60 lines
2.1 KiB
TypeScript
60 lines
2.1 KiB
TypeScript
// Next.js API route support: https://nextjs.org/docs/api-routes/introduction
|
|
import type {NextApiRequest, NextApiResponse} from "next";
|
|
import {withIronSessionApiRoute} from "iron-session/next";
|
|
import {sessionOptions} from "@/lib/session";
|
|
import {deleteEntity, getEntity, getEntityWithRoles} from "@/utils/entities.be";
|
|
import client from "@/lib/mongodb";
|
|
import {Entity} from "@/interfaces/entity";
|
|
import { doesEntityAllow } from "@/utils/permissions";
|
|
import { getUser } from "@/utils/users.be";
|
|
import { requestUser } from "@/utils/api";
|
|
|
|
const db = client.db(process.env.MONGODB_DB);
|
|
|
|
export default withIronSessionApiRoute(handler, sessionOptions);
|
|
|
|
async function handler(req: NextApiRequest, res: NextApiResponse) {
|
|
if (req.method === "get") return await get(req, res);
|
|
if (req.method === "PATCH") return await patch(req, res);
|
|
}
|
|
|
|
async function get(req: NextApiRequest, res: NextApiResponse) {
|
|
const user = await requestUser(req, res)
|
|
if (!user) return res.status(401).json({ ok: false });
|
|
|
|
const {id, showRoles} = req.query as {id: string; showRoles: string};
|
|
|
|
const entity = await (!!showRoles ? getEntityWithRoles : getEntity)(id);
|
|
res.status(200).json(entity);
|
|
}
|
|
|
|
async function del(req: NextApiRequest, res: NextApiResponse) {
|
|
const user = await requestUser(req, res)
|
|
if (!user) return res.status(401).json({ ok: false });
|
|
|
|
const { id } = req.query as { id: string };
|
|
|
|
const entity = await getEntityWithRoles(id)
|
|
if (!entity) return res.status(404).json({ok: false})
|
|
|
|
if (!doesEntityAllow(user, entity, "delete_entity_role")) return res.status(403).json({ok: false})
|
|
|
|
await deleteEntity(entity)
|
|
return res.status(200).json({ok: true});
|
|
}
|
|
|
|
async function patch(req: NextApiRequest, res: NextApiResponse) {
|
|
const user = await requestUser(req, res)
|
|
if (!user) return res.status(401).json({ ok: false });
|
|
|
|
const {id} = req.query as {id: string};
|
|
|
|
if (!user.entities.map((x) => x.id).includes(id)) {
|
|
return res.status(403).json({ok: false});
|
|
}
|
|
|
|
const entity = await db.collection<Entity>("entities").updateOne({id}, {$set: {label: req.body.label}});
|
|
|
|
return res.status(200).json({ok: entity.acknowledged});
|
|
}
|