Added new permission system

2024-07-24 18:52:02 +01:00
parent daa27e41b3
commit 19d16c9cef
14 changed files with 1071 additions and 263 deletions
--- a/src/pages/api/permissions/[id].ts
+++ b/src/pages/api/permissions/[id].ts
@@ -0,0 +1,30 @@
+// Next.js API route support: https://nextjs.org/docs/api-routes/introduction
+import type { NextApiRequest, NextApiResponse } from "next";
+import { app } from "@/firebase";
+import { getFirestore, doc, setDoc } from "firebase/firestore";
+import { withIronSessionApiRoute } from "iron-session/next";
+import { sessionOptions } from "@/lib/session";
+
+const db = getFirestore(app);
+
+export default withIronSessionApiRoute(handler, sessionOptions);
+
+async function handler(req: NextApiRequest, res: NextApiResponse) {
+  if (req.method === "PATCH") return patch(req, res);
+}
+
+async function patch(req: NextApiRequest, res: NextApiResponse) {
+  if (!req.session.user) {
+    res.status(401).json({ ok: false });
+    return;
+  }
+  const { id } = req.query as { id: string };
+  const { users } = req.body;
+  try {
+    await setDoc(doc(db, "permissions", id), { users }, { merge: true });
+    return res.status(200).json({ ok: true });
+  } catch (err) {
+    console.error(err);
+    return res.status(500).json({ ok: false });
+  }
+}
--- a/src/pages/api/permissions/bootstrap.ts
+++ b/src/pages/api/permissions/bootstrap.ts
@@ -0,0 +1,43 @@
+// Next.js API route support: https://nextjs.org/docs/api-routes/introduction
+import type { NextApiRequest, NextApiResponse } from "next";
+import { app } from "@/firebase";
+import {
+  getFirestore,
+  collection,
+  getDocs,
+  query,
+  where,
+  doc,
+  setDoc,
+  addDoc,
+  getDoc,
+  deleteDoc,
+} from "firebase/firestore";
+import { withIronSessionApiRoute } from "iron-session/next";
+import { sessionOptions } from "@/lib/session";
+import { Permission } from "@/interfaces/permissions";
+import { bootstrap } from "@/utils/permissions.be";
+
+const db = getFirestore(app);
+
+export default withIronSessionApiRoute(handler, sessionOptions);
+
+async function handler(req: NextApiRequest, res: NextApiResponse) {
+  if (req.method === "GET") return get(req, res);
+}
+
+async function get(req: NextApiRequest, res: NextApiResponse) {
+  if (!req.session.user) {
+    res.status(401).json({ ok: false });
+    return;
+  }
+
+  console.log("Boostrap");
+  try {
+    await bootstrap();
+    return res.status(200).json({ ok: true });
+  } catch (err) {
+    console.error("Failed to update permissions", err);
+    return res.status(500).json({ ok: false });
+  }
+}
--- a/src/pages/api/permissions/index.ts
+++ b/src/pages/api/permissions/index.ts
@@ -0,0 +1,36 @@
+// Next.js API route support: https://nextjs.org/docs/api-routes/introduction
+import type { NextApiRequest, NextApiResponse } from "next";
+import { app } from "@/firebase";
+import {
+  getFirestore,
+  collection,
+  getDocs,
+  query,
+  where,
+  doc,
+  setDoc,
+  addDoc,
+  getDoc,
+  deleteDoc,
+} from "firebase/firestore";
+import { withIronSessionApiRoute } from "iron-session/next";
+import { sessionOptions } from "@/lib/session";
+import { Permission } from "@/interfaces/permissions";
+import { getPermissions, getPermissionDocs } from "@/utils/permissions.be";
+
+const db = getFirestore(app);
+
+export default withIronSessionApiRoute(handler, sessionOptions);
+
+async function handler(req: NextApiRequest, res: NextApiResponse) {
+  if (req.method === "GET") return get(req, res);
+}
+
+async function get(req: NextApiRequest, res: NextApiResponse) {
+  if (!req.session.user) {
+    res.status(401).json({ ok: false });
+    return;
+  }
+  const docs = await getPermissionDocs();
+  res.status(200).json(docs);
+}
--- a/src/pages/api/user.ts
+++ b/src/pages/api/user.ts
@@ -1,11 +1,22 @@
-import {PERMISSIONS} from "@/constants/userPermissions";
-import {app, adminApp} from "@/firebase";
-import {Group, User} from "@/interfaces/user";
-import {sessionOptions} from "@/lib/session";
-import {collection, deleteDoc, doc, getDoc, getDocs, getFirestore, query, setDoc, where} from "firebase/firestore";
-import {getAuth} from "firebase-admin/auth";
-import {withIronSessionApiRoute} from "iron-session/next";
-import {NextApiRequest, NextApiResponse} from "next";
+import { PERMISSIONS } from "@/constants/userPermissions";
+import { app, adminApp } from "@/firebase";
+import { Group, User } from "@/interfaces/user";
+import { sessionOptions } from "@/lib/session";
+import {
+  collection,
+  deleteDoc,
+  doc,
+  getDoc,
+  getDocs,
+  getFirestore,
+  query,
+  setDoc,
+  where,
+} from "firebase/firestore";
+import { getAuth } from "firebase-admin/auth";
+import { withIronSessionApiRoute } from "iron-session/next";
+import { NextApiRequest, NextApiResponse } from "next";
+import { getPermissions, getPermissionDocs } from "@/utils/permissions.be";

 const db = getFirestore(app);
 const auth = getAuth(adminApp);
@@ -13,89 +24,132 @@ const auth = getAuth(adminApp);
 export default withIronSessionApiRoute(user, sessionOptions);

 async function user(req: NextApiRequest, res: NextApiResponse) {
-	if (req.method === "GET") return get(req, res);
-	if (req.method === "DELETE") return del(req, res);
+  if (req.method === "GET") return get(req, res);
+  if (req.method === "DELETE") return del(req, res);

-	res.status(404).json(undefined);
+  res.status(404).json(undefined);
 }

 async function del(req: NextApiRequest, res: NextApiResponse) {
-	if (!req.session.user) {
-		res.status(401).json({ok: false});
-		return;
-	}
+  if (!req.session.user) {
+    res.status(401).json({ ok: false });
+    return;
+  }

-	const {id} = req.query as {id: string};
+  const { id } = req.query as { id: string };

-	const docUser = await getDoc(doc(db, "users", req.session.user.id));
-	if (!docUser.exists()) {
-		res.status(401).json({ok: false});
-		return;
-	}
+  const docUser = await getDoc(doc(db, "users", req.session.user.id));
+  if (!docUser.exists()) {
+    res.status(401).json({ ok: false });
+    return;
+  }

-	const user = docUser.data() as User;
+  const user = docUser.data() as User;

-	const docTargetUser = await getDoc(doc(db, "users", id));
-	if (!docTargetUser.exists()) {
-		res.status(404).json({ok: false});
-		return;
-	}
+  const docTargetUser = await getDoc(doc(db, "users", id));
+  if (!docTargetUser.exists()) {
+    res.status(404).json({ ok: false });
+    return;
+  }

-	const targetUser = {...docTargetUser.data(), id: docTargetUser.id} as User;
+  const targetUser = { ...docTargetUser.data(), id: docTargetUser.id } as User;

-	if (user.type === "corporate" && (targetUser.type === "student" || targetUser.type === "teacher")) {
-		res.json({ok: true});
+  if (
+    user.type === "corporate" &&
+    (targetUser.type === "student" || targetUser.type === "teacher")
+  ) {
+    res.json({ ok: true });

-		const userParticipantGroup = await getDocs(query(collection(db, "groups"), where("participants", "array-contains", id)));
-		await Promise.all([
-			...userParticipantGroup.docs
-				.filter((x) => (x.data() as Group).admin === user.id)
-				.map(async (x) => await setDoc(x.ref, {participants: x.data().participants.filter((y: string) => y !== id)}, {merge: true})),
-		]);
+    const userParticipantGroup = await getDocs(
+      query(
+        collection(db, "groups"),
+        where("participants", "array-contains", id)
+      )
+    );
+    await Promise.all([
+      ...userParticipantGroup.docs
+        .filter((x) => (x.data() as Group).admin === user.id)
+        .map(
+          async (x) =>
+            await setDoc(
+              x.ref,
+              {
+                participants: x
+                  .data()
+                  .participants.filter((y: string) => y !== id),
+              },
+              { merge: true }
+            )
+        ),
+    ]);

-		return;
-	}
+    return;
+  }

-	const permission = PERMISSIONS.deleteUser[targetUser.type];
-	if (!permission.includes(user.type)) {
-		res.status(403).json({ok: false});
-		return;
-	}
+  const permission = PERMISSIONS.deleteUser[targetUser.type];
+  if (!permission.includes(user.type)) {
+    res.status(403).json({ ok: false });
+    return;
+  }

-	res.json({ok: true});
+  res.json({ ok: true });

-	await auth.deleteUser(id);
-	await deleteDoc(doc(db, "users", id));
-	const userCodeDocs = await getDocs(query(collection(db, "codes"), where("userId", "==", id)));
-	const userParticipantGroup = await getDocs(query(collection(db, "groups"), where("participants", "array-contains", id)));
-	const userGroupAdminDocs = await getDocs(query(collection(db, "groups"), where("admin", "==", id)));
-	const userStatsDocs = await getDocs(query(collection(db, "stats"), where("user", "==", id)));
+  await auth.deleteUser(id);
+  await deleteDoc(doc(db, "users", id));
+  const userCodeDocs = await getDocs(
+    query(collection(db, "codes"), where("userId", "==", id))
+  );
+  const userParticipantGroup = await getDocs(
+    query(collection(db, "groups"), where("participants", "array-contains", id))
+  );
+  const userGroupAdminDocs = await getDocs(
+    query(collection(db, "groups"), where("admin", "==", id))
+  );
+  const userStatsDocs = await getDocs(
+    query(collection(db, "stats"), where("user", "==", id))
+  );

-	await Promise.all([
-		...userCodeDocs.docs.map(async (x) => await deleteDoc(x.ref)),
-		...userGroupAdminDocs.docs.map(async (x) => await deleteDoc(x.ref)),
-		...userStatsDocs.docs.map(async (x) => await deleteDoc(x.ref)),
-		...userParticipantGroup.docs.map(
-			async (x) => await setDoc(x.ref, {participants: x.data().participants.filter((y: string) => y !== id)}, {merge: true}),
-		),
-	]);
+  await Promise.all([
+    ...userCodeDocs.docs.map(async (x) => await deleteDoc(x.ref)),
+    ...userGroupAdminDocs.docs.map(async (x) => await deleteDoc(x.ref)),
+    ...userStatsDocs.docs.map(async (x) => await deleteDoc(x.ref)),
+    ...userParticipantGroup.docs.map(
+      async (x) =>
+        await setDoc(
+          x.ref,
+          {
+            participants: x.data().participants.filter((y: string) => y !== id),
+          },
+          { merge: true }
+        )
+    ),
+  ]);
 }

 async function get(req: NextApiRequest, res: NextApiResponse) {
-	if (req.session.user) {
-		const docUser = await getDoc(doc(db, "users", req.session.user.id));
-		if (!docUser.exists()) {
-			res.status(401).json(undefined);
-			return;
-		}
+  if (req.session.user) {
+    const docUser = await getDoc(doc(db, "users", req.session.user.id));
+    if (!docUser.exists()) {
+      res.status(401).json(undefined);
+      return;
+    }

-		const user = docUser.data() as User;
+    const user = docUser.data() as User;
+	
+    const permissionDocs = await getPermissionDocs();

-		req.session.user = {...user, id: req.session.user.id};
-		await req.session.save();
+	const userWithPermissions = {
+		...user,
+		permissions: getPermissions(req.session.user.id, permissionDocs),
+	};
+    req.session.user = {
+      ...userWithPermissions,
+      id: req.session.user.id,
+    };
+    await req.session.save();

-		res.json({...user, id: req.session.user.id});
-	} else {
-		res.status(401).json(undefined);
-	}
+    res.json({ ...userWithPermissions, id: req.session.user.id });
+  } else {
+    res.status(401).json(undefined);
+  }
 }
--- a/src/pages/index.tsx
+++ b/src/pages/index.tsx
@@ -8,7 +8,6 @@ import {useEffect, useState} from "react";
 import useStats from "@/hooks/useStats";
 import {averageScore, groupBySession, totalExams} from "@/utils/stats";
 import useUser from "@/hooks/useUser";
-import Sidebar from "@/components/Sidebar";
 import Diagnostic from "@/components/Diagnostic";
 import {ToastContainer} from "react-toastify";
 import {capitalize} from "lodash";
--- a/src/pages/permissions/[id].tsx
+++ b/src/pages/permissions/[id].tsx
@@ -0,0 +1,190 @@
+/* eslint-disable @next/next/no-img-element */
+import Head from "next/head";
+import { useState } from "react";
+import { withIronSessionSsr } from "iron-session/next";
+import { sessionOptions } from "@/lib/session";
+import { shouldRedirectHome } from "@/utils/navigation.disabled";
+import { Permission, PermissionType } from "@/interfaces/permissions";
+import { getPermissionDoc } from "@/utils/permissions.be";
+import { User } from "@/interfaces/user";
+import Layout from "@/components/High/Layout";
+import { getUsers } from "@/utils/users.be";
+import { BsTrash } from "react-icons/bs";
+import Select from "@/components/Low/Select";
+import Button from "@/components/Low/Button";
+import axios from "axios";
+import { toast, ToastContainer } from "react-toastify";
+
+interface BasicUser {
+  id: string;
+  name: string;
+}
+
+interface PermissionWithBasicUsers {
+  id: string;
+  type: PermissionType;
+  users: BasicUser[];
+}
+
+export const getServerSideProps = withIronSessionSsr(async (context) => {
+  const { req, params } = context;
+  const user = req.session.user;
+
+  if (!user || !user.isVerified) {
+    return {
+      redirect: {
+        destination: "/login",
+        permanent: false,
+      },
+    };
+  }
+
+  if (shouldRedirectHome(user)) {
+    return {
+      redirect: {
+        destination: "/",
+        permanent: false,
+      },
+    };
+  }
+
+  if (!params?.id) {
+    return {
+      redirect: {
+        destination: "/permissions",
+        permanent: false,
+      },
+    };
+  }
+
+  // Fetch data from external API
+  const permission: Permission = await getPermissionDoc(params.id as string);
+
+  const allUserData: User[] = await getUsers();
+  const users = allUserData.map((u) => ({
+    id: u.id,
+    name: u.name,
+  })) as BasicUser[];
+
+  // const res = await fetch("api/permissions");
+  // const permissions: Permission[] = await res.json();
+  // Pass data to the page via props
+  const usersData: BasicUser[] = permission.users.reduce(
+    (acc: BasicUser[], userId) => {
+      const user = users.find((u) => u.id === userId) as BasicUser;
+      if (user) {
+        acc.push(user);
+      }
+      return acc;
+    },
+    []
+  );
+
+  return {
+    props: {
+      // permissions: permissions.map((p) => ({ id: p.id, type: p.type })),
+      permission: {
+        ...permission,
+        id: params.id,
+        users: usersData,
+      },
+      user: req.session.user,
+      users,
+    },
+  };
+}, sessionOptions);
+
+interface Props {
+  permission: PermissionWithBasicUsers;
+  user: User;
+  users: BasicUser[];
+}
+
+export default function Page(props: Props) {
+  console.log("Props", props);
+
+  const { permission, user, users } = props;
+
+  const [selectedUsers, setSelectedUsers] = useState<string[]>(() =>
+    permission.users.map((u) => u.id)
+  );
+
+  const onChange = (value: any) => {
+    console.log("value", value);
+    setSelectedUsers((prev) => {
+      if (value?.value) {
+        return [...prev, value?.value];
+      }
+      return prev;
+    });
+  };
+  const removeUser = (id: string) => {
+    setSelectedUsers((prev) => prev.filter((u) => u !== id));
+  };
+
+  const update = async () => {
+    console.log("update", selectedUsers);
+    try {
+      await axios.patch(`/api/permissions/${permission.id}`, {
+        users: selectedUsers,
+      });
+      toast.success("Permission updated");
+    } catch (err) {
+      toast.error("Failed to update permission");
+    }
+  };
+
+  return (
+    <>
+      <Head>
+        <title>EnCoach</title>
+        <meta
+          name="description"
+          content="A training platform for the IELTS exam provided by the Muscat Training Institute and developed by eCrop."
+        />
+        <meta name="viewport" content="width=device-width, initial-scale=1" />
+        <link rel="icon" href="/favicon.ico" />
+      </Head>
+      <ToastContainer />
+      <Layout user={user} className="gap-6">
+        <h1 className="text-2xl font-semibold">
+          Permission: {permission.type as string}
+        </h1>
+        <div className="flex gap-3">
+          <Select
+            value={null}
+            options={users
+              .filter((u) => !selectedUsers.includes(u.id))
+              .map((u) => ({
+                label: u.name,
+                value: u.id,
+              }))}
+            onChange={onChange}
+          />
+          <Button onClick={update}>Update</Button>
+        </div>
+        <div className="flex flex-col gap-3">
+          <h2>Blacklisted Users</h2>
+          <div className="flex gap-3 flex-wrap">
+            {selectedUsers.map((userId) => {
+              const name = users.find((u) => u.id === userId)?.name;
+              return (
+                <div
+                  className="flex p-4 rounded-xl w-auto bg-mti-purple-light text-white gap-4"
+                  key={userId}
+                >
+                  <span className="text-base">{name}</span>
+                  <BsTrash
+                    style={{ cursor: "pointer" }}
+                    onClick={() => removeUser(userId)}
+                    size={20}
+                  />
+                </div>
+              );
+            })}
+          </div>
+        </div>
+      </Layout>
+    </>
+  );
+}
--- a/src/pages/permissions/index.tsx
+++ b/src/pages/permissions/index.tsx
@@ -0,0 +1,94 @@
+/* eslint-disable @next/next/no-img-element */
+import Head from "next/head";
+import { withIronSessionSsr } from "iron-session/next";
+import { sessionOptions } from "@/lib/session";
+import { shouldRedirectHome } from "@/utils/navigation.disabled";
+import { Permission } from "@/interfaces/permissions";
+import { getPermissionDocs } from "@/utils/permissions.be";
+import { User } from "@/interfaces/user";
+import Layout from "@/components/High/Layout";
+import Link from "next/link";
+
+export const getServerSideProps = withIronSessionSsr(async ({ req }) => {
+  const user = req.session.user;
+
+  if (!user || !user.isVerified) {
+    return {
+      redirect: {
+        destination: "/login",
+        permanent: false,
+      },
+    };
+  }
+
+  if (shouldRedirectHome(user)) {
+    return {
+      redirect: {
+        destination: "/",
+        permanent: false,
+      },
+    };
+  }
+
+  // Fetch data from external API
+  const permissions: Permission[] = await getPermissionDocs();
+
+  console.log("Permissions", permissions);
+
+  // const res = await fetch("api/permissions");
+  // const permissions: Permission[] = await res.json();
+  // Pass data to the page via props
+  return {
+    props: {
+      // permissions: permissions.map((p) => ({ id: p.id, type: p.type })),
+      permissions: permissions.map((p) => {
+        const { users, ...rest } = p;
+        return rest;
+      }),
+      user: req.session.user,
+    },
+  };
+}, sessionOptions);
+
+interface Props {
+  permissions: Permission[];
+  user: User;
+}
+
+export default function Page(props: Props) {
+  console.log("Props", props);
+
+  const { permissions, user } = props;
+
+  return (
+    <>
+      <Head>
+        <title>EnCoach</title>
+        <meta
+          name="description"
+          content="A training platform for the IELTS exam provided by the Muscat Training Institute and developed by eCrop."
+        />
+        <meta name="viewport" content="width=device-width, initial-scale=1" />
+        <link rel="icon" href="/favicon.ico" />
+      </Head>
+      <Layout user={user} className="gap-6">
+        <h1 className="text-2xl font-semibold">Permissions</h1>
+        <div className="flex gap-3 flex-wrap">
+          {permissions.map((permission: Permission) => {
+            const id = permission.id as string;
+            const type = permission.type as string;
+            return (
+              <Link href={`/permissions/${id}`} key={id}>
+                <div className="card bg-primary text-primary-content">
+                  <div className="card-body">
+                    <h1 className="card-title">{type}</h1>
+                  </div>
+                </div>
+              </Link>
+            );
+          })}
+        </div>
+      </Layout>
+    </>
+  );
+}