devops/encoach_frontend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Made it so a corporate user is not able to generate more code than they are allowed to

Browse Source
This commit is contained in:
Tiago Ribeiro
2023-11-10 15:41:26 +00:00
parent 82643b51d3
commit 4328a1d72d
4 changed files with 26 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/pages/(admin)/BatchCodeGenerator.tsx
View File

@@ -63,12 +63,12 @@ export default function BatchCodeGenerator({user}: {user: User}) {
}
if (status === 403) {
toast.error(`You do not have permission to generate ${capitalize(type)} codes!`, {toastId: "forbidden"});
toast.error(data.reason, {toastId: "forbidden"});
}
})
.catch(({response: {status}}) => {
.catch(({response: {status, data}}) => {
if (status === 403) {
toast.error(`You do not have permission to generate ${capitalize(type)} codes!`, {toastId: "forbidden"});
toast.error(data.reason, {toastId: "forbidden"});
return;
}

6
src/pages/(admin)/CodeGenerator.tsx
View File

@@ -40,12 +40,12 @@ export default function CodeGenerator({user}: {user: User}) {
}
if (status === 403) {
toast.error(`You do not have permission to generate a ${capitalize(type)} code!`, {toastId: "forbidden"});
toast.error(data.reason, {toastId: "forbidden"});
}
})
.catch(({response: {status}}) => {
.catch(({response: {status, data}}) => {
if (status === 403) {
toast.error(`You do not have permission to generate a ${capitalize(type)} code!`, {toastId: "forbidden"});
toast.error(data.reason, {toastId: "forbidden"});
return;
}

22
src/pages/api/code.ts
View File

@@ -1,7 +1,7 @@
// Next.js API route support: https://nextjs.org/docs/api-routes/introduction
import type {NextApiRequest, NextApiResponse} from "next";
import {app} from "@/firebase";
import {getFirestore, setDoc, doc} from "firebase/firestore";
import {getFirestore, setDoc, doc, query, collection, where, getDocs} from "firebase/firestore";
import {withIronSessionApiRoute} from "iron-session/next";
import {sessionOptions} from "@/lib/session";
import {Type} from "@/interfaces/user";
@@ -15,7 +15,7 @@ export default withIronSessionApiRoute(handler, sessionOptions);
async function handler(req: NextApiRequest, res: NextApiResponse) {
if (!req.session.user) {
res.status(401).json({ok: false});
res.status(401).json({ok: false, reason: "You must be logged in to generate a code!"});
return;
}
@@ -23,10 +23,26 @@ async function handler(req: NextApiRequest, res: NextApiResponse) {
const permission = PERMISSIONS.generateCode[type];
if (!permission.includes(req.session.user.type)) {
res.status(403).json({ok: false});
res.status(403).json({ok: false, reason: "Your account type does not have permissions to generate a code for that type of user!"});
return;
}
if (req.session.user.type === "corporate") {
const codesGeneratedByUserSnapshot = await getDocs(query(collection(db, "codes"), where("creator", "==", req.session.user.id)));
const totalCodes = codesGeneratedByUserSnapshot.docs.length + codes.length;
const allowedCodes = req.session.user.corporateInformation?.companyInformation.userAmount || 0;
if (totalCodes > allowedCodes) {
res.status(403).json({
ok: false,
reason: `You have or would have exceeded your amount of allowed codes, you currently are allowed to generate ${
allowedCodes - codesGeneratedByUserSnapshot.docs.length
} codes.`,
});
return;
}
}
const codePromises = codes.map(async (code, index) => {
const codeRef = doc(db, "codes", code);
await setDoc(codeRef, {type, code, creator: req.session.user!.id, expiryDate});