Deduplicate editing check
This commit is contained in:
parent
5115965239
commit
13f682961b
@ -1,3 +1,4 @@
|
||||
import { EventType, Membership, MembershipRole, User } from "@prisma/client";
|
||||
import { TFunction } from "next-i18next";
|
||||
|
||||
type EventNameObjectType = {
|
||||
@ -17,3 +18,40 @@ export function getEventName(eventNameObj: EventNameObjectType) {
|
||||
attendeeName: eventNameObj.attendeeName,
|
||||
});
|
||||
}
|
||||
|
||||
export function canEventBeEdited({
|
||||
user,
|
||||
eventType,
|
||||
}: {
|
||||
user: {
|
||||
id: User["id"];
|
||||
};
|
||||
eventType: {
|
||||
users: {
|
||||
id: User["id"];
|
||||
}[];
|
||||
userId: User["id"] | null;
|
||||
creatorId: EventType["creatorId"];
|
||||
team: {
|
||||
members: {
|
||||
userId: Membership["userId"];
|
||||
role: MembershipRole;
|
||||
}[];
|
||||
} | null;
|
||||
};
|
||||
}) {
|
||||
if (eventType.creatorId === user.id) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if (eventType.team) {
|
||||
return eventType.team.members
|
||||
.filter((member) => {
|
||||
return member.role === MembershipRole.OWNER || member.role === MembershipRole.ADMIN;
|
||||
})
|
||||
.map((member) => member.userId)
|
||||
.includes(user.id);
|
||||
}
|
||||
|
||||
return eventType.userId === user.id || eventType.users.find((user) => user.id === user.id);
|
||||
}
|
||||
|
@ -6,6 +6,7 @@ import { z } from "zod";
|
||||
import { checkPremiumUsername } from "@ee/lib/core/checkPremiumUsername";
|
||||
|
||||
import { checkRegularUsername } from "@lib/core/checkRegularUsername";
|
||||
import { canEventBeEdited } from "@lib/event";
|
||||
import { getCalendarCredentials, getConnectedCalendars } from "@lib/integrations/calendar/CalendarManager";
|
||||
import { ALL_INTEGRATIONS } from "@lib/integrations/getIntegrations";
|
||||
import jackson from "@lib/jackson";
|
||||
@ -131,6 +132,7 @@ const loggedInViewerRouter = createProtectedRouter()
|
||||
currency: true,
|
||||
position: true,
|
||||
creatorId: true,
|
||||
userId: true,
|
||||
users: {
|
||||
select: {
|
||||
id: true,
|
||||
@ -139,6 +141,11 @@ const loggedInViewerRouter = createProtectedRouter()
|
||||
name: true,
|
||||
},
|
||||
},
|
||||
team: {
|
||||
select: {
|
||||
members: true,
|
||||
},
|
||||
},
|
||||
});
|
||||
|
||||
const user = await prisma.user.findUnique({
|
||||
@ -202,7 +209,6 @@ const loggedInViewerRouter = createProtectedRouter()
|
||||
},
|
||||
},
|
||||
});
|
||||
|
||||
if (!user) {
|
||||
throw new TRPCError({ code: "INTERNAL_SERVER_ERROR" });
|
||||
}
|
||||
@ -273,9 +279,7 @@ const loggedInViewerRouter = createProtectedRouter()
|
||||
},
|
||||
eventTypes: membership.team.eventTypes.map((eventType) => ({
|
||||
...eventType,
|
||||
readOnly:
|
||||
eventType.creatorId !== user.id &&
|
||||
!(membership.role === MembershipRole.OWNER || membership.role === MembershipRole.ADMIN),
|
||||
readOnly: !canEventBeEdited({ user, eventType }),
|
||||
})),
|
||||
}))
|
||||
);
|
||||
|
@ -10,6 +10,8 @@ import {
|
||||
import { stringOrNumber } from "@calcom/prisma/zod-utils";
|
||||
import { createEventTypeInput } from "@calcom/prisma/zod/custom/eventtype";
|
||||
|
||||
import { canEventBeEdited } from "@lib/event";
|
||||
|
||||
import { createProtectedRouter } from "@server/createRouter";
|
||||
import { viewerRouter } from "@server/routers/viewer";
|
||||
import { TRPCError } from "@trpc/server";
|
||||
@ -176,16 +178,7 @@ export const eventTypesRouter = createProtectedRouter()
|
||||
}
|
||||
|
||||
const isAuthorized = (function () {
|
||||
if (event.team) {
|
||||
return (
|
||||
event.creatorId === ctx.user.id ||
|
||||
event.team.members
|
||||
.filter((member) => member.role === MembershipRole.OWNER || member.role === MembershipRole.ADMIN)
|
||||
.map((member) => member.userId)
|
||||
.includes(ctx.user.id)
|
||||
);
|
||||
}
|
||||
return event.userId === ctx.user.id || event.users.find((user) => user.id === ctx.user.id);
|
||||
return canEventBeEdited({ user: ctx.user, eventType: event });
|
||||
})();
|
||||
|
||||
if (!isAuthorized) {
|
||||
|
Loading…
Reference in New Issue
Block a user