ENCOA-271

src/pages/api/code/entities.ts

@@ -0,0 +1,36 @@
+// Next.js API route support: https://nextjs.org/docs/api-routes/introduction
+import type { NextApiRequest, NextApiResponse } from "next";
+import client from "@/lib/mongodb";
+import { withIronSessionApiRoute } from "iron-session/next";
+import { sessionOptions } from "@/lib/session";
+import { Code, Group, Type } from "@/interfaces/user";
+import { PERMISSIONS } from "@/constants/userPermissions";
+import { prepareMailer, prepareMailOptions } from "@/email";
+import { isAdmin } from "@/utils/users";
+import { requestUser } from "@/utils/api";
+import { doesEntityAllow } from "@/utils/permissions";
+import { getEntity, getEntityWithRoles } from "@/utils/entities.be";
+import { findBy } from "@/utils";
+import { EntityWithRoles } from "@/interfaces/entity";
+
+const db = client.db(process.env.MONGODB_DB);
+
+export default withIronSessionApiRoute(handler, sessionOptions);
+
+async function handler(req: NextApiRequest, res: NextApiResponse) {
+	if (req.method === "GET") return get(req, res);
+
+	return res.status(404).json({ ok: false });
+}
+
+async function get(req: NextApiRequest, res: NextApiResponse) {
+	const user = await requestUser(req, res)
+	if (!user)
+		return res.status(401).json({ ok: false, reason: "You must be logged in!" })
+
+	const { entities } = req.query as { entities?: string[] };
+	if (entities)
+		return res.status(200).json(await db.collection("codes").find<Code>({ entity: { $in: entities } }).toArray());
+
+	return res.status(200).json(await db.collection("codes").find<Code>({}).toArray());
+}