2024-08-14 20:33:40 +00:00
import { db } from "@/lib/db"
import { NextResponse } from "next/server" ;
import fetchUserWithImpersonation from "@/lib/fetch-user-impersonation" ;
2024-08-25 21:35:46 +00:00
import { z } from "zod" ;
2024-08-14 20:33:40 +00:00
export async function GET ( req : Request ) {
try {
const user = await fetchUserWithImpersonation ( req )
if ( ! user )
2024-08-25 21:35:46 +00:00
return NextResponse . json ( { message : 'Unauthorized.' , error : null , value : null } , { status : 401 } ) ;
2024-08-14 20:33:40 +00:00
const commands = await db . groupPermission . findMany ( {
where : {
userId : user.id
}
} )
return NextResponse . json ( commands . map ( ( { userId , . . . attrs } ) = > attrs ) ) ;
} catch ( error ) {
2024-08-25 21:35:46 +00:00
return NextResponse . json ( { message : 'Something went wrong' , error : error , value : null } , { status : 500 } )
2024-08-14 20:33:40 +00:00
}
}
2024-08-25 21:35:46 +00:00
const permissionPathSchema = z . string ( {
required_error : "Permission path should be available." ,
invalid_type_error : "Permission path must be a string"
} ) . regex ( /^[\w\-\.]{1,64}$/ , "Permission path must contain only letters, numbers, dashes, periods." )
2024-08-14 20:33:40 +00:00
export async function POST ( req : Request ) {
try {
const user = await fetchUserWithImpersonation ( req )
if ( ! user )
2024-08-25 21:35:46 +00:00
return NextResponse . json ( { message : 'Unauthorized.' , error : null , value : null } , { status : 401 } ) ;
2024-08-14 20:33:40 +00:00
const { path , allow , groupId } : { path : string , allow : boolean , groupId : string } = await req . json ( ) ;
if ( ! path )
2024-08-25 21:35:46 +00:00
return NextResponse . json ( { message : 'path does not exist.' , error : null , value : null } , { status : 400 } ) ;
const permissionPathValidation = permissionPathSchema . safeParse ( path )
if ( ! permissionPathValidation . success )
return NextResponse . json ( { message : 'path must meet certain requirements.' , error : JSON.parse ( permissionPathValidation . error [ 'message' ] ) [ 0 ] , value : null } , { status : 400 } ) ;
if ( ! groupId )
return NextResponse . json ( { message : 'groupId does not exist.' , error : null , value : null } , { status : 400 } ) ;
if ( groupId . length > 64 )
return NextResponse . json ( { message : 'groupId is too long.' , error : null , value : null } , { status : 400 } ) ;
2024-08-14 20:33:40 +00:00
const permission = await db . groupPermission . create ( {
data : {
userId : user.id ,
path ,
allow ,
groupId
}
} ) ;
return NextResponse . json ( permission , { status : 200 } ) ;
} catch ( error ) {
2024-08-25 21:35:46 +00:00
return NextResponse . json ( { message : 'Something went wrong' , error : error , value : null } , { status : 500 } )
2024-08-14 20:33:40 +00:00
}
}
export async function PUT ( req : Request ) {
try {
const user = await fetchUserWithImpersonation ( req )
if ( ! user )
2024-08-25 21:35:46 +00:00
return NextResponse . json ( { message : 'Unauthorized.' , error : null , value : null } , { status : 401 } ) ;
2024-08-14 20:33:40 +00:00
const { id , path , allow } : { id : string , path : string , allow : boolean | null } = await req . json ( ) ;
if ( ! id )
2024-08-25 21:35:46 +00:00
return NextResponse . json ( { message : 'id does not exist.' , error : null , value : null } , { status : 400 } ) ;
2024-08-14 20:33:40 +00:00
if ( ! path )
2024-08-25 21:35:46 +00:00
return NextResponse . json ( { message : 'path does not exist.' , error : null , value : null } , { status : 400 } ) ;
const permissionPathValidation = permissionPathSchema . safeParse ( path )
if ( ! permissionPathValidation . success )
return NextResponse . json ( { message : 'path must meet certain requirements.' , error : JSON.parse ( permissionPathValidation . error [ 'message' ] ) [ 0 ] , value : null } , { status : 400 } ) ;
2024-08-14 20:33:40 +00:00
const permission = await db . groupPermission . update ( {
where : {
id
} ,
2024-08-25 21:35:46 +00:00
data : {
path ,
allow
}
2024-08-14 20:33:40 +00:00
} ) ;
return NextResponse . json ( permission , { status : 200 } ) ;
} catch ( error ) {
2024-08-25 21:35:46 +00:00
return NextResponse . json ( { message : 'Something went wrong' , error : error , value : null } , { status : 500 } )
2024-08-14 20:33:40 +00:00
}
}
export async function DELETE ( req : Request ) {
try {
const user = await fetchUserWithImpersonation ( req )
if ( ! user )
2024-08-25 21:35:46 +00:00
return NextResponse . json ( { message : 'Unauthorized.' , error : null , value : null } , { status : 401 } ) ;
2024-08-14 20:33:40 +00:00
const { searchParams } = new URL ( req . url )
const id = searchParams . get ( 'id' ) as string
const permission = await db . groupPermission . delete ( {
where : {
id
}
} )
return NextResponse . json ( permission ) ;
} catch ( error ) {
2024-08-25 21:35:46 +00:00
return NextResponse . json ( { message : 'Something went wrong' , error : error , value : null } , { status : 500 } )
2024-08-14 20:33:40 +00:00
}
}