Started implementing the roles permissions

src/pages/api/entities/index.ts

@@ -2,9 +2,10 @@
 import type {NextApiRequest, NextApiResponse} from "next";
 import {withIronSessionApiRoute} from "iron-session/next";
 import {sessionOptions} from "@/lib/session";
-import {getEntities, getEntitiesWithRoles} from "@/utils/entities.be";
+import {createEntity, getEntities, getEntitiesWithRoles} from "@/utils/entities.be";
 import {Entity} from "@/interfaces/entity";
 import {v4} from "uuid";
+import { requestUser } from "@/utils/api";
 
 export default withIronSessionApiRoute(handler, sessionOptions);
 
@@ -14,12 +15,9 @@ async function handler(req: NextApiRequest, res: NextApiResponse) {
 }
 
 async function get(req: NextApiRequest, res: NextApiResponse) {
-	if (!req.session.user) {
-		res.status(401).json({ok: false});
-		return;
-	}
+	const user = await requestUser(req, res)
+	if (!user) return res.status(401).json({ ok: false });
 
-	const user = req.session.user;
 	const {showRoles} = req.query as {showRoles: string};
 
 	const getFn = showRoles ? getEntitiesWithRoles : getEntities;
@@ -29,12 +27,9 @@ async function get(req: NextApiRequest, res: NextApiResponse) {
 }
 
 async function post(req: NextApiRequest, res: NextApiResponse) {
-	if (!req.session.user) {
-		res.status(401).json({ok: false});
-		return;
-	}
+	const user = await requestUser(req, res)
+	if (!user) return res.status(401).json({ ok: false });
 
-	const user = req.session.user;
 	if (!["admin", "developer"].includes(user.type)) {
 		return res.status(403).json({ok: false});
 	}
@@ -44,5 +39,6 @@ async function post(req: NextApiRequest, res: NextApiResponse) {
 		label: req.body.label,
 	};
 
+	await createEntity(entity)
 	return res.status(200).json(entity);
 }