hermes-web/app/api/settings/groups/permissions/route.ts

import { db } from "@/lib/db"
import { NextResponse } from "next/server";
import fetchUserWithImpersonation from "@/lib/fetch-user-impersonation";
import { ActionType, Prisma } from "@prisma/client";

export async function GET(req: Request) {
    try {
        const user = await fetchUserWithImpersonation(req)
        if (!user)
            return new NextResponse("Unauthorized", { status: 401 });

        const commands = await db.groupPermission.findMany({
            where: {
                userId: user.id
            }
        })

        return NextResponse.json(commands.map(({userId, ...attrs}) => attrs));
    } catch (error) {
        console.log("[GROUPS/PERMISSIONS]", error);
        return new NextResponse("Internal Error", { status: 500 });
    }
}

export async function POST(req: Request) {
    try {
        const user = await fetchUserWithImpersonation(req)
        if (!user)
            return new NextResponse("Unauthorized", { status: 401 });

        const { path, allow, groupId }: { path: string, allow: boolean, groupId: string } = await req.json();
        if (!path)
            return new NextResponse("Bad Request", { status: 400 });

        const permission = await db.groupPermission.create({
            data: {
                userId: user.id,
                path,
                allow,
                groupId
            }
        });

        return NextResponse.json(permission, { status: 200 });
    } catch (error) {
        console.log("[GROUPS/PERMISSIONS]", error);
        return new NextResponse("Internal Error", { status: 500 });
    }
}

export async function PUT(req: Request) {
    try {
        const user = await fetchUserWithImpersonation(req)
        if (!user)
            return new NextResponse("Unauthorized", { status: 401 });

        const { id, path, allow }: { id: string, path: string, allow: boolean|null } = await req.json();
        if (!id)
            return new NextResponse("Bad Request", { status: 400 });
        if (!path)
            return new NextResponse("Bad Request", { status: 400 });

        let data: any = {}
        if (!!path)
            data = { ...data, path }
        data = { ...data, allow }

        const permission = await db.groupPermission.update({
            where: {
                id
            },
            data: data
        });

        return NextResponse.json(permission, { status: 200 });
    } catch (error) {
        console.log("[GROUPS/PERMISSIONS]", error);
        return new NextResponse("Internal Error", { status: 500 });
    }
}

export async function DELETE(req: Request) {
    try {
        const user = await fetchUserWithImpersonation(req)
        if (!user)
            return new NextResponse("Unauthorized", { status: 401 });

        const { searchParams } = new URL(req.url)
        const id = searchParams.get('id') as string
        const permission = await db.groupPermission.delete({
            where: {
                id
            }
        })

        return NextResponse.json(permission);
    } catch (error) {
        console.log("[GROUPS/PERMISSIONS]", error);
        return new NextResponse("Internal Error", { status: 500 });
    }
}
Updated list of commands to v4.3. Added groups & permissions. Added connections. Updated redemptions and actions to v4.3. 2024-08-14 16:33:40 -04:00			`import { db } from "@/lib/db"`
			`import { NextResponse } from "next/server";`
			`import fetchUserWithImpersonation from "@/lib/fetch-user-impersonation";`
			`import { ActionType, Prisma } from "@prisma/client";`

			`export async function GET(req: Request) {`
			`try {`
			`const user = await fetchUserWithImpersonation(req)`
			`if (!user)`
			`return new NextResponse("Unauthorized", { status: 401 });`

			`const commands = await db.groupPermission.findMany({`
			`where: {`
			`userId: user.id`
			`}`
			`})`

			`return NextResponse.json(commands.map(({userId, ...attrs}) => attrs));`
			`} catch (error) {`
			`console.log("[GROUPS/PERMISSIONS]", error);`
			`return new NextResponse("Internal Error", { status: 500 });`
			`}`
			`}`

			`export async function POST(req: Request) {`
			`try {`
			`const user = await fetchUserWithImpersonation(req)`
			`if (!user)`
			`return new NextResponse("Unauthorized", { status: 401 });`

			`const { path, allow, groupId }: { path: string, allow: boolean, groupId: string } = await req.json();`
			`if (!path)`
			`return new NextResponse("Bad Request", { status: 400 });`

			`const permission = await db.groupPermission.create({`
			`data: {`
			`userId: user.id,`
			`path,`
			`allow,`
			`groupId`
			`}`
			`});`

			`return NextResponse.json(permission, { status: 200 });`
			`} catch (error) {`
			`console.log("[GROUPS/PERMISSIONS]", error);`
			`return new NextResponse("Internal Error", { status: 500 });`
			`}`
			`}`

			`export async function PUT(req: Request) {`
			`try {`
			`const user = await fetchUserWithImpersonation(req)`
			`if (!user)`
			`return new NextResponse("Unauthorized", { status: 401 });`

			`const { id, path, allow }: { id: string, path: string, allow: boolean\|null } = await req.json();`
			`if (!id)`
			`return new NextResponse("Bad Request", { status: 400 });`
			`if (!path)`
			`return new NextResponse("Bad Request", { status: 400 });`

			`let data: any = {}`
			`if (!!path)`
			`data = { ...data, path }`
			`data = { ...data, allow }`

			`const permission = await db.groupPermission.update({`
			`where: {`
			`id`
			`},`
			`data: data`
			`});`

			`return NextResponse.json(permission, { status: 200 });`
			`} catch (error) {`
			`console.log("[GROUPS/PERMISSIONS]", error);`
			`return new NextResponse("Internal Error", { status: 500 });`
			`}`
			`}`

			`export async function DELETE(req: Request) {`
			`try {`
			`const user = await fetchUserWithImpersonation(req)`
			`if (!user)`
			`return new NextResponse("Unauthorized", { status: 401 });`

			`const { searchParams } = new URL(req.url)`
			`const id = searchParams.get('id') as string`
			`const permission = await db.groupPermission.delete({`
			`where: {`
			`id`
			`}`
			`})`

			`return NextResponse.json(permission);`
			`} catch (error) {`
			`console.log("[GROUPS/PERMISSIONS]", error);`
			`return new NextResponse("Internal Error", { status: 500 });`
			`}`
			`}`