tom/hermes-web
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
624b3fa63b
hermes-web/app/api/settings/groups/permissions/route.ts

110 lines
4.5 KiB
TypeScript
Raw Blame History

import { db } from "@/lib/db"
import { NextResponse } from "next/server";
import fetchUserWithImpersonation from "@/lib/fetch-user-impersonation";
import { z } from "zod";
export async function GET(req: Request) {
try {
const user = await fetchUserWithImpersonation(req)
if (!user)
return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });
const commands = await db.groupPermission.findMany({
where: {
userId: user.id
}
})
return NextResponse.json(commands.map(({userId, ...attrs}) => attrs));
} catch (error) {
return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 })
}
}
const permissionPathSchema = z.string({
required_error: "Permission path should be available.",
invalid_type_error: "Permission path must be a string"
}).regex(/^[\w\-\.]{1,64}$/, "Permission path must contain only letters, numbers, dashes, periods.")
export async function POST(req: Request) {
try {
const user = await fetchUserWithImpersonation(req)
if (!user)
return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });
const { path, allow, groupId }: { path: string, allow: boolean, groupId: string } = await req.json();
if (!path)
return NextResponse.json({ message: 'path does not exist.', error: null, value: null }, { status: 400 });
const permissionPathValidation = permissionPathSchema.safeParse(path)
if (!permissionPathValidation.success)
return NextResponse.json({ message: 'path must meet certain requirements.', error: JSON.parse(permissionPathValidation.error['message'])[0], value: null }, { status: 400 });
if (!groupId)
return NextResponse.json({ message: 'groupId does not exist.', error: null, value: null }, { status: 400 });
if (groupId.length > 64)
return NextResponse.json({ message: 'groupId is too long.', error: null, value: null }, { status: 400 });
const permission = await db.groupPermission.create({
data: {
userId: user.id,
path,
allow,
groupId
}
});
return NextResponse.json(permission, { status: 200 });
} catch (error) {
return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 })
}
}
export async function PUT(req: Request) {
try {
const user = await fetchUserWithImpersonation(req)
if (!user)
return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });
const { id, path, allow }: { id: string, path: string, allow: boolean|null } = await req.json();
if (!id)
return NextResponse.json({ message: 'id does not exist.', error: null, value: null }, { status: 400 });
if (!path)
return NextResponse.json({ message: 'path does not exist.', error: null, value: null }, { status: 400 });
const permissionPathValidation = permissionPathSchema.safeParse(path)
if (!permissionPathValidation.success)
return NextResponse.json({ message: 'path must meet certain requirements.', error: JSON.parse(permissionPathValidation.error['message'])[0], value: null }, { status: 400 });
const permission = await db.groupPermission.update({
where: {
id
},
data: {
path,
allow
}
});
return NextResponse.json(permission, { status: 200 });
} catch (error) {
return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 })
}
}
export async function DELETE(req: Request) {
try {
const user = await fetchUserWithImpersonation(req)
if (!user)
return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });
const { searchParams } = new URL(req.url)
const id = searchParams.get('id') as string
const permission = await db.groupPermission.delete({
where: {
id
}
})
return NextResponse.json(permission);
} catch (error) {
return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 })
}
}
Reference in New Issue View Git Blame Copy Permalink