feat: mongo read and write

subhadeeproy3902 · Aug 7, 2024 · 87ae269 · 87ae269
1 parent f39b093
commit 87ae269
Show file tree

Hide file tree

Showing 5 changed files with 246 additions and 159 deletions.
diff --git a/src/app/api/files/read/route.ts b/src/app/api/files/read/route.ts
@@ -1,68 +1,98 @@
 import { api } from "../../../../../convex/_generated/api";
 import { ConvexHttpClient } from "convex/browser";
 import { Id } from "../../../../../convex/_generated/dataModel";
+import { AuthMiddleware } from "@/Middleware/AuthMiddleware";
+import { NextResponse } from "next/server";
+import FileModel from "@/models/file";
+import { ApiUser } from "@/types/types";
+import { mongoDB } from "@/lib/MongoDB";
 
-// Give user read access
-export const POST = async (req: Request) => {
-  try {
-    const { teamId, email, memberEmail, readBy, fileId } = await req.json();
 
-    if (!teamId || !memberEmail || !email || !fileId)
-      return new Response("Parameters missing!!", { status: 401 });
+// Remove read access from the user
+export async function PUT(
+  request: Request
+) {
 
-    const client = new ConvexHttpClient(process.env.NEXT_PUBLIC_CONVEX_URL!);
+  const result = await AuthMiddleware(request);
 
-    const teamInfo = await client.query(api.teams.getTeamById, { _id: teamId as Id<"teams">});
-
-    if (!teamInfo.teamMembers.includes(memberEmail)) {
-      return new Response("User is not member of the team", { status: 400 });
-    }
-
-    if (teamInfo.createdBy !== email) {
-      return new Response("Only owner can make changes!!", { status: 400 });
-    }
-
-    readBy.push(memberEmail);
+  if (result instanceof NextResponse) {
 
-    await client.mutation(api.files.updateRead, { _id: fileId as Id<"files">, readBy:readBy });
+    try {
+      await mongoDB();
 
-    return new Response("Changed to Public!!", { status: 200 });
-  } catch (err) {
+      const { userId, fileId } = await request.json();
 
-    return new Response(`Error: ${err}`, {status:500})
+      if (!userId || !fileId) {
+        return NextResponse.json(`Access Denied!!`, { status: 404 });
+      }
 
-  }
-};
-
-// Remove read access from the user
-export const PUT = async (req: Request) => {
-  try {
-    const { teamId, email, memberEmail, readBy, fileId } = await req.json();
+      const user: ApiUser = JSON.parse(request.headers.get("user") || "{}");
 
-    if (!teamId || !memberEmail || !email || !fileId)
-      return new Response("Parameters missing!!", { status: 401 });
+      const file = await FileModel.findById({ _id: fileId });
 
-    const client = new ConvexHttpClient(process.env.NEXT_PUBLIC_CONVEX_URL!);
+      if(file.createdBy == userId){
+        return NextResponse.json(`Operation not possible!`, { status: 401 });
+      }
 
-    const teamInfo = await client.query(api.teams.getTeamById, { _id: teamId });
+      if (file.createdBy != user._id) {
+        return NextResponse.json(`Access Denied!!`, { status: 401 });
+      }
 
-    if (!teamInfo.teamMembers.includes(memberEmail)) {
-      return new Response("User is not member of the team", { status: 400 });
-    }
+      await FileModel.updateOne(
+        { _id: fileId },
+        { $pull: { readBy: userId } }
+      );
 
-    if (teamInfo.createdBy !== email) {
-      return new Response("Only owner can make changes!!", { status: 400 });
+      return NextResponse.json('Read access removed!', { status: 200 });
+    } catch (err) {
+      return NextResponse.json(`Err : ${err}`, { status: 500 });
     }
+  } else {
+    return result;
+  }
+}
 
-    const updatedReadBy = Array.isArray(readBy)
-      ? readBy.filter(writer => writer !== memberEmail)
-      : [];
-
-    await client.mutation(api.files.updateRead, { _id: fileId, readBy:updatedReadBy });
-
-    return new Response("Changed to Public!!", { status: 200 });
-  } catch (err) {
-    return new Response(`Error: ${err}`, {status:500})
 
-  }
-};
+// Give user read access
+export async function POST(
+  request: Request
+) {
+
+  const result = await AuthMiddleware(request);
+
+    if (result instanceof NextResponse) {
+
+        try {
+            await mongoDB();
+
+            const {userId, fileId} = await request.json()
+
+            if(!userId || !fileId){
+                return NextResponse.json(`Access Denied!!`, {status:404});
+            }
+
+            const user: ApiUser = JSON.parse(request.headers.get("user") || "{}");
+
+            const file1 = await FileModel.findById({_id:fileId});
+
+            if(file1.createdBy == userId){
+              return NextResponse.json(`Operation not possible!`, { status: 401 });
+            }
+
+            if(file1.createdBy != user._id){
+                return NextResponse.json(`Owner can only change team settings!!`, {status:401});
+            }
+
+            await FileModel.updateOne(
+              { _id: fileId },
+              { $push: { readBy: userId } }
+            );
+
+            return NextResponse.json('Read access granted!',{status:200});
+        } catch (err) {
+            return NextResponse.json(`Err : ${err}`, {status:500});
+        }
+    } else {
+      return result;
+    }
+}
diff --git a/src/app/api/files/write/route.ts b/src/app/api/files/write/route.ts
@@ -1,73 +1,98 @@
 import { api } from "../../../../../convex/_generated/api";
 import { ConvexHttpClient } from "convex/browser";
 import { Id } from "../../../../../convex/_generated/dataModel";
+import { AuthMiddleware } from "@/Middleware/AuthMiddleware";
+import { NextResponse } from "next/server";
+import FileModel from "@/models/file";
+import { ApiUser } from "@/types/types";
+import { mongoDB } from "@/lib/MongoDB";
 
-// Give write read access
-export const POST = async (req: Request) => {
-  try {
-    const { teamId, email, memberEmail, writtenBy, readBy, fileId } = await req.json();
 
-    if (!teamId || !memberEmail || !email || !fileId || !writtenBy || !readBy)
-      return new Response("Parameters missing!!", { status: 401 });
+// Remove read access from the user
+export async function PUT(
+  request: Request
+) {
 
-    const client = new ConvexHttpClient(process.env.NEXT_PUBLIC_CONVEX_URL!);
+  const result = await AuthMiddleware(request);
 
-    const teamInfo = await client.query(api.teams.getTeamById, { _id: teamId as Id<"teams">});
-
-    if (!teamInfo.teamMembers.includes(memberEmail)) {
-      return new Response("User is not member of the team", { status: 400 });
-    }
-
-    if (teamInfo.createdBy !== email) {
-      return new Response("Only owner can make changes!!", { status: 400 });
-    }
-
-    if(!readBy.includes(memberEmail)){
-      readBy.push(memberEmail)
-    }
-
-    writtenBy.push(memberEmail);
-
-    await client.mutation(api.files.updateRead, { _id: fileId as Id<"files">, readBy:readBy });
-    await client.mutation(api.files.updateWrite, { _id: fileId as Id<"files">, writtenBy:writtenBy });
+  if (result instanceof NextResponse) {
 
-    return new Response("Read Access given!!", { status: 200 });
-  } catch (err) {
+    try {
+      await mongoDB();
 
-    return new Response(`Error: ${err}`, {status:500})
+      const { userId, fileId } = await request.json();
 
-  }
-};
+      if (!userId || !fileId) {
+        return NextResponse.json(`Access Denied!!`, { status: 404 });
+      }
 
+      const user: ApiUser = JSON.parse(request.headers.get("user") || "{}");
 
-// Remove write access from the user
-export const PUT = async (req: Request) => {
-  try {
-    const { teamId, email, memberEmail, writtenBy, fileId } = await req.json();
+      const file = await FileModel.findById({ _id: fileId });
 
-    if (!teamId || !memberEmail || !email || !fileId || !writtenBy)
-      return new Response("Parameters missing!!", { status: 401 });
+      if(file.createdBy == userId){
+        return NextResponse.json(`Operation not possible!`, { status: 401 });
+      }
 
-    const client = new ConvexHttpClient(process.env.NEXT_PUBLIC_CONVEX_URL!);
+      if (file.createdBy != user._id) {
+        return NextResponse.json(`Access Denied!!`, { status: 401 });
+      }
 
-    const teamInfo = await client.query(api.teams.getTeamById, { _id: teamId });
+      await FileModel.updateOne(
+        { _id: fileId },
+        { $pull: { writtenBy: userId } }
+      );
 
-    if (!teamInfo.teamMembers.includes(memberEmail)) {
-      return new Response("User is not member of the team", { status: 400 });
+      return NextResponse.json('Read access removed!', { status: 200 });
+    } catch (err) {
+      return NextResponse.json(`Err : ${err}`, { status: 500 });
     }
-
-    if (teamInfo.createdBy !== email) {
-      return new Response("Only owner can make changes!!", { status: 400 });
-    }
-
-    const updatedWrittenBy = Array.isArray(writtenBy)
-    ? writtenBy.filter(writer => writer !== memberEmail)
-    : [];
-
-    await client.mutation(api.files.updateWrite, { _id: fileId, writtenBy:updatedWrittenBy });
-
-    return new Response("Read access removed!!", { status: 200 });
-  } catch (err) {
-    console.log(err);
+  } else {
+    return result;
   }
-};
+}
+
+
+// Give user read access
+export async function POST(
+  request: Request
+) {
+
+  const result = await AuthMiddleware(request);
+
+    if (result instanceof NextResponse) {
+
+        try {
+            await mongoDB();
+
+            const {userId, fileId} = await request.json()
+
+            if(!userId || !fileId){
+                return NextResponse.json(`Access Denied!!`, {status:404});
+            }
+
+            const user: ApiUser = JSON.parse(request.headers.get("user") || "{}");
+
+            const file1 = await FileModel.findById({_id:fileId});
+
+            if(file1.createdBy == userId){
+              return NextResponse.json(`Operation not possible!`, { status: 401 });
+            }
+
+            if(file1.createdBy != user._id){
+                return NextResponse.json(`Owner can only change team settings!!`, {status:401});
+            }
+
+            await FileModel.updateOne(
+              { _id: fileId },
+              { $push: { writtenBy: userId } }
+            );
+
+            return NextResponse.json('Read access granted!',{status:200});
+        } catch (err) {
+            return NextResponse.json(`Err : ${err}`, {status:500});
+        }
+    } else {
+      return result;
+    }
+}
diff --git a/src/app/teams/settings/_components/FileList.tsx b/src/app/teams/settings/_components/FileList.tsx
@@ -52,13 +52,11 @@ const FileRow = ({
     <td className="flex gap-2 whitespace-nowrap px-4 py-2 text-muted-foreground">
       <ReadAccessModal
         setIsUpdated={setIsUpdated}
-        teamId={teamId}
         focusedUser={user}
         file={file}
       />
       <WriteAccessModal
         setIsUpdated={setIsUpdated}
-        teamId={teamId}
         file={file}
         focusedUser={user}
       />
@@ -199,13 +197,11 @@ function FileList({
                   <div className="flex gap-2">
                     <ReadAccessModal
                       setIsUpdated={setIsUpdated}
-                      teamId={teamId}
                       file={file}
                       focusedUser={user}
                     />
                     <WriteAccessModal
                       setIsUpdated={setIsUpdated}
-                      teamId={teamId}
                       file={file}
                       focusedUser={user}
                     />