hermes-web/app/api/settings/groups/permissions/route.ts

import { db } from "@/lib/db"
import { NextResponse } from "next/server";
import fetchUserWithImpersonation from "@/lib/fetch-user-impersonation";
import { z } from "zod";

export async function GET(req: Request) {
    try {
        const user = await fetchUserWithImpersonation(req)
        if (!user)
            return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });

        const commands = await db.groupPermission.findMany({
            where: {
                userId: user.id
            }
        })

        return NextResponse.json(commands.map(({userId, ...attrs}) => attrs));
    } catch (error) {
        return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 })
    }
}

const permissionPathSchema = z.string({
    required_error: "Permission path should be available.",
    invalid_type_error: "Permission path must be a string"
}).regex(/^[\w\-\.]{1,64}$/, "Permission path must contain only letters, numbers, dashes, periods.")

export async function POST(req: Request) {
    try {
        const user = await fetchUserWithImpersonation(req)
        if (!user)
            return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });

        const { path, allow, groupId }: { path: string, allow: boolean, groupId: string } = await req.json();
        if (!path)
            return NextResponse.json({ message: 'path does not exist.', error: null, value: null }, { status: 400 });
        const permissionPathValidation = permissionPathSchema.safeParse(path)
        if (!permissionPathValidation.success)
            return NextResponse.json({ message: 'path must meet certain requirements.', error: JSON.parse(permissionPathValidation.error['message'])[0], value: null }, { status: 400 });
        if (!groupId)
            return NextResponse.json({ message: 'groupId does not exist.', error: null, value: null }, { status: 400 });
        if (groupId.length > 64)
            return NextResponse.json({ message: 'groupId is too long.', error: null, value: null }, { status: 400 });

        const permission = await db.groupPermission.create({
            data: {
                userId: user.id,
                path,
                allow,
                groupId
            }
        });

        return NextResponse.json(permission, { status: 200 });
    } catch (error) {
        return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 })
    }
}

export async function PUT(req: Request) {
    try {
        const user = await fetchUserWithImpersonation(req)
        if (!user)
            return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });

        const { id, path, allow }: { id: string, path: string, allow: boolean|null } = await req.json();
        if (!id)
            return NextResponse.json({ message: 'id does not exist.', error: null, value: null }, { status: 400 });
        if (!path)
            return NextResponse.json({ message: 'path does not exist.', error: null, value: null }, { status: 400 });
        const permissionPathValidation = permissionPathSchema.safeParse(path)
        if (!permissionPathValidation.success)
            return NextResponse.json({ message: 'path must meet certain requirements.', error: JSON.parse(permissionPathValidation.error['message'])[0], value: null }, { status: 400 });

        const permission = await db.groupPermission.update({
            where: {
                id
            },
            data: {
                path,
                allow
            }
        });

        return NextResponse.json(permission, { status: 200 });
    } catch (error) {
        return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 })
    }
}

export async function DELETE(req: Request) {
    try {
        const user = await fetchUserWithImpersonation(req)
        if (!user)
            return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });

        const { searchParams } = new URL(req.url)
        const id = searchParams.get('id') as string
        const permission = await db.groupPermission.delete({
            where: {
                id
            }
        })

        return NextResponse.json(permission);
    } catch (error) {
        return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 })
    }
}
Updated list of commands to v4.3. Added groups & permissions. Added connections. Updated redemptions and actions to v4.3. 2024-08-14 16:33:40 -04:00			`import { db } from "@/lib/db"`
			`import { NextResponse } from "next/server";`
			`import fetchUserWithImpersonation from "@/lib/fetch-user-impersonation";`
Added basic validation for requests 2024-08-25 17:35:46 -04:00			`import { z } from "zod";`
Updated list of commands to v4.3. Added groups & permissions. Added connections. Updated redemptions and actions to v4.3. 2024-08-14 16:33:40 -04:00
			`export async function GET(req: Request) {`
			`try {`
			`const user = await fetchUserWithImpersonation(req)`
			`if (!user)`
Added basic validation for requests 2024-08-25 17:35:46 -04:00			`return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });`
Updated list of commands to v4.3. Added groups & permissions. Added connections. Updated redemptions and actions to v4.3. 2024-08-14 16:33:40 -04:00
			`const commands = await db.groupPermission.findMany({`
			`where: {`
			`userId: user.id`
			`}`
			`})`

			`return NextResponse.json(commands.map(({userId, ...attrs}) => attrs));`
			`} catch (error) {`
Added basic validation for requests 2024-08-25 17:35:46 -04:00			`return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 })`
Updated list of commands to v4.3. Added groups & permissions. Added connections. Updated redemptions and actions to v4.3. 2024-08-14 16:33:40 -04:00			`}`
			`}`

Added basic validation for requests 2024-08-25 17:35:46 -04:00			`const permissionPathSchema = z.string({`
			`required_error: "Permission path should be available.",`
			`invalid_type_error: "Permission path must be a string"`
			`}).regex(/^[\w\-\.]{1,64}$/, "Permission path must contain only letters, numbers, dashes, periods.")`

Updated list of commands to v4.3. Added groups & permissions. Added connections. Updated redemptions and actions to v4.3. 2024-08-14 16:33:40 -04:00			`export async function POST(req: Request) {`
			`try {`
			`const user = await fetchUserWithImpersonation(req)`
			`if (!user)`
Added basic validation for requests 2024-08-25 17:35:46 -04:00			`return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });`
Updated list of commands to v4.3. Added groups & permissions. Added connections. Updated redemptions and actions to v4.3. 2024-08-14 16:33:40 -04:00
			`const { path, allow, groupId }: { path: string, allow: boolean, groupId: string } = await req.json();`
			`if (!path)`
Added basic validation for requests 2024-08-25 17:35:46 -04:00			`return NextResponse.json({ message: 'path does not exist.', error: null, value: null }, { status: 400 });`
			`const permissionPathValidation = permissionPathSchema.safeParse(path)`
			`if (!permissionPathValidation.success)`
			`return NextResponse.json({ message: 'path must meet certain requirements.', error: JSON.parse(permissionPathValidation.error['message'])[0], value: null }, { status: 400 });`
			`if (!groupId)`
			`return NextResponse.json({ message: 'groupId does not exist.', error: null, value: null }, { status: 400 });`
			`if (groupId.length > 64)`
			`return NextResponse.json({ message: 'groupId is too long.', error: null, value: null }, { status: 400 });`
Updated list of commands to v4.3. Added groups & permissions. Added connections. Updated redemptions and actions to v4.3. 2024-08-14 16:33:40 -04:00
			`const permission = await db.groupPermission.create({`
			`data: {`
			`userId: user.id,`
			`path,`
			`allow,`
			`groupId`
			`}`
			`});`

			`return NextResponse.json(permission, { status: 200 });`
			`} catch (error) {`
Added basic validation for requests 2024-08-25 17:35:46 -04:00			`return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 })`
Updated list of commands to v4.3. Added groups & permissions. Added connections. Updated redemptions and actions to v4.3. 2024-08-14 16:33:40 -04:00			`}`
			`}`

			`export async function PUT(req: Request) {`
			`try {`
			`const user = await fetchUserWithImpersonation(req)`
			`if (!user)`
Added basic validation for requests 2024-08-25 17:35:46 -04:00			`return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });`
Updated list of commands to v4.3. Added groups & permissions. Added connections. Updated redemptions and actions to v4.3. 2024-08-14 16:33:40 -04:00
			`const { id, path, allow }: { id: string, path: string, allow: boolean\|null } = await req.json();`
			`if (!id)`
Added basic validation for requests 2024-08-25 17:35:46 -04:00			`return NextResponse.json({ message: 'id does not exist.', error: null, value: null }, { status: 400 });`
Updated list of commands to v4.3. Added groups & permissions. Added connections. Updated redemptions and actions to v4.3. 2024-08-14 16:33:40 -04:00			`if (!path)`
Added basic validation for requests 2024-08-25 17:35:46 -04:00			`return NextResponse.json({ message: 'path does not exist.', error: null, value: null }, { status: 400 });`
			`const permissionPathValidation = permissionPathSchema.safeParse(path)`
			`if (!permissionPathValidation.success)`
			`return NextResponse.json({ message: 'path must meet certain requirements.', error: JSON.parse(permissionPathValidation.error['message'])[0], value: null }, { status: 400 });`
Updated list of commands to v4.3. Added groups & permissions. Added connections. Updated redemptions and actions to v4.3. 2024-08-14 16:33:40 -04:00
			`const permission = await db.groupPermission.update({`
			`where: {`
			`id`
			`},`
Added basic validation for requests 2024-08-25 17:35:46 -04:00			`data: {`
			`path,`
			`allow`
			`}`
Updated list of commands to v4.3. Added groups & permissions. Added connections. Updated redemptions and actions to v4.3. 2024-08-14 16:33:40 -04:00			`});`

			`return NextResponse.json(permission, { status: 200 });`
			`} catch (error) {`
Added basic validation for requests 2024-08-25 17:35:46 -04:00			`return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 })`
Updated list of commands to v4.3. Added groups & permissions. Added connections. Updated redemptions and actions to v4.3. 2024-08-14 16:33:40 -04:00			`}`
			`}`

			`export async function DELETE(req: Request) {`
			`try {`
			`const user = await fetchUserWithImpersonation(req)`
			`if (!user)`
Added basic validation for requests 2024-08-25 17:35:46 -04:00			`return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });`
Updated list of commands to v4.3. Added groups & permissions. Added connections. Updated redemptions and actions to v4.3. 2024-08-14 16:33:40 -04:00
			`const { searchParams } = new URL(req.url)`
			`const id = searchParams.get('id') as string`
			`const permission = await db.groupPermission.delete({`
			`where: {`
			`id`
			`}`
			`})`

			`return NextResponse.json(permission);`
			`} catch (error) {`
Added basic validation for requests 2024-08-25 17:35:46 -04:00			`return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 })`
Updated list of commands to v4.3. Added groups & permissions. Added connections. Updated redemptions and actions to v4.3. 2024-08-14 16:33:40 -04:00			`}`
			`}`