { method: 'POST', body: bill, }) @@ -85,7 +85,7 @@ export async function patchBill( bookingUuid: string, bill: Bill ): Promise { - return fetch(`/api/admin/booking/${bookingUuid}/bill`, { + return fetch(`/api/booking/${bookingUuid}/bill`, { method: 'POST', body: bill, }) diff --git a/helpers/booking.ts b/helpers/booking.ts index e013944..ebaede5 100644 --- a/helpers/booking.ts +++ b/helpers/booking.ts @@ -31,7 +31,7 @@ export async function cancelBooking(uuid: string) { } export async function patchBooking(uuid: string, bookingData: object) { - return fetch(`/api/admin/booking/${uuid}`, { + return fetch(`/api/booking/${uuid}`, { method: 'PATCH', body: { ...bookingData }, }) diff --git a/pages/api/admin/booking/[uuid]/index.ts b/pages/api/admin/booking/[uuid]/index.ts deleted file mode 100644 index 49699de..0000000 --- a/pages/api/admin/booking/[uuid]/index.ts +++ /dev/null @@ -1,57 +0,0 @@ -import { BookingDocument } from '../../../../../db/booking' -import { getBookingByUUID } from '../../../../../db/index' -import withSession, { isAdminSession } from '../../../../../lib/session' -import { - sendBookingConfirmed, - sendBookingRejected, -} from '../../../../../helpers/mail' -import { BOOKING_STATUS } from '../../../../../db/enums' - -export default withSession(async function bookingHandler(req, res): Promise { - if (!isAdminSession(req)) { - res.status(403).send({ message: 'Not Authorized' }) - return - } - - const { - method, - query: { uuid: uuids }, - } = req - - const uuid = Array.isArray(uuids) ? uuids[0] : uuids - - let booking: BookingDocument - - switch (method) { - case 'PATCH': - booking = await getBookingByUUID(uuid) - - // FIXME: validate all the things - booking.set(req.body) - - const bookingStatusChanged = booking.isModified('status') - - await booking.save() - - await booking.populate('booker').execPopulate() - - res.status(200).json(booking.toJSON()) - - if (!bookingStatusChanged) { - return - } - - if (booking.status === BOOKING_STATUS.CONFIRMED) { - sendBookingConfirmed(booking) - console.log(`Booking ${booking.uuid} confirm sent`) - } else if (booking.status === BOOKING_STATUS.REJECTED) { - sendBookingRejected(booking) - console.log(`Booking ${booking.uuid} rejected sent`) - } - - break - default: - res.setHeader('Allow', ['PATCH']) - res.status(405).end(`Method ${method} Not Allowed`) - } -}) diff --git a/pages/api/admin/booking/[uuid]/bill.ts b/pages/api/booking/[uuid]/bill.ts similarity index 100% rename from pages/api/admin/booking/[uuid]/bill.ts rename to pages/api/booking/[uuid]/bill.ts diff --git a/pages/api/booking/[uuid]/index.ts b/pages/api/booking/[uuid]/index.ts index 0db5ee4..9e25de0 100644 --- a/pages/api/booking/[uuid]/index.ts +++ b/pages/api/booking/[uuid]/index.ts @@ -2,8 +2,9 @@ import { NextApiRequest, NextApiResponse } from 'next' import { BookingDocument } from '../../../../db/booking' import { BOOKING_STATUS } from '../../../../db/enums' import { getBookingByUUID } from '../../../../db/index' +import withSession, { isAdminSession } from '../../../../lib/session' -export default async function userHandler( +export default withSession(async function userHandler( req: NextApiRequest, res: NextApiResponse ): Promise { @@ -19,19 +20,21 @@ export default async function userHandler( switch (method) { case 'PATCH': booking = await getBookingByUUID(uuid) - const readonlyProps = Object.keys(req.body).filter( - (key) => key !== 'status' - ) - if (readonlyProps.length) { - res - .status(400) - .end( - `The following attributes cannot be changed: ${readonlyProps.join( - ', ' - )}` - ) - break + if (!isAdminSession(req)) { + const deniedPropsForUser = Object.keys(req.body).filter( + (key) => key !== 'status' + ) + if (deniedPropsForUser.length) { + res + .status(400) + .end( + `The following attributes cannot be changed: ${deniedPropsForUser.join( + ', ' + )}` + ) + break + } } if (!Object.values(BOOKING_STATUS).includes(req.body.status)) { @@ -45,12 +48,17 @@ export default async function userHandler( break } - booking.status = req.body.status - await booking.save() - res.status(200).json(booking.toJSON()) + booking.set(req.body) + try { + await booking.save() + await booking.populate('booker').execPopulate() + res.status(200).json(booking.toJSON()) + } catch (error) { + res.status(400).end(`Failed to save booking: ${error.message}`) + } break default: res.setHeader('Allow', ['PATCH']) res.status(405).end(`Method ${method} Not Allowed`) } -} +})