Merge pull request #504 from Sid-80/feat/503

Feat/503

src/app/api/files/get/[id]/route.ts

@@ -20,7 +20,7 @@ export async function GET(
 
               await mongoDB();
 
-              const files = await FileModel.find({teamId:id}).populate("createdBy")
+              const files = await FileModel.find({teamId:id}).populate("createdBy");
 
               return NextResponse.json(files,{ status: 200 });
           } catch (err) {

src/app/api/files/read/route.ts

@@ -1,68 +1,98 @@
 import { api } from "../../../../../convex/_generated/api";
 import { ConvexHttpClient } from "convex/browser";
 import { Id } from "../../../../../convex/_generated/dataModel";
+import { AuthMiddleware } from "@/Middleware/AuthMiddleware";
+import { NextResponse } from "next/server";
+import FileModel from "@/models/file";
+import { ApiUser } from "@/types/types";
+import { mongoDB } from "@/lib/MongoDB";
 
-// Give user read access
-export const POST = async (req: Request) => {
-  try {
-    const { teamId, email, memberEmail, readBy, fileId } = await req.json();
 
-    if (!teamId || !memberEmail || !email || !fileId)
-      return new Response("Parameters missing!!", { status: 401 });
+// Remove read access from the user
+export async function PUT(
+  request: Request
+) {
 
-    const client = new ConvexHttpClient(process.env.NEXT_PUBLIC_CONVEX_URL!);
+  const result = await AuthMiddleware(request);
 
-    const teamInfo = await client.query(api.teams.getTeamById, { _id: teamId as Id<"teams">});
-
-    if (!teamInfo.teamMembers.includes(memberEmail)) {
-      return new Response("User is not member of the team", { status: 400 });
-    }
-
-    if (teamInfo.createdBy !== email) {
-      return new Response("Only owner can make changes!!", { status: 400 });
-    }
-
-    readBy.push(memberEmail);
+  if (result instanceof NextResponse) {
 
-    await client.mutation(api.files.updateRead, { _id: fileId as Id<"files">, readBy:readBy });
+    try {
+      await mongoDB();
 
-    return new Response("Changed to Public!!", { status: 200 });
-  } catch (err) {
+      const { userId, fileId } = await request.json();
 
-    return new Response(`Error: ${err}`, {status:500})
+      if (!userId || !fileId) {
+        return NextResponse.json(`Access Denied!!`, { status: 404 });
+      }
 
-  }
-};
-
-// Remove read access from the user
-export const PUT = async (req: Request) => {
-  try {
-    const { teamId, email, memberEmail, readBy, fileId } = await req.json();
+      const user: ApiUser = JSON.parse(request.headers.get("user") || "{}");
 
-    if (!teamId || !memberEmail || !email || !fileId)
-      return new Response("Parameters missing!!", { status: 401 });
+      const file = await FileModel.findById({ _id: fileId });
 
-    const client = new ConvexHttpClient(process.env.NEXT_PUBLIC_CONVEX_URL!);
+      if(file.createdBy == userId){
+        return NextResponse.json(`Operation not possible!`, { status: 401 });
+      }
 
-    const teamInfo = await client.query(api.teams.getTeamById, { _id: teamId });
+      if (file.createdBy != user._id) {
+        return NextResponse.json(`Access Denied!!`, { status: 401 });
+      }
 
-    if (!teamInfo.teamMembers.includes(memberEmail)) {
-      return new Response("User is not member of the team", { status: 400 });
-    }
+      await FileModel.updateOne(
+        { _id: fileId },
+        { $pull: { readBy: userId } }
+      );
 
-    if (teamInfo.createdBy !== email) {
-      return new Response("Only owner can make changes!!", { status: 400 });
+      return NextResponse.json('Read access removed!', { status: 200 });
+    } catch (err) {
+      return NextResponse.json(`Err : ${err}`, { status: 500 });
     }
+  } else {
+    return result;
+  }
+}
 
-    const updatedReadBy = Array.isArray(readBy)
-      ? readBy.filter(writer => writer !== memberEmail)
-      : [];
-
-    await client.mutation(api.files.updateRead, { _id: fileId, readBy:updatedReadBy });
-
-    return new Response("Changed to Public!!", { status: 200 });
-  } catch (err) {
-    return new Response(`Error: ${err}`, {status:500})
 
-  }
-};
+// Give user read access
+export async function POST(
+  request: Request
+) {
+
+  const result = await AuthMiddleware(request);
+
+    if (result instanceof NextResponse) {
+
+        try {
+            await mongoDB();
+
+            const {userId, fileId} = await request.json()
+
+            if(!userId || !fileId){
+                return NextResponse.json(`Access Denied!!`, {status:404});
+            }
+
+            const user: ApiUser = JSON.parse(request.headers.get("user") || "{}");
+
+            const file1 = await FileModel.findById({_id:fileId});
+
+            if(file1.createdBy == userId){
+              return NextResponse.json(`Operation not possible!`, { status: 401 });
+            }
+
+            if(file1.createdBy != user._id){
+                return NextResponse.json(`Owner can only change team settings!!`, {status:401});
+            }
+
+            await FileModel.updateOne(
+              { _id: fileId },
+              { $push: { readBy: userId } }
+            );
+
+            return NextResponse.json('Read access granted!',{status:200});
+        } catch (err) {
+            return NextResponse.json(`Err : ${err}`, {status:500});
+        }
+    } else {
+      return result;
+    }
+}

src/app/api/files/write/route.ts

@@ -1,73 +1,98 @@
 import { api } from "../../../../../convex/_generated/api";
 import { ConvexHttpClient } from "convex/browser";
 import { Id } from "../../../../../convex/_generated/dataModel";
+import { AuthMiddleware } from "@/Middleware/AuthMiddleware";
+import { NextResponse } from "next/server";
+import FileModel from "@/models/file";
+import { ApiUser } from "@/types/types";
+import { mongoDB } from "@/lib/MongoDB";
 
-// Give write read access
-export const POST = async (req: Request) => {
-  try {
-    const { teamId, email, memberEmail, writtenBy, readBy, fileId } = await req.json();
 
-    if (!teamId || !memberEmail || !email || !fileId || !writtenBy || !readBy)
-      return new Response("Parameters missing!!", { status: 401 });
+// Remove read access from the user
+export async function PUT(
+  request: Request
+) {
 
-    const client = new ConvexHttpClient(process.env.NEXT_PUBLIC_CONVEX_URL!);
+  const result = await AuthMiddleware(request);
 
-    const teamInfo = await client.query(api.teams.getTeamById, { _id: teamId as Id<"teams">});
-
-    if (!teamInfo.teamMembers.includes(memberEmail)) {
-      return new Response("User is not member of the team", { status: 400 });
-    }
-
-    if (teamInfo.createdBy !== email) {
-      return new Response("Only owner can make changes!!", { status: 400 });
-    }
-
-    if(!readBy.includes(memberEmail)){
-      readBy.push(memberEmail)
-    }
-
-    writtenBy.push(memberEmail);
-
-    await client.mutation(api.files.updateRead, { _id: fileId as Id<"files">, readBy:readBy });
-    await client.mutation(api.files.updateWrite, { _id: fileId as Id<"files">, writtenBy:writtenBy });
+  if (result instanceof NextResponse) {
 
-    return new Response("Read Access given!!", { status: 200 });
-  } catch (err) {
+    try {
+      await mongoDB();
 
-    return new Response(`Error: ${err}`, {status:500})
+      const { userId, fileId } = await request.json();
 
-  }
-};
+      if (!userId || !fileId) {
+        return NextResponse.json(`Access Denied!!`, { status: 404 });
+      }
 
+      const user: ApiUser = JSON.parse(request.headers.get("user") || "{}");
 
-// Remove write access from the user
-export const PUT = async (req: Request) => {
-  try {
-    const { teamId, email, memberEmail, writtenBy, fileId } = await req.json();
+      const file = await FileModel.findById({ _id: fileId });
 
-    if (!teamId || !memberEmail || !email || !fileId || !writtenBy)
-      return new Response("Parameters missing!!", { status: 401 });
+      if(file.createdBy == userId){
+        return NextResponse.json(`Operation not possible!`, { status: 401 });
+      }
 
-    const client = new ConvexHttpClient(process.env.NEXT_PUBLIC_CONVEX_URL!);
+      if (file.createdBy != user._id) {
+        return NextResponse.json(`Access Denied!!`, { status: 401 });
+      }
 
-    const teamInfo = await client.query(api.teams.getTeamById, { _id: teamId });
+      await FileModel.updateOne(
+        { _id: fileId },
+        { $pull: { writtenBy: userId } }
+      );
 
-    if (!teamInfo.teamMembers.includes(memberEmail)) {
-      return new Response("User is not member of the team", { status: 400 });
+      return NextResponse.json('Read access removed!', { status: 200 });
+    } catch (err) {
+      return NextResponse.json(`Err : ${err}`, { status: 500 });
     }
-
-    if (teamInfo.createdBy !== email) {
-      return new Response("Only owner can make changes!!", { status: 400 });
-    }
-
-    const updatedWrittenBy = Array.isArray(writtenBy)
-    ? writtenBy.filter(writer => writer !== memberEmail)
-    : [];
-
-    await client.mutation(api.files.updateWrite, { _id: fileId, writtenBy:updatedWrittenBy });
-
-    return new Response("Read access removed!!", { status: 200 });
-  } catch (err) {
-    console.log(err);
+  } else {
+    return result;
   }
-};
+}
+
+
+// Give user read access
+export async function POST(
+  request: Request
+) {
+
+  const result = await AuthMiddleware(request);
+
+    if (result instanceof NextResponse) {
+
+        try {
+            await mongoDB();
+
+            const {userId, fileId} = await request.json()
+
+            if(!userId || !fileId){
+                return NextResponse.json(`Access Denied!!`, {status:404});
+            }
+
+            const user: ApiUser = JSON.parse(request.headers.get("user") || "{}");
+
+            const file1 = await FileModel.findById({_id:fileId});
+
+            if(file1.createdBy == userId){
+              return NextResponse.json(`Operation not possible!`, { status: 401 });
+            }
+
+            if(file1.createdBy != user._id){
+                return NextResponse.json(`Owner can only change team settings!!`, {status:401});
+            }
+
+            await FileModel.updateOne(
+              { _id: fileId },
+              { $push: { writtenBy: userId } }
+            );
+
+            return NextResponse.json('Read access granted!',{status:200});
+        } catch (err) {
+            return NextResponse.json(`Err : ${err}`, {status:500});
+        }
+    } else {
+      return result;
+    }
+}

src/app/api/teams/getTeamById/[id]/route.ts

@@ -14,8 +14,7 @@ export async function GET(
 
     await mongoDB();
 
-    const teams = await TeamModel.findById({ _id: id }).populate("createdBy");
-
+    const teams = await TeamModel.findById({ _id: id }).populate("createdBy").populate("files");
 
     return NextResponse.json(teams, { status: 200 });
   } catch (err) {

src/app/dashboard/_components/SideNavBottomSection.tsx

@@ -83,8 +83,7 @@ function SideNavBottomSection({getFiles, totalFiles, activeTeam }: any) {
   const [fileList, setFileList] = useState<any>([]);
   const [fileInput, setFileInput] = useState<string>("");
   const [error, setError] = useState<string>("");
-
-  const email = ((state:RootState) => state.auth.user.email)
+
   const user = useSelector((state:RootState)=>state.auth.user);
   const axiosInstance = createAxiosInstance(user.accessToken);
   const [filePrivate,setFileprivate] = useState(false);
@@ -132,6 +131,7 @@ function SideNavBottomSection({getFiles, totalFiles, activeTeam }: any) {
       console.log(err)
     }
   }
+  console.log(activeTeam)
 
   return (
     <div>
@@ -148,7 +148,7 @@ function SideNavBottomSection({getFiles, totalFiles, activeTeam }: any) {
         </Link>
       ))}
 
-      {email === activeTeam?.createdBy && <Link href={`/teams/settings/${activeTeam?._id}`}>
+      {activeTeam && user.id === activeTeam.createdBy && <Link href={`/teams/settings/${activeTeam?._id}`}>
         <h2
           className={`flex gap-2 p-1 ${
             pathname == `/dashboard/team` ? "bg-muted" : ""