Made it so a corporate user is not able to generate more code than they are allowed to

src/constants/userPermissions.ts

@@ -2,7 +2,7 @@ import {Type} from "@/interfaces/user";
 
 export const PERMISSIONS = {
 	generateCode: {
-		student: ["teacher", "corporate", "developer", "owner"],
+		student: ["corporate", "developer", "owner"],
 		teacher: ["corporate", "developer", "owner"],
 		corporate: ["owner", "developer"],
 		owner: ["developer", "owner"],

src/pages/(admin)/BatchCodeGenerator.tsx

@@ -63,12 +63,12 @@ export default function BatchCodeGenerator({user}: {user: User}) {
 				}
 
 				if (status === 403) {
-					toast.error(`You do not have permission to generate ${capitalize(type)} codes!`, {toastId: "forbidden"});
+					toast.error(data.reason, {toastId: "forbidden"});
 				}
 			})
-			.catch(({response: {status}}) => {
+			.catch(({response: {status, data}}) => {
 				if (status === 403) {
-					toast.error(`You do not have permission to generate ${capitalize(type)} codes!`, {toastId: "forbidden"});
+					toast.error(data.reason, {toastId: "forbidden"});
 					return;
 				}
 

src/pages/(admin)/CodeGenerator.tsx

@@ -40,12 +40,12 @@ export default function CodeGenerator({user}: {user: User}) {
 				}
 
 				if (status === 403) {
-					toast.error(`You do not have permission to generate a ${capitalize(type)} code!`, {toastId: "forbidden"});
+					toast.error(data.reason, {toastId: "forbidden"});
 				}
 			})
-			.catch(({response: {status}}) => {
+			.catch(({response: {status, data}}) => {
 				if (status === 403) {
-					toast.error(`You do not have permission to generate a ${capitalize(type)} code!`, {toastId: "forbidden"});
+					toast.error(data.reason, {toastId: "forbidden"});
 					return;
 				}
 

src/pages/api/code.ts

@@ -1,7 +1,7 @@
 // Next.js API route support: https://nextjs.org/docs/api-routes/introduction
 import type {NextApiRequest, NextApiResponse} from "next";
 import {app} from "@/firebase";
-import {getFirestore, setDoc, doc} from "firebase/firestore";
+import {getFirestore, setDoc, doc, query, collection, where, getDocs} from "firebase/firestore";
 import {withIronSessionApiRoute} from "iron-session/next";
 import {sessionOptions} from "@/lib/session";
 import {Type} from "@/interfaces/user";
@@ -15,7 +15,7 @@ export default withIronSessionApiRoute(handler, sessionOptions);
 
 async function handler(req: NextApiRequest, res: NextApiResponse) {
 	if (!req.session.user) {
-		res.status(401).json({ok: false});
+		res.status(401).json({ok: false, reason: "You must be logged in to generate a code!"});
 		return;
 	}
 
@@ -23,10 +23,26 @@ async function handler(req: NextApiRequest, res: NextApiResponse) {
 	const permission = PERMISSIONS.generateCode[type];
 
 	if (!permission.includes(req.session.user.type)) {
-		res.status(403).json({ok: false});
+		res.status(403).json({ok: false, reason: "Your account type does not have permissions to generate a code for that type of user!"});
 		return;
 	}
 
+	if (req.session.user.type === "corporate") {
+		const codesGeneratedByUserSnapshot = await getDocs(query(collection(db, "codes"), where("creator", "==", req.session.user.id)));
+		const totalCodes = codesGeneratedByUserSnapshot.docs.length + codes.length;
+		const allowedCodes = req.session.user.corporateInformation?.companyInformation.userAmount || 0;
+
+		if (totalCodes > allowedCodes) {
+			res.status(403).json({
+				ok: false,
+				reason: `You have or would have exceeded your amount of allowed codes, you currently are allowed to generate ${
+					allowedCodes - codesGeneratedByUserSnapshot.docs.length
+				} codes.`,
+			});
+			return;
+		}
+	}
+
 	const codePromises = codes.map(async (code, index) => {
 		const codeRef = doc(db, "codes", code);
 		await setDoc(codeRef, {type, code, creator: req.session.user!.id, expiryDate});