Merge branch 'group-entity-permissions-revamping' into develop
This commit is contained in:
Tiago Ribeiro
@@ -4,7 +4,6 @@ import client from "@/lib/mongodb";
|
||||
import {withIronSessionApiRoute} from "iron-session/next";
|
||||
import {sessionOptions} from "@/lib/session";
|
||||
|
||||
|
||||
const db = client.db(process.env.MONGODB_DB);
|
||||
|
||||
export default withIronSessionApiRoute(handler, sessionOptions);
|
||||
@@ -25,7 +24,7 @@ async function handler(req: NextApiRequest, res: NextApiResponse) {
|
||||
async function GET(req: NextApiRequest, res: NextApiResponse) {
|
||||
const {id} = req.query;
|
||||
|
||||
const snapshot = await db.collection("assignments").findOne({ id: id as string });
|
||||
const snapshot = await db.collection("assignments").findOne({id: id as string});
|
||||
|
||||
if (snapshot) {
|
||||
res.status(200).json({...snapshot, id: snapshot.id});
|
||||
@@ -35,9 +34,7 @@ async function GET(req: NextApiRequest, res: NextApiResponse) {
|
||||
async function DELETE(req: NextApiRequest, res: NextApiResponse) {
|
||||
const {id} = req.query;
|
||||
|
||||
await db.collection("assignments").deleteOne(
|
||||
{ id: id as string }
|
||||
);
|
||||
await db.collection("assignments").deleteOne({id});
|
||||
|
||||
res.status(200).json({ok: true});
|
||||
}
|
||||
@@ -45,10 +42,7 @@ async function DELETE(req: NextApiRequest, res: NextApiResponse) {
|
||||
async function PATCH(req: NextApiRequest, res: NextApiResponse) {
|
||||
const {id} = req.query;
|
||||
|
||||
await db.collection("assignments").updateOne(
|
||||
{ id: id as string },
|
||||
{ $set: {assigner: req.session.user?.id, ...req.body} }
|
||||
);
|
||||
await db.collection("assignments").updateOne({id: id as string}, {$set: {assigner: req.session.user?.id, ...req.body}});
|
||||
|
||||
res.status(200).json({ok: true});
|
||||
}
|
||||
|
||||
@@ -128,8 +128,10 @@ async function POST(req: NextApiRequest, res: NextApiResponse) {
|
||||
return;
|
||||
}
|
||||
|
||||
const id = uuidv4();
|
||||
|
||||
await db.collection("assignments").insertOne({
|
||||
id: uuidv4(),
|
||||
id,
|
||||
assigner: req.session.user?.id,
|
||||
assignees,
|
||||
results: [],
|
||||
@@ -138,11 +140,10 @@ async function POST(req: NextApiRequest, res: NextApiResponse) {
|
||||
...body,
|
||||
});
|
||||
|
||||
res.status(200).json({ok: true});
|
||||
res.status(200).json({ok: true, id});
|
||||
|
||||
for (const assigneeID of assignees) {
|
||||
|
||||
const assignee = await db.collection("users").findOne<User>({ id: assigneeID });
|
||||
const assignee = await db.collection("users").findOne<User>({id: assigneeID});
|
||||
if (!assignee) continue;
|
||||
|
||||
const name = body.name;
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
import type {NextApiRequest, NextApiResponse} from "next";
|
||||
import {withIronSessionApiRoute} from "iron-session/next";
|
||||
import {sessionOptions} from "@/lib/session";
|
||||
import type { NextApiRequest, NextApiResponse } from "next";
|
||||
import { withIronSessionApiRoute } from "iron-session/next";
|
||||
import { sessionOptions } from "@/lib/session";
|
||||
import { FirebaseScrypt } from 'firebase-scrypt';
|
||||
import { firebaseAuthScryptParams } from "@/firebase";
|
||||
import crypto from 'crypto';
|
||||
@@ -9,53 +9,58 @@ import axios from "axios";
|
||||
export default withIronSessionApiRoute(handler, sessionOptions);
|
||||
|
||||
async function handler(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (req.method === "POST") return post(req, res);
|
||||
if (req.method === "POST") return post(req, res);
|
||||
|
||||
return res.status(404).json({ok: false});
|
||||
return res.status(404).json({ ok: false });
|
||||
}
|
||||
|
||||
async function post(req: NextApiRequest, res: NextApiResponse) {
|
||||
const maker = req.session.user;
|
||||
if (!maker) {
|
||||
return res.status(401).json({ok: false, reason: "You must be logged in to make user!"});
|
||||
}
|
||||
const maker = req.session.user;
|
||||
if (!maker) {
|
||||
return res.status(401).json({ ok: false, reason: "You must be logged in to make user!" });
|
||||
}
|
||||
|
||||
const scrypt = new FirebaseScrypt(firebaseAuthScryptParams)
|
||||
const scrypt = new FirebaseScrypt(firebaseAuthScryptParams)
|
||||
|
||||
const users = req.body.users as {
|
||||
email: string;
|
||||
name: string;
|
||||
type: string;
|
||||
passport_id: string;
|
||||
groupName?: string;
|
||||
corporate?: string;
|
||||
studentID?: string;
|
||||
expiryDate?: string;
|
||||
demographicInformation: {
|
||||
country?: string;
|
||||
passport_id?: string;
|
||||
phone: string;
|
||||
};
|
||||
passwordHash: string | undefined;
|
||||
passwordSalt: string | undefined;
|
||||
}[];
|
||||
const users = req.body.users as {
|
||||
email: string;
|
||||
name: string;
|
||||
type: string;
|
||||
passport_id: string;
|
||||
groupName?: string;
|
||||
corporate?: string;
|
||||
studentID?: string;
|
||||
expiryDate?: string;
|
||||
demographicInformation: {
|
||||
country?: string;
|
||||
passport_id?: string;
|
||||
phone: string;
|
||||
};
|
||||
entity?: string
|
||||
entities: { id: string, role: string }[]
|
||||
passwordHash: string | undefined;
|
||||
passwordSalt: string | undefined;
|
||||
}[];
|
||||
|
||||
const usersWithPasswordHashes = await Promise.all(users.map(async (user) => {
|
||||
const currentUser = { ...user };
|
||||
const salt = crypto.randomBytes(16).toString('base64');
|
||||
const hash = await scrypt.hash(user.passport_id, salt);
|
||||
|
||||
currentUser.email = currentUser.email.toLowerCase();
|
||||
currentUser.passwordHash = hash;
|
||||
currentUser.passwordSalt = salt;
|
||||
return currentUser;
|
||||
}));
|
||||
|
||||
const backendRequest = await axios.post(`${process.env.BACKEND_URL}/batch_users`, { makerID: maker.id, users: usersWithPasswordHashes }, {
|
||||
headers: {
|
||||
Authorization: `Bearer ${process.env.BACKEND_JWT}`,
|
||||
},
|
||||
});
|
||||
const usersWithPasswordHashes = await Promise.all(users.map(async (user) => {
|
||||
const currentUser = { ...user };
|
||||
const salt = crypto.randomBytes(16).toString('base64');
|
||||
const hash = await scrypt.hash(user.passport_id, salt);
|
||||
|
||||
return res.status(backendRequest.status).json(backendRequest.data)
|
||||
currentUser.entities = [{ id: currentUser.entity!, role: "90ce8f08-08c8-41e4-9848-f1500ddc3930" }]
|
||||
delete currentUser.entity
|
||||
|
||||
currentUser.email = currentUser.email.toLowerCase();
|
||||
currentUser.passwordHash = hash;
|
||||
currentUser.passwordSalt = salt;
|
||||
return currentUser;
|
||||
}));
|
||||
|
||||
const backendRequest = await axios.post(`${process.env.BACKEND_URL}/batch_users`, { makerID: maker.id, users: usersWithPasswordHashes }, {
|
||||
headers: {
|
||||
Authorization: `Bearer ${process.env.BACKEND_JWT}`,
|
||||
},
|
||||
});
|
||||
|
||||
return res.status(backendRequest.status).json(backendRequest.data)
|
||||
}
|
||||
|
||||
59
src/pages/api/entities/[id]/index.ts
Normal file
59
src/pages/api/entities/[id]/index.ts
Normal file
@@ -0,0 +1,59 @@
|
||||
// Next.js API route support: https://nextjs.org/docs/api-routes/introduction
|
||||
import type {NextApiRequest, NextApiResponse} from "next";
|
||||
import {withIronSessionApiRoute} from "iron-session/next";
|
||||
import {sessionOptions} from "@/lib/session";
|
||||
import {deleteEntity, getEntity, getEntityWithRoles} from "@/utils/entities.be";
|
||||
import client from "@/lib/mongodb";
|
||||
import {Entity} from "@/interfaces/entity";
|
||||
import { doesEntityAllow } from "@/utils/permissions";
|
||||
import { getUser } from "@/utils/users.be";
|
||||
import { requestUser } from "@/utils/api";
|
||||
|
||||
const db = client.db(process.env.MONGODB_DB);
|
||||
|
||||
export default withIronSessionApiRoute(handler, sessionOptions);
|
||||
|
||||
async function handler(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (req.method === "get") return await get(req, res);
|
||||
if (req.method === "PATCH") return await patch(req, res);
|
||||
}
|
||||
|
||||
async function get(req: NextApiRequest, res: NextApiResponse) {
|
||||
const user = await requestUser(req, res)
|
||||
if (!user) return res.status(401).json({ ok: false });
|
||||
|
||||
const {id, showRoles} = req.query as {id: string; showRoles: string};
|
||||
|
||||
const entity = await (!!showRoles ? getEntityWithRoles : getEntity)(id);
|
||||
res.status(200).json(entity);
|
||||
}
|
||||
|
||||
async function del(req: NextApiRequest, res: NextApiResponse) {
|
||||
const user = await requestUser(req, res)
|
||||
if (!user) return res.status(401).json({ ok: false });
|
||||
|
||||
const { id } = req.query as { id: string };
|
||||
|
||||
const entity = await getEntityWithRoles(id)
|
||||
if (!entity) return res.status(404).json({ok: false})
|
||||
|
||||
if (!doesEntityAllow(user, entity, "delete_entity_role")) return res.status(403).json({ok: false})
|
||||
|
||||
await deleteEntity(entity)
|
||||
return res.status(200).json({ok: true});
|
||||
}
|
||||
|
||||
async function patch(req: NextApiRequest, res: NextApiResponse) {
|
||||
const user = await requestUser(req, res)
|
||||
if (!user) return res.status(401).json({ ok: false });
|
||||
|
||||
const {id} = req.query as {id: string};
|
||||
|
||||
if (!user.entities.map((x) => x.id).includes(id)) {
|
||||
return res.status(403).json({ok: false});
|
||||
}
|
||||
|
||||
const entity = await db.collection<Entity>("entities").updateOne({id}, {$set: {label: req.body.label}});
|
||||
|
||||
return res.status(200).json({ok: entity.acknowledged});
|
||||
}
|
||||
65
src/pages/api/entities/[id]/users.ts
Normal file
65
src/pages/api/entities/[id]/users.ts
Normal file
@@ -0,0 +1,65 @@
|
||||
// Next.js API route support: https://nextjs.org/docs/api-routes/introduction
|
||||
import type {NextApiRequest, NextApiResponse} from "next";
|
||||
import {withIronSessionApiRoute} from "iron-session/next";
|
||||
import {sessionOptions} from "@/lib/session";
|
||||
import {countEntityUsers, getEntityUsers} from "@/utils/users.be";
|
||||
import client from "@/lib/mongodb";
|
||||
|
||||
const db = client.db(process.env.MONGODB_DB);
|
||||
|
||||
export default withIronSessionApiRoute(handler, sessionOptions);
|
||||
|
||||
async function handler(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (req.method === "get") return await get(req, res);
|
||||
if (req.method === "PATCH") return await patch(req, res);
|
||||
}
|
||||
|
||||
async function get(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (!req.session.user) {
|
||||
res.status(401).json({ok: false});
|
||||
return;
|
||||
}
|
||||
|
||||
const {id, onlyCount} = req.query as {id: string; onlyCount: string};
|
||||
|
||||
if (onlyCount) return res.status(200).json(await countEntityUsers(id));
|
||||
|
||||
const users = await getEntityUsers(id);
|
||||
res.status(200).json(users);
|
||||
}
|
||||
|
||||
async function patch(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (!req.session.user) {
|
||||
res.status(401).json({ok: false});
|
||||
return;
|
||||
}
|
||||
|
||||
const {id} = req.query as {id: string};
|
||||
const {add, members, role} = req.body as {add: boolean; members: string[]; role?: string};
|
||||
|
||||
if (add) {
|
||||
await db.collection("users").updateMany(
|
||||
{id: {$in: members}},
|
||||
{
|
||||
// @ts-expect-error
|
||||
$push: {
|
||||
entities: {id, role},
|
||||
},
|
||||
},
|
||||
);
|
||||
|
||||
return res.status(204).end();
|
||||
}
|
||||
|
||||
await db.collection("users").updateMany(
|
||||
{id: {$in: members}},
|
||||
{
|
||||
// @ts-expect-error
|
||||
$pull: {
|
||||
entities: {id},
|
||||
},
|
||||
},
|
||||
);
|
||||
|
||||
return res.status(204).end();
|
||||
}
|
||||
29
src/pages/api/entities/groups.ts
Normal file
29
src/pages/api/entities/groups.ts
Normal file
@@ -0,0 +1,29 @@
|
||||
// Next.js API route support: https://nextjs.org/docs/api-routes/introduction
|
||||
import type { NextApiRequest, NextApiResponse } from "next";
|
||||
import { withIronSessionApiRoute } from "iron-session/next";
|
||||
import { sessionOptions } from "@/lib/session";
|
||||
import { getEntities, getEntitiesWithRoles } from "@/utils/entities.be";
|
||||
import { Entity, WithEntities, WithEntity, WithLabeledEntities } from "@/interfaces/entity";
|
||||
import { v4 } from "uuid";
|
||||
import { mapBy } from "@/utils";
|
||||
import { getEntitiesUsers, getUser, getUsers } from "@/utils/users.be";
|
||||
import { Group, User } from "@/interfaces/user";
|
||||
import { getGroups, getGroupsByEntities } from "@/utils/groups.be";
|
||||
import { requestUser } from "@/utils/api";
|
||||
|
||||
export default withIronSessionApiRoute(handler, sessionOptions);
|
||||
|
||||
async function handler(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (req.method === "GET") return await get(req, res);
|
||||
}
|
||||
|
||||
async function get(req: NextApiRequest, res: NextApiResponse) {
|
||||
const user = await requestUser(req, res)
|
||||
if (!user) return res.status(401).json({ ok: false });
|
||||
|
||||
const groups: WithEntity<Group>[] = ["admin", "developer"].includes(user.type)
|
||||
? await getGroups()
|
||||
: await getGroupsByEntities(mapBy(user.entities || [], 'id'))
|
||||
|
||||
res.status(200).json(groups);
|
||||
}
|
||||
44
src/pages/api/entities/index.ts
Normal file
44
src/pages/api/entities/index.ts
Normal file
@@ -0,0 +1,44 @@
|
||||
// Next.js API route support: https://nextjs.org/docs/api-routes/introduction
|
||||
import type {NextApiRequest, NextApiResponse} from "next";
|
||||
import {withIronSessionApiRoute} from "iron-session/next";
|
||||
import {sessionOptions} from "@/lib/session";
|
||||
import {createEntity, getEntities, getEntitiesWithRoles} from "@/utils/entities.be";
|
||||
import {Entity} from "@/interfaces/entity";
|
||||
import {v4} from "uuid";
|
||||
import { requestUser } from "@/utils/api";
|
||||
|
||||
export default withIronSessionApiRoute(handler, sessionOptions);
|
||||
|
||||
async function handler(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (req.method === "GET") return await get(req, res);
|
||||
if (req.method === "POST") return await post(req, res);
|
||||
}
|
||||
|
||||
async function get(req: NextApiRequest, res: NextApiResponse) {
|
||||
const user = await requestUser(req, res)
|
||||
if (!user) return res.status(401).json({ ok: false });
|
||||
|
||||
const {showRoles} = req.query as {showRoles: string};
|
||||
|
||||
const getFn = showRoles ? getEntitiesWithRoles : getEntities;
|
||||
|
||||
if (["admin", "developer"].includes(user.type)) return res.status(200).json(await getFn());
|
||||
res.status(200).json(await getFn(user.entities.map((x) => x.id)));
|
||||
}
|
||||
|
||||
async function post(req: NextApiRequest, res: NextApiResponse) {
|
||||
const user = await requestUser(req, res)
|
||||
if (!user) return res.status(401).json({ ok: false });
|
||||
|
||||
if (!["admin", "developer"].includes(user.type)) {
|
||||
return res.status(403).json({ok: false});
|
||||
}
|
||||
|
||||
const entity: Entity = {
|
||||
id: v4(),
|
||||
label: req.body.label,
|
||||
};
|
||||
|
||||
await createEntity(entity)
|
||||
return res.status(200).json(entity);
|
||||
}
|
||||
63
src/pages/api/entities/users.ts
Normal file
63
src/pages/api/entities/users.ts
Normal file
@@ -0,0 +1,63 @@
|
||||
// Next.js API route support: https://nextjs.org/docs/api-routes/introduction
|
||||
import type { NextApiRequest, NextApiResponse } from "next";
|
||||
import { withIronSessionApiRoute } from "iron-session/next";
|
||||
import { sessionOptions } from "@/lib/session";
|
||||
import { getEntities, getEntitiesWithRoles } from "@/utils/entities.be";
|
||||
import { Entity, EntityWithRoles, WithEntities, WithLabeledEntities } from "@/interfaces/entity";
|
||||
import { v4 } from "uuid";
|
||||
import { mapBy } from "@/utils";
|
||||
import { getEntitiesUsers, getUser, getUsers } from "@/utils/users.be";
|
||||
import { User } from "@/interfaces/user";
|
||||
import { findAllowedEntities } from "@/utils/permissions";
|
||||
import { RolePermission } from "@/resources/entityPermissions";
|
||||
|
||||
export default withIronSessionApiRoute(handler, sessionOptions);
|
||||
|
||||
async function handler(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (req.method === "GET") return await get(req, res);
|
||||
}
|
||||
|
||||
const labelUserEntity = (u: User, entities: EntityWithRoles[]) => ({
|
||||
...u, entities: (u.entities || []).map((e) => {
|
||||
const entity = entities.find((x) => x.id === e.id)
|
||||
if (!entity) return e
|
||||
|
||||
const role = entity.roles.find((x) => x.id === e.role)
|
||||
return { id: e.id, label: entity.label, role: e.role, roleLabel: role?.label }
|
||||
})
|
||||
})
|
||||
|
||||
async function get(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (!req.session.user) return res.status(401).json({ ok: false });
|
||||
|
||||
const user = await getUser(req.session.user.id)
|
||||
if (!user) return res.status(401).json({ ok: false });
|
||||
|
||||
const { type } = req.query as { type: string }
|
||||
|
||||
const entityIDs = mapBy(user.entities || [], 'id')
|
||||
const entities = await getEntitiesWithRoles(entityIDs)
|
||||
|
||||
const isAdmin = ["admin", "developer"].includes(user.type)
|
||||
|
||||
const filter = !type ? undefined : { type }
|
||||
const users = isAdmin
|
||||
? await getUsers(filter)
|
||||
: await getEntitiesUsers(mapBy(entities, 'id') as string[], filter)
|
||||
|
||||
const filteredUsers = users.map((u) => {
|
||||
if (isAdmin) return labelUserEntity(u, entities)
|
||||
if (!isAdmin && ["admin", "developer", "agent"].includes(user.type)) return undefined
|
||||
|
||||
const userEntities = mapBy(u.entities || [], 'id')
|
||||
const sameEntities = entities.filter(e => userEntities.includes(e.id))
|
||||
|
||||
const permission = `view_${u.type}s` as RolePermission
|
||||
const allowedEntities = findAllowedEntities(user, sameEntities, permission)
|
||||
|
||||
if (allowedEntities.length === 0) return undefined
|
||||
return labelUserEntity(u, allowedEntities)
|
||||
}).filter(x => !!x) as WithLabeledEntities<User>[]
|
||||
|
||||
res.status(200).json(filteredUsers);
|
||||
}
|
||||
@@ -5,6 +5,7 @@ import {withIronSessionApiRoute} from "iron-session/next";
|
||||
import {sessionOptions} from "@/lib/session";
|
||||
import {Group} from "@/interfaces/user";
|
||||
import {updateExpiryDateOnGroup} from "@/utils/groups.be";
|
||||
import { requestUser } from "@/utils/api";
|
||||
|
||||
const db = client.db(process.env.MONGODB_DB);
|
||||
|
||||
@@ -19,10 +20,8 @@ async function handler(req: NextApiRequest, res: NextApiResponse) {
|
||||
}
|
||||
|
||||
async function get(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (!req.session.user) {
|
||||
res.status(401).json({ok: false});
|
||||
return;
|
||||
}
|
||||
const user = await requestUser(req, res)
|
||||
if (!user) return res.status(401).json({ ok: false });
|
||||
|
||||
const {id} = req.query as {id: string};
|
||||
|
||||
@@ -36,10 +35,8 @@ async function get(req: NextApiRequest, res: NextApiResponse) {
|
||||
}
|
||||
|
||||
async function del(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (!req.session.user) {
|
||||
res.status(401).json({ok: false});
|
||||
return;
|
||||
}
|
||||
const user = await requestUser(req, res)
|
||||
if (!user) return res.status(401).json({ ok: false });
|
||||
|
||||
const {id} = req.query as {id: string};
|
||||
const group = await db.collection("groups").findOne<Group>({id: id});
|
||||
@@ -49,7 +46,6 @@ async function del(req: NextApiRequest, res: NextApiResponse) {
|
||||
return;
|
||||
}
|
||||
|
||||
const user = req.session.user;
|
||||
if (user.type === "admin" || user.type === "developer" || user.id === group.admin) {
|
||||
await db.collection("groups").deleteOne({id: id});
|
||||
|
||||
@@ -61,10 +57,8 @@ async function del(req: NextApiRequest, res: NextApiResponse) {
|
||||
}
|
||||
|
||||
async function patch(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (!req.session.user) {
|
||||
res.status(401).json({ok: false});
|
||||
return;
|
||||
}
|
||||
const user = await requestUser(req, res)
|
||||
if (!user) return res.status(401).json({ ok: false });
|
||||
|
||||
const {id} = req.query as {id: string};
|
||||
|
||||
@@ -74,14 +68,20 @@ async function patch(req: NextApiRequest, res: NextApiResponse) {
|
||||
return;
|
||||
}
|
||||
|
||||
const user = req.session.user;
|
||||
if (user.type === "admin" || user.type === "developer" || user.id === group.admin) {
|
||||
if ("participants" in req.body) {
|
||||
if (
|
||||
user.type === "admin" ||
|
||||
user.type === "developer" ||
|
||||
user.type === "mastercorporate" ||
|
||||
user.type === "corporate" ||
|
||||
user.id === group.admin
|
||||
) {
|
||||
if ("participants" in req.body && req.body.participants.length > 0) {
|
||||
const newParticipants = (req.body.participants as string[]).filter((x) => !group.participants.includes(x));
|
||||
await Promise.all(newParticipants.map(async (p) => await updateExpiryDateOnGroup(p, group.admin)));
|
||||
}
|
||||
|
||||
await db.collection("groups").updateOne({id: req.session.user.id}, {$set: {id, ...req.body}}, {upsert: true});
|
||||
console.log(req.body);
|
||||
await db.collection("groups").updateOne({id}, {$set: {id, ...req.body}}, {upsert: true});
|
||||
|
||||
res.status(200).json({ok: true});
|
||||
return;
|
||||
|
||||
@@ -39,11 +39,13 @@ async function post(req: NextApiRequest, res: NextApiResponse) {
|
||||
|
||||
await Promise.all(body.participants.map(async (p) => await updateExpiryDateOnGroup(p, body.admin)));
|
||||
|
||||
await db.collection("groups").insertOne({
|
||||
id: v4(),
|
||||
name: body.name,
|
||||
admin: body.admin,
|
||||
participants: body.participants,
|
||||
})
|
||||
res.status(200).json({ok: true});
|
||||
const id = v4();
|
||||
await db.collection<Group>("groups").insertOne({
|
||||
id,
|
||||
name: body.name,
|
||||
admin: body.admin,
|
||||
participants: body.participants,
|
||||
entity: body.entity,
|
||||
});
|
||||
res.status(200).json({ok: true, id});
|
||||
}
|
||||
|
||||
@@ -1,13 +1,15 @@
|
||||
// Next.js API route support: https://nextjs.org/docs/api-routes/introduction
|
||||
import type { NextApiRequest, NextApiResponse } from 'next'
|
||||
import client from "@/lib/mongodb";
|
||||
import type {NextApiRequest, NextApiResponse} from "next";
|
||||
|
||||
const db = client.db(process.env.MONGODB_DB);
|
||||
|
||||
type Data = {
|
||||
name: string
|
||||
}
|
||||
name: string;
|
||||
};
|
||||
|
||||
export default function handler(
|
||||
req: NextApiRequest,
|
||||
res: NextApiResponse<Data>
|
||||
) {
|
||||
res.status(200).json({ name: 'John Doe' })
|
||||
export default async function handler(req: NextApiRequest, res: NextApiResponse<Data>) {
|
||||
await db.collection("users").updateMany({}, {$set: {entities: []}});
|
||||
|
||||
res.status(200).json({name: "John Doe"});
|
||||
}
|
||||
|
||||
@@ -4,6 +4,7 @@ import client from "@/lib/mongodb";
|
||||
import { withIronSessionApiRoute } from "iron-session/next";
|
||||
import { sessionOptions } from "@/lib/session";
|
||||
import { Invite } from "@/interfaces/invite";
|
||||
import { requestUser } from "@/utils/api";
|
||||
|
||||
const db = client.db(process.env.MONGODB_DB);
|
||||
|
||||
@@ -18,10 +19,8 @@ async function handler(req: NextApiRequest, res: NextApiResponse) {
|
||||
}
|
||||
|
||||
async function get(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (!req.session.user) {
|
||||
res.status(401).json({ ok: false });
|
||||
return;
|
||||
}
|
||||
const user = await requestUser(req, res)
|
||||
if (!user) return res.status(401).json({ ok: false });
|
||||
|
||||
const { id } = req.query as { id: string };
|
||||
|
||||
@@ -35,10 +34,8 @@ async function get(req: NextApiRequest, res: NextApiResponse) {
|
||||
}
|
||||
|
||||
async function del(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (!req.session.user) {
|
||||
res.status(401).json({ ok: false });
|
||||
return;
|
||||
}
|
||||
const user = await requestUser(req, res)
|
||||
if (!user) return res.status(401).json({ ok: false });
|
||||
|
||||
const { id } = req.query as { id: string };
|
||||
|
||||
@@ -48,7 +45,6 @@ async function del(req: NextApiRequest, res: NextApiResponse) {
|
||||
return;
|
||||
}
|
||||
|
||||
const user = req.session.user;
|
||||
if (user.type === "admin" || user.type === "developer") {
|
||||
await db.collection("invites").deleteOne({ id: id });
|
||||
res.status(200).json({ ok: true });
|
||||
@@ -59,13 +55,10 @@ async function del(req: NextApiRequest, res: NextApiResponse) {
|
||||
}
|
||||
|
||||
async function patch(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (!req.session.user) {
|
||||
res.status(401).json({ ok: false });
|
||||
return;
|
||||
}
|
||||
const user = await requestUser(req, res)
|
||||
if (!user) return res.status(401).json({ ok: false });
|
||||
|
||||
const { id } = req.query as { id: string };
|
||||
const user = req.session.user;
|
||||
|
||||
if (user.type === "admin" || user.type === "developer") {
|
||||
await db.collection("invites").updateOne(
|
||||
|
||||
@@ -1,28 +1,28 @@
|
||||
import type {NextApiRequest, NextApiResponse} from "next";
|
||||
import {app} from "@/firebase";
|
||||
import {withIronSessionApiRoute} from "iron-session/next";
|
||||
import {sessionOptions} from "@/lib/session";
|
||||
import {v4} from "uuid";
|
||||
import {CorporateUser, Group, Type, User} from "@/interfaces/user";
|
||||
import {createUserWithEmailAndPassword, getAuth} from "firebase/auth";
|
||||
import type { NextApiRequest, NextApiResponse } from "next";
|
||||
import { app } from "@/firebase";
|
||||
import { withIronSessionApiRoute } from "iron-session/next";
|
||||
import { sessionOptions } from "@/lib/session";
|
||||
import { v4 } from "uuid";
|
||||
import { CorporateUser, Group, Type, User } from "@/interfaces/user";
|
||||
import { createUserWithEmailAndPassword, getAuth } from "firebase/auth";
|
||||
import ShortUniqueId from "short-unique-id";
|
||||
import {getGroup, getGroups, getUserCorporate, getUserGroups, getUserNamedGroup} from "@/utils/groups.be";
|
||||
import {uniq} from "lodash";
|
||||
import {getSpecificUsers, getUser} from "@/utils/users.be";
|
||||
import { getGroup, getGroups, getUserCorporate, getUserGroups, getUserNamedGroup } from "@/utils/groups.be";
|
||||
import { uniq } from "lodash";
|
||||
import { getSpecificUsers, getUser } from "@/utils/users.be";
|
||||
import client from "@/lib/mongodb";
|
||||
|
||||
const DEFAULT_DESIRED_LEVELS = {
|
||||
reading: 9,
|
||||
listening: 9,
|
||||
writing: 9,
|
||||
speaking: 9,
|
||||
reading: 9,
|
||||
listening: 9,
|
||||
writing: 9,
|
||||
speaking: 9,
|
||||
};
|
||||
|
||||
const DEFAULT_LEVELS = {
|
||||
reading: 0,
|
||||
listening: 0,
|
||||
writing: 0,
|
||||
speaking: 0,
|
||||
reading: 0,
|
||||
listening: 0,
|
||||
writing: 0,
|
||||
speaking: 0,
|
||||
};
|
||||
|
||||
const auth = getAuth(app);
|
||||
@@ -30,198 +30,97 @@ const db = client.db(process.env.MONGODB_DB);
|
||||
|
||||
export default withIronSessionApiRoute(handler, sessionOptions);
|
||||
|
||||
const getUsersOfType = async (admin: string, type: Type) => {
|
||||
const groups = await getUserGroups(admin);
|
||||
const participants = groups.flatMap((x) => x.participants);
|
||||
const users = await getSpecificUsers(participants);
|
||||
|
||||
return users.filter((x) => x?.type === type).map((x) => x?.id);
|
||||
};
|
||||
|
||||
async function handler(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (req.method === "POST") return post(req, res);
|
||||
if (req.method === "POST") return post(req, res);
|
||||
|
||||
return res.status(404).json({ok: false});
|
||||
return res.status(404).json({ ok: false });
|
||||
}
|
||||
|
||||
async function post(req: NextApiRequest, res: NextApiResponse) {
|
||||
const maker = req.session.user;
|
||||
if (!maker) {
|
||||
return res.status(401).json({ok: false, reason: "You must be logged in to make user!"});
|
||||
}
|
||||
const maker = req.session.user;
|
||||
if (!maker) {
|
||||
return res.status(401).json({ ok: false, reason: "You must be logged in to make user!" });
|
||||
}
|
||||
|
||||
const corporateCorporate = await getUserCorporate(maker.id);
|
||||
const { email, passport_id, password, type, groupID, entity, expiryDate, corporate } = req.body as {
|
||||
email: string;
|
||||
password?: string;
|
||||
passport_id: string;
|
||||
type: string;
|
||||
entity: string;
|
||||
groupID?: string;
|
||||
corporate?: string;
|
||||
expiryDate: null | Date;
|
||||
};
|
||||
|
||||
const {email, passport_id, password, type, groupID, expiryDate, corporate} = req.body as {
|
||||
email: string;
|
||||
password?: string;
|
||||
passport_id: string;
|
||||
type: string;
|
||||
groupID?: string;
|
||||
corporate?: string;
|
||||
expiryDate: null | Date;
|
||||
};
|
||||
// cleaning data
|
||||
delete req.body.passport_id;
|
||||
delete req.body.groupID;
|
||||
delete req.body.expiryDate;
|
||||
delete req.body.password;
|
||||
delete req.body.corporate;
|
||||
// cleaning data
|
||||
delete req.body.passport_id;
|
||||
delete req.body.groupID;
|
||||
delete req.body.expiryDate;
|
||||
delete req.body.password;
|
||||
delete req.body.corporate;
|
||||
delete req.body.entity
|
||||
|
||||
await createUserWithEmailAndPassword(auth, email.toLowerCase(), !!password ? password : passport_id)
|
||||
.then(async (userCredentials) => {
|
||||
const userId = userCredentials.user.uid;
|
||||
await createUserWithEmailAndPassword(auth, email.toLowerCase(), !!password ? password : passport_id)
|
||||
.then(async (userCredentials) => {
|
||||
const userId = userCredentials.user.uid;
|
||||
|
||||
const profilePicture = !corporateCorporate ? "/defaultAvatar.png" : corporateCorporate.profilePicture;
|
||||
const user = {
|
||||
...req.body,
|
||||
bio: "",
|
||||
id: userId,
|
||||
type: type,
|
||||
focus: "academic",
|
||||
status: "active",
|
||||
desiredLevels: DEFAULT_DESIRED_LEVELS,
|
||||
profilePicture: "/defaultAvatar.png",
|
||||
levels: DEFAULT_LEVELS,
|
||||
isFirstLogin: false,
|
||||
isVerified: true,
|
||||
registrationDate: new Date(),
|
||||
entities: [{ id: entity, role: "90ce8f08-08c8-41e4-9848-f1500ddc3930" }],
|
||||
subscriptionExpirationDate: expiryDate || null,
|
||||
...((maker.type === "corporate" || maker.type === "mastercorporate") && type === "corporate"
|
||||
? {
|
||||
corporateInformation: {
|
||||
companyInformation: {
|
||||
name: maker.corporateInformation?.companyInformation?.name || "N/A",
|
||||
userAmount: 0,
|
||||
},
|
||||
},
|
||||
}
|
||||
: {}),
|
||||
};
|
||||
|
||||
const user = {
|
||||
...req.body,
|
||||
bio: "",
|
||||
id: userId,
|
||||
type: type,
|
||||
focus: "academic",
|
||||
status: "active",
|
||||
desiredLevels: DEFAULT_DESIRED_LEVELS,
|
||||
profilePicture,
|
||||
levels: DEFAULT_LEVELS,
|
||||
isFirstLogin: false,
|
||||
isVerified: true,
|
||||
registrationDate: new Date(),
|
||||
subscriptionExpirationDate: expiryDate || null,
|
||||
...((maker.type === "corporate" || maker.type === "mastercorporate") && type === "corporate"
|
||||
? {
|
||||
corporateInformation: {
|
||||
companyInformation: {
|
||||
name: maker.corporateInformation?.companyInformation?.name || "N/A",
|
||||
userAmount: 0,
|
||||
},
|
||||
},
|
||||
}
|
||||
: {}),
|
||||
};
|
||||
const uid = new ShortUniqueId();
|
||||
const code = uid.randomUUID(6);
|
||||
|
||||
const uid = new ShortUniqueId();
|
||||
const code = uid.randomUUID(6);
|
||||
await db.collection("users").insertOne(user);
|
||||
await db.collection("codes").insertOne({
|
||||
code,
|
||||
creator: maker.id,
|
||||
expiryDate,
|
||||
type,
|
||||
creationDate: new Date(),
|
||||
userId,
|
||||
email: email.toLowerCase(),
|
||||
name: req.body.name,
|
||||
...(!!passport_id ? { passport_id } : {}),
|
||||
});
|
||||
|
||||
await db.collection("users").insertOne(user);
|
||||
await db.collection("codes").insertOne({
|
||||
code,
|
||||
creator: maker.id,
|
||||
expiryDate,
|
||||
type,
|
||||
creationDate: new Date(),
|
||||
userId,
|
||||
email: email.toLowerCase(),
|
||||
name: req.body.name,
|
||||
...(!!passport_id ? {passport_id} : {}),
|
||||
});
|
||||
if (!!groupID) {
|
||||
const group = await getGroup(groupID);
|
||||
if (!!group) await db.collection("groups").updateOne({ id: group.id }, { $set: { participants: [...group.participants, userId] } });
|
||||
}
|
||||
|
||||
if (type === "corporate") {
|
||||
const students = maker.type === "corporate" ? await getUsersOfType(maker.id, "student") : [];
|
||||
const teachers = maker.type === "corporate" ? await getUsersOfType(maker.id, "teacher") : [];
|
||||
console.log(`Returning - ${email}`);
|
||||
return res.status(200).json({ ok: true });
|
||||
})
|
||||
.catch((error) => {
|
||||
if (error.code.includes("email-already-in-use")) return res.status(403).json({ error, message: "E-mail is already in the platform." });
|
||||
|
||||
const defaultTeachersGroup: Group = {
|
||||
admin: userId,
|
||||
id: v4(),
|
||||
name: "Teachers",
|
||||
participants: teachers,
|
||||
disableEditing: true,
|
||||
};
|
||||
|
||||
const defaultStudentsGroup: Group = {
|
||||
admin: userId,
|
||||
id: v4(),
|
||||
name: "Students",
|
||||
participants: students,
|
||||
disableEditing: true,
|
||||
};
|
||||
|
||||
await db.collection("groups").insertMany([defaultStudentsGroup, defaultTeachersGroup]);
|
||||
}
|
||||
|
||||
if (!!corporate) {
|
||||
const corporateUser = await db.collection("users").findOne<CorporateUser>({email: corporate.trim().toLowerCase()});
|
||||
|
||||
if (!!corporateUser) {
|
||||
await db.collection("codes").updateOne({code}, {$set: {creator: corporateUser.id}});
|
||||
const typeGroup = await db
|
||||
.collection("groups")
|
||||
.findOne<Group>({creator: corporateUser.id, name: type === "student" ? "Students" : "Teachers"});
|
||||
|
||||
if (!!typeGroup) {
|
||||
if (!typeGroup.participants.includes(userId)) {
|
||||
await db.collection("groups").updateOne({id: typeGroup.id}, {$set: {participants: [...typeGroup.participants, userId]}});
|
||||
}
|
||||
} else {
|
||||
const defaultGroup: Group = {
|
||||
admin: corporateUser.id,
|
||||
id: v4(),
|
||||
name: type === "student" ? "Students" : "Teachers",
|
||||
participants: [userId],
|
||||
disableEditing: true,
|
||||
};
|
||||
|
||||
await db.collection("groups").insertOne(defaultGroup);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (maker.type === "corporate") {
|
||||
await db.collection("codes").updateOne({code}, {$set: {creator: maker.id}});
|
||||
const typeGroup = await getUserNamedGroup(maker.id, type === "student" ? "Students" : "Teachers");
|
||||
|
||||
if (!!typeGroup) {
|
||||
if (!typeGroup.participants.includes(userId)) {
|
||||
await db.collection("groups").updateOne({id: typeGroup.id}, {$set: {participants: [...typeGroup.participants, userId]}});
|
||||
}
|
||||
} else {
|
||||
const defaultGroup: Group = {
|
||||
admin: maker.id,
|
||||
id: v4(),
|
||||
name: type === "student" ? "Students" : "Teachers",
|
||||
participants: [userId],
|
||||
disableEditing: true,
|
||||
};
|
||||
|
||||
await db.collection("groups").insertOne(defaultGroup);
|
||||
}
|
||||
}
|
||||
|
||||
if (!!corporateCorporate && corporateCorporate.type === "mastercorporate" && type === "corporate") {
|
||||
const corporateGroup = await getUserNamedGroup(corporateCorporate.id, "Corporate");
|
||||
|
||||
if (!!corporateGroup) {
|
||||
if (!corporateGroup.participants.includes(userId)) {
|
||||
await db
|
||||
.collection("groups")
|
||||
.updateOne({id: corporateGroup.id}, {$set: {participants: [...corporateGroup.participants, userId]}});
|
||||
}
|
||||
} else {
|
||||
const defaultGroup: Group = {
|
||||
admin: corporateCorporate.id,
|
||||
id: v4(),
|
||||
name: "Corporate",
|
||||
participants: [userId],
|
||||
disableEditing: true,
|
||||
};
|
||||
|
||||
await db.collection("groups").insertOne(defaultGroup);
|
||||
}
|
||||
}
|
||||
|
||||
if (!!groupID) {
|
||||
const group = await getGroup(groupID);
|
||||
if (!!group) await db.collection("groups").updateOne({id: group.id}, {$set: {participants: [...group.participants, userId]}});
|
||||
}
|
||||
|
||||
console.log(`Returning - ${email}`);
|
||||
return res.status(200).json({ok: true});
|
||||
})
|
||||
.catch((error) => {
|
||||
if (error.code.includes("email-already-in-use")) return res.status(403).json({error, message: "E-mail is already in the platform."});
|
||||
|
||||
console.log(`Failing - ${email}`);
|
||||
console.log(error);
|
||||
return res.status(401).json({error});
|
||||
});
|
||||
console.log(`Failing - ${email}`);
|
||||
console.log(error);
|
||||
return res.status(401).json({ error });
|
||||
});
|
||||
}
|
||||
|
||||
@@ -7,6 +7,7 @@ import {Group} from "@/interfaces/user";
|
||||
import {Payment} from "@/interfaces/paypal";
|
||||
import {deleteObject, ref} from "firebase/storage";
|
||||
import client from "@/lib/mongodb";
|
||||
import { requestUser } from "@/utils/api";
|
||||
|
||||
const db = client.db(process.env.MONGODB_DB);
|
||||
|
||||
@@ -38,17 +39,14 @@ async function get(req: NextApiRequest, res: NextApiResponse) {
|
||||
}
|
||||
|
||||
async function del(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (!req.session.user) {
|
||||
res.status(401).json({ok: false});
|
||||
return;
|
||||
}
|
||||
const user = await requestUser(req, res)
|
||||
if (!user) return res.status(401).json({ ok: false });
|
||||
|
||||
const {id} = req.query as {id: string};
|
||||
|
||||
const payment = await db.collection("payments").findOne<Payment>({id});
|
||||
if (!payment) return res.status(404).json({ok: false});
|
||||
|
||||
const user = req.session.user;
|
||||
if (user.type === "admin" || user.type === "developer") {
|
||||
if (payment.commissionTransfer) await deleteObject(ref(storage, payment.commissionTransfer));
|
||||
if (payment.corporateTransfer) await deleteObject(ref(storage, payment.corporateTransfer));
|
||||
@@ -62,17 +60,14 @@ async function del(req: NextApiRequest, res: NextApiResponse) {
|
||||
}
|
||||
|
||||
async function patch(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (!req.session.user) {
|
||||
res.status(401).json({ok: false});
|
||||
return;
|
||||
}
|
||||
const user = await requestUser(req, res)
|
||||
if (!user) return res.status(401).json({ ok: false });
|
||||
|
||||
const {id} = req.query as {id: string};
|
||||
|
||||
const payment = await db.collection("payments").findOne<Payment>({id});
|
||||
if (!payment) return res.status(404).json({ok: false});
|
||||
|
||||
const user = req.session.user;
|
||||
if (user.type === "admin" || user.type === "developer") {
|
||||
await db.collection("payments").updateOne({id: payment.id}, {$set: req.body});
|
||||
|
||||
|
||||
@@ -11,6 +11,7 @@ import { OrderResponseBody } from "@paypal/paypal-js";
|
||||
import { getAccessToken } from "@/utils/paypal";
|
||||
import moment from "moment";
|
||||
import { Group } from "@/interfaces/user";
|
||||
import { requestUser } from "@/utils/api";
|
||||
|
||||
const db = client.db(process.env.MONGODB_DB);
|
||||
|
||||
@@ -25,6 +26,9 @@ async function handler(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (!accessToken)
|
||||
return res.status(401).json({ ok: false, reason: "Authorization failed!" });
|
||||
|
||||
const user = await requestUser(req, res)
|
||||
if (!user) return res.status(401).json({ ok: false });
|
||||
|
||||
const { id, duration, duration_unit, trackingId } = req.body as {
|
||||
id: string;
|
||||
duration: number;
|
||||
|
||||
79
src/pages/api/roles/[id]/index.ts
Normal file
79
src/pages/api/roles/[id]/index.ts
Normal file
@@ -0,0 +1,79 @@
|
||||
// Next.js API route support: https://nextjs.org/docs/api-routes/introduction
|
||||
import type {NextApiRequest, NextApiResponse} from "next";
|
||||
import {withIronSessionApiRoute} from "iron-session/next";
|
||||
import {sessionOptions} from "@/lib/session";
|
||||
import {getEntityWithRoles} from "@/utils/entities.be";
|
||||
import client from "@/lib/mongodb";
|
||||
import {Entity} from "@/interfaces/entity";
|
||||
import { deleteRole, getRole, transferRole } from "@/utils/roles.be";
|
||||
import { doesEntityAllow } from "@/utils/permissions";
|
||||
import { findBy } from "@/utils";
|
||||
import { requestUser } from "@/utils/api";
|
||||
|
||||
const db = client.db(process.env.MONGODB_DB);
|
||||
|
||||
export default withIronSessionApiRoute(handler, sessionOptions);
|
||||
|
||||
async function handler(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (req.method === "GET") return await get(req, res);
|
||||
if (req.method === "PATCH") return await patch(req, res);
|
||||
if (req.method === "DELETE") return await del(req, res);
|
||||
}
|
||||
|
||||
async function get(req: NextApiRequest, res: NextApiResponse) {
|
||||
const user = await requestUser(req, res)
|
||||
if (!user) return res.status(401).json({ ok: false });
|
||||
|
||||
const {id} = req.query as {id: string};
|
||||
|
||||
const role = await getRole(id)
|
||||
if (!role) return res.status(404).json({ok: false})
|
||||
|
||||
res.status(200).json(role);
|
||||
}
|
||||
|
||||
async function del(req: NextApiRequest, res: NextApiResponse) {
|
||||
const user = await requestUser(req, res)
|
||||
if (!user) return res.status(401).json({ ok: false });
|
||||
|
||||
const { id } = req.query as { id: string };
|
||||
|
||||
const role = await getRole(id)
|
||||
if (!role) return res.status(404).json({ok: false})
|
||||
|
||||
if (role.isDefault) return res.status(403).json({ok: false})
|
||||
|
||||
const entity = await getEntityWithRoles(role.entityID)
|
||||
if (!entity) return res.status(404).json({ok: false})
|
||||
|
||||
if (!doesEntityAllow(user, entity, "delete_entity_role")) return res.status(403).json({ok: false})
|
||||
|
||||
const defaultRole = findBy(entity.roles, 'isDefault', true)!
|
||||
|
||||
await transferRole(role.id, defaultRole.id)
|
||||
await deleteRole(role.id)
|
||||
|
||||
return res.status(200).json({ok: true});
|
||||
}
|
||||
|
||||
async function patch(req: NextApiRequest, res: NextApiResponse) {
|
||||
const user = await requestUser(req, res)
|
||||
if (!user) return res.status(401).json({ ok: false });
|
||||
|
||||
const { id } = req.query as { id: string };
|
||||
const {label, permissions} = req.body as {label?: string, permissions?: string}
|
||||
|
||||
const role = await getRole(id)
|
||||
if (!role) return res.status(404).json({ok: false})
|
||||
|
||||
const entity = await getEntityWithRoles(role.entityID)
|
||||
if (!entity) return res.status(404).json({ok: false})
|
||||
|
||||
if (!doesEntityAllow(user, entity, "rename_entity_role") && !!label) return res.status(403).json({ok: false})
|
||||
if (!doesEntityAllow(user, entity, "edit_role_permissions") && !!permissions) return res.status(403).json({ok: false})
|
||||
|
||||
if (!!label) await db.collection<Entity>("roles").updateOne({ id }, { $set: {label} });
|
||||
if (!!permissions) await db.collection<Entity>("roles").updateOne({ id }, { $set: {permissions} });
|
||||
|
||||
return res.status(200).json({ok: true});
|
||||
}
|
||||
40
src/pages/api/roles/[id]/users.ts
Normal file
40
src/pages/api/roles/[id]/users.ts
Normal file
@@ -0,0 +1,40 @@
|
||||
// Next.js API route support: https://nextjs.org/docs/api-routes/introduction
|
||||
import type {NextApiRequest, NextApiResponse} from "next";
|
||||
import {withIronSessionApiRoute} from "iron-session/next";
|
||||
import {sessionOptions} from "@/lib/session";
|
||||
import {getEntityWithRoles} from "@/utils/entities.be";
|
||||
import client from "@/lib/mongodb";
|
||||
import {Entity} from "@/interfaces/entity";
|
||||
import { assignRoleToUsers, deleteRole, getRole, transferRole } from "@/utils/roles.be";
|
||||
import { doesEntityAllow } from "@/utils/permissions";
|
||||
import { findBy } from "@/utils";
|
||||
import { getUser } from "@/utils/users.be";
|
||||
|
||||
const db = client.db(process.env.MONGODB_DB);
|
||||
|
||||
export default withIronSessionApiRoute(handler, sessionOptions);
|
||||
|
||||
async function handler(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (req.method === "POST") return await post(req, res);
|
||||
}
|
||||
|
||||
async function post(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (!req.session.user) return res.status(401).json({ ok: false })
|
||||
|
||||
const user = await getUser(req.session.user.id);
|
||||
if (!user) return res.status(401).json({ ok: false })
|
||||
|
||||
const { id } = req.query as { id: string };
|
||||
const {users} = req.body as {users: string[]}
|
||||
|
||||
const role = await getRole(id)
|
||||
if (!role) return res.status(404).json({ok: false})
|
||||
|
||||
const entity = await getEntityWithRoles(role.entityID)
|
||||
if (!entity) return res.status(404).json({ok: false})
|
||||
|
||||
if (!doesEntityAllow(user, entity, "assign_to_role")) return res.status(403).json({ok: false})
|
||||
|
||||
const result = await assignRoleToUsers(users, entity.id, role.id)
|
||||
return res.status(200).json({ok: result.acknowledged});
|
||||
}
|
||||
50
src/pages/api/roles/index.ts
Normal file
50
src/pages/api/roles/index.ts
Normal file
@@ -0,0 +1,50 @@
|
||||
// Next.js API route support: https://nextjs.org/docs/api-routes/introduction
|
||||
import type {NextApiRequest, NextApiResponse} from "next";
|
||||
import {withIronSessionApiRoute} from "iron-session/next";
|
||||
import {sessionOptions} from "@/lib/session";
|
||||
import {getEntities, getEntitiesWithRoles, getEntity, getEntityWithRoles} from "@/utils/entities.be";
|
||||
import {Entity} from "@/interfaces/entity";
|
||||
import {v4} from "uuid";
|
||||
import { createRole, getRoles, getRolesByEntity } from "@/utils/roles.be";
|
||||
import { mapBy } from "@/utils";
|
||||
import { RolePermission } from "@/resources/entityPermissions";
|
||||
import { doesEntityAllow } from "@/utils/permissions";
|
||||
import { User } from "@/interfaces/user";
|
||||
import { requestUser } from "@/utils/api";
|
||||
|
||||
export default withIronSessionApiRoute(handler, sessionOptions);
|
||||
|
||||
async function handler(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (req.method === "GET") return await get(req, res);
|
||||
if (req.method === "POST") return await post(req, res);
|
||||
}
|
||||
|
||||
async function get(req: NextApiRequest, res: NextApiResponse) {
|
||||
const user = await requestUser(req, res)
|
||||
if (!user) return res.status(401).json({ ok: false });
|
||||
|
||||
if (["admin", "developer"].includes(user.type)) return res.status(200).json(await getRoles());
|
||||
res.status(200).json(await getRoles(mapBy(user.entities, 'role')));
|
||||
}
|
||||
|
||||
async function post(req: NextApiRequest, res: NextApiResponse) {
|
||||
const user = await requestUser(req, res)
|
||||
if (!user) return res.status(401).json({ ok: false });
|
||||
|
||||
const {entityID, label, permissions} = req.body as {entityID: string, label: string, permissions: RolePermission[]}
|
||||
|
||||
const entity = await getEntityWithRoles(entityID)
|
||||
if (!entity) return res.status(404).json({ok: false})
|
||||
|
||||
if (!doesEntityAllow(user, entity, "create_entity_role")) return res.status(403).json({ok: false})
|
||||
|
||||
const role = {
|
||||
id: v4(),
|
||||
entityID,
|
||||
label,
|
||||
permissions
|
||||
}
|
||||
|
||||
await createRole(role)
|
||||
return res.status(200).json(role);
|
||||
}
|
||||
@@ -6,6 +6,7 @@ import { sessionOptions } from "@/lib/session";
|
||||
import { Stat } from "@/interfaces/user";
|
||||
import { Assignment } from "@/interfaces/results";
|
||||
import { groupBy } from "lodash";
|
||||
import { requestUser } from "@/utils/api";
|
||||
|
||||
const db = client.db(process.env.MONGODB_DB);
|
||||
|
||||
@@ -17,20 +18,17 @@ async function handler(req: NextApiRequest, res: NextApiResponse) {
|
||||
}
|
||||
|
||||
async function get(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (!req.session.user) {
|
||||
res.status(401).json({ ok: false });
|
||||
return;
|
||||
}
|
||||
const user = await requestUser(req, res)
|
||||
if (!user) return res.status(401).json({ ok: false });
|
||||
|
||||
const snapshot = await db.collection("stats").find<Stat>({}).toArray();
|
||||
|
||||
res.status(200).json(snapshot);
|
||||
}
|
||||
|
||||
async function post(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (!req.session.user) {
|
||||
res.status(401).json({ ok: false });
|
||||
return;
|
||||
}
|
||||
const user = await requestUser(req, res)
|
||||
if (!user) return res.status(401).json({ ok: false });
|
||||
|
||||
const stats = req.body as Stat[];
|
||||
stats.forEach(async (stat) => await db.collection("stats").updateOne(
|
||||
@@ -59,7 +57,7 @@ async function post(req: NextApiRequest, res: NextApiResponse) {
|
||||
$set: {
|
||||
results: [
|
||||
...assignmentSnapshot ? assignmentSnapshot.results : [],
|
||||
{ user: req.session.user?.id, type: req.session.user?.focus, stats: assignmentStats },
|
||||
{ user: user.id, type: user.focus, stats: assignmentStats },
|
||||
],
|
||||
}
|
||||
}
|
||||
|
||||
@@ -10,21 +10,23 @@ import client from "@/lib/mongodb";
|
||||
import {withIronSessionApiRoute} from "iron-session/next";
|
||||
import {groupBy} from "lodash";
|
||||
import {NextApiRequest, NextApiResponse} from "next";
|
||||
import { requestUser } from "@/utils/api";
|
||||
|
||||
const db = client.db(process.env.MONGODB_DB);
|
||||
|
||||
export default withIronSessionApiRoute(update, sessionOptions);
|
||||
|
||||
async function update(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (req.session.user) {
|
||||
const docUser = await db.collection("users").findOne({ id: req.session.user.id });
|
||||
const user = await requestUser(req, res)
|
||||
if (user) {
|
||||
const docUser = await db.collection("users").findOne({ id: user.id });
|
||||
|
||||
if (!docUser) {
|
||||
res.status(401).json(undefined);
|
||||
return;
|
||||
}
|
||||
|
||||
const stats = await db.collection("stats").find<Stat>({ user: req.session.user.id }).toArray();
|
||||
const stats = await db.collection("stats").find<Stat>({ user: user.id }).toArray();
|
||||
|
||||
const groupedStats = groupBySession(stats);
|
||||
const sessionLevels: {[key in Module]: {correct: number; total: number}}[] = Object.keys(groupedStats).map((key) => {
|
||||
@@ -91,18 +93,18 @@ async function update(req: NextApiRequest, res: NextApiResponse) {
|
||||
|
||||
|
||||
const levels = {
|
||||
reading: calculateBandScore(readingLevel.correct, readingLevel.total, "reading", req.session.user.focus),
|
||||
listening: calculateBandScore(listeningLevel.correct, listeningLevel.total, "listening", req.session.user.focus),
|
||||
writing: calculateBandScore(writingLevel.correct, writingLevel.total, "writing", req.session.user.focus),
|
||||
speaking: calculateBandScore(speakingLevel.correct, speakingLevel.total, "speaking", req.session.user.focus),
|
||||
level: calculateBandScore(levelLevel.correct, levelLevel.total, "level", req.session.user.focus),
|
||||
reading: calculateBandScore(readingLevel.correct, readingLevel.total, "reading", user.focus),
|
||||
listening: calculateBandScore(listeningLevel.correct, listeningLevel.total, "listening", user.focus),
|
||||
writing: calculateBandScore(writingLevel.correct, writingLevel.total, "writing", user.focus),
|
||||
speaking: calculateBandScore(speakingLevel.correct, speakingLevel.total, "speaking", user.focus),
|
||||
level: calculateBandScore(levelLevel.correct, levelLevel.total, "level", user.focus),
|
||||
};
|
||||
|
||||
await db.collection("users").updateOne(
|
||||
{ id: req.session.user.id},
|
||||
{ id: user.id},
|
||||
{ $set: {levels} }
|
||||
);
|
||||
|
||||
|
||||
res.status(200).json({ok: true});
|
||||
} else {
|
||||
res.status(401).json(undefined);
|
||||
|
||||
@@ -7,7 +7,9 @@ import {withIronSessionApiRoute} from "iron-session/next";
|
||||
import {NextApiRequest, NextApiResponse} from "next";
|
||||
import {getPermissions, getPermissionDocs} from "@/utils/permissions.be";
|
||||
import client from "@/lib/mongodb";
|
||||
import {getGroupsForUser, getParticipantGroups} from "@/utils/groups.be";
|
||||
import {getGroupsForUser, getParticipantGroups, removeParticipantFromGroup} from "@/utils/groups.be";
|
||||
import { mapBy } from "@/utils";
|
||||
import { getUser } from "@/utils/users.be";
|
||||
|
||||
const auth = getAuth(adminApp);
|
||||
const db = client.db(process.env.MONGODB_DB);
|
||||
@@ -41,20 +43,6 @@ async function del(req: NextApiRequest, res: NextApiResponse) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (user.type === "corporate" && (targetUser.type === "student" || targetUser.type === "teacher")) {
|
||||
const groups = await getGroupsForUser(user.id, targetUser.id);
|
||||
await Promise.all([
|
||||
...groups
|
||||
.filter((x) => x.admin === user.id)
|
||||
.map(
|
||||
async (x) =>
|
||||
await db.collection("groups").updateOne({id: x.id}, {$set: {participants: x.participants.filter((y: string) => y !== id)}}),
|
||||
),
|
||||
]);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
await auth.deleteUser(id);
|
||||
await db.collection("users").deleteOne({id: targetUser.id});
|
||||
await db.collection("codes").deleteMany({userId: targetUser.id});
|
||||
@@ -62,22 +50,18 @@ async function del(req: NextApiRequest, res: NextApiResponse) {
|
||||
await db.collection("stats").deleteMany({user: targetUser.id});
|
||||
|
||||
const groups = await getParticipantGroups(targetUser.id);
|
||||
await Promise.all(
|
||||
groups.map(
|
||||
async (x) => await db.collection("groups").updateOne({id: x.id}, {$set: {participants: x.participants.filter((y: string) => y !== id)}}),
|
||||
),
|
||||
);
|
||||
await Promise.all(
|
||||
groups
|
||||
.map(async (g) => await removeParticipantFromGroup(g.id, targetUser.id)),
|
||||
);
|
||||
|
||||
res.json({ok: true});
|
||||
}
|
||||
|
||||
async function get(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (req.session.user) {
|
||||
const user = await db.collection("users").findOne<User>({id: req.session.user.id});
|
||||
if (!user) {
|
||||
res.status(401).json(undefined);
|
||||
return;
|
||||
}
|
||||
const user = await getUser(req.session.user.id)
|
||||
if (!user) return res.status(401).json(undefined);
|
||||
|
||||
await db.collection("users").updateOne({id: user.id}, {$set: {lastLogin: new Date().toISOString()}});
|
||||
|
||||
|
||||
Reference in New Issue
Block a user