diff --git a/functions/api/inactivity/[id].ts b/functions/api/inactivity/[id].ts index ea46149..9d88ebd 100644 --- a/functions/api/inactivity/[id].ts +++ b/functions/api/inactivity/[id].ts @@ -1,19 +1,30 @@ +import validateInactivityNotice from "./validate.js"; + +function jsonResponse(body: string, status = 200): Response { + return new Response(body, { + headers: { + "content-type": "application/json", + }, + status, + }); +} + export async function onRequestDelete(context: RequestContext) { const kvResult = await context.env.DATA.get( `inactivity_${context.params.id}`, ); + if (!kvResult) + return jsonResponse('{"error":"No inactivity notice with that ID"}', 404); + if ( - !kvResult || - (JSON.parse(kvResult).user.id !== context.data.current_user.id && - !(context.data.current_user.permissions & (1 << 0))) + JSON.parse(kvResult).user.id !== context.data.current_user.id && + !(context.data.current_user.permissions & (1 << 0)) ) - return new Response('{"error":"No inactivity notice with that ID"}', { - headers: { - "content-type": "application/json", - }, - status: 404, - }); + return jsonResponse( + '{"error":"You do not have permission to delete this inactivity notice"}', + 403, + ); await context.env.DATA.delete(`inactivity_${context.params.id}`); await context.env.D1.prepare("DELETE FROM inactivity_notices WHERE id = ?;") @@ -24,3 +35,53 @@ export async function onRequestDelete(context: RequestContext) { status: 204, }); } + +export async function onRequestPut(context: RequestContext) { + const kvResult: InactivityNoticeProps | null = await context.env.DATA.get( + `inactivity_${context.params.id}`, + { type: "json" }, + ); + + if (!kvResult) + return jsonResponse('{"error":"No inactivity notice with that ID"}', 404); + + if (kvResult.user.id !== context.data.current_user.id) + return jsonResponse( + '{"error":"You do not have permission to modify this inactivity notice"}', + 403, + ); + + const d1entry = await context.env.D1.prepare( + "SELECT open FROM inactivity_notices WHERE id = ?;", + ) + .bind(context.params.id) + .run(); + + if (!Boolean(d1entry.results.at(0)?.open)) + return jsonResponse("Cannot modify a closed inactivity notice", 403); + + const { departments, end, reason, start } = context.data.body; + + const validationFailureResponse = validateInactivityNotice( + departments, + end, + reason, + start, + context.data.departments, + ); + + if (validationFailureResponse) return validationFailureResponse; + + kvResult.departments = departments; + kvResult.end = end; + kvResult.reason = reason; + kvResult.start = start; + + await context.env.DATA.put( + `inactivity_${context.params.id}`, + JSON.stringify(kvResult), + { + expirationTtl: 63072000, + }, + ); +}