one api endpoint for admin/non-admin

pages/api/admin/booking/[uuid]/index.ts

@@ -1,57 +0,0 @@
-import { BookingDocument } from '../../../../../db/booking'
-import { getBookingByUUID } from '../../../../../db/index'
-import withSession, { isAdminSession } from '../../../../../lib/session'
-import {
-  sendBookingConfirmed,
-  sendBookingRejected,
-} from '../../../../../helpers/mail'
-import { BOOKING_STATUS } from '../../../../../db/enums'
-
-export default withSession(async function bookingHandler(req, res): Promise<void> {
-  if (!isAdminSession(req)) {
-    res.status(403).send({ message: 'Not Authorized' })
-    return
-  }
-
-  const {
-    method,
-    query: { uuid: uuids },
-  } = req
-
-  const uuid = Array.isArray(uuids) ? uuids[0] : uuids
-
-  let booking: BookingDocument
-
-  switch (method) {
-    case 'PATCH':
-      booking = await getBookingByUUID(uuid)
-
-      // FIXME: validate all the things
-      booking.set(req.body)
-
-      const bookingStatusChanged = booking.isModified('status')
-
-      await booking.save()
-
-      await booking.populate('booker').execPopulate()
-
-      res.status(200).json(booking.toJSON())
-
-      if (!bookingStatusChanged) {
-        return
-      }
-
-      if (booking.status === BOOKING_STATUS.CONFIRMED) {
-        sendBookingConfirmed(booking)
-        console.log(`Booking ${booking.uuid} confirm sent`)
-      } else if (booking.status === BOOKING_STATUS.REJECTED) {
-        sendBookingRejected(booking)
-        console.log(`Booking ${booking.uuid} rejected sent`)
-      }
-
-      break
-    default:
-      res.setHeader('Allow', ['PATCH'])
-      res.status(405).end(`Method ${method} Not Allowed`)
-  }
-})

pages/api/booking/[uuid]/index.ts

@@ -2,8 +2,9 @@ import { NextApiRequest, NextApiResponse } from 'next'
 import { BookingDocument } from '../../../../db/booking'
 import { BOOKING_STATUS } from '../../../../db/enums'
 import { getBookingByUUID } from '../../../../db/index'
+import withSession, { isAdminSession } from '../../../../lib/session'
 
-export default async function userHandler(
+export default withSession(async function userHandler(
   req: NextApiRequest,
   res: NextApiResponse
 ): Promise<void> {
@@ -19,19 +20,21 @@ export default async function userHandler(
   switch (method) {
     case 'PATCH':
       booking = await getBookingByUUID(uuid)
-      const readonlyProps = Object.keys(req.body).filter(
-        (key) => key !== 'status'
-      )
 
-      if (readonlyProps.length) {
-        res
-          .status(400)
-          .end(
-            `The following attributes cannot be changed: ${readonlyProps.join(
-              ', '
-            )}`
-          )
-        break
+      if (!isAdminSession(req)) {
+        const deniedPropsForUser = Object.keys(req.body).filter(
+          (key) => key !== 'status'
+        )
+        if (deniedPropsForUser.length) {
+          res
+            .status(400)
+            .end(
+              `The following attributes cannot be changed: ${deniedPropsForUser.join(
+                ', '
+              )}`
+            )
+          break
+        }
       }
 
       if (!Object.values(BOOKING_STATUS).includes(req.body.status)) {
@@ -45,12 +48,17 @@ export default async function userHandler(
         break
       }
 
-      booking.status = req.body.status
-      await booking.save()
-      res.status(200).json(booking.toJSON())
+      booking.set(req.body)
+      try {
+        await booking.save()
+        await booking.populate('booker').execPopulate()
+        res.status(200).json(booking.toJSON())
+      } catch (error) {
+        res.status(400).end(`Failed to save booking: ${error.message}`)
+      }
       break
     default:
       res.setHeader('Allow', ['PATCH'])
       res.status(405).end(`Method ${method} Not Allowed`)
   }
-}
+})