From eabad3166b2bc35fbbe4aa0083fba7e18e9fcda7 Mon Sep 17 00:00:00 2001 From: BuddyWinte Date: Tue, 14 Jul 2026 07:58:35 -0500 Subject: [PATCH] Delete pages/api/workspace/[id]/forms directory --- pages/api/workspace/[id]/forms/helpers.ts | 49 --------------- pages/api/workspace/[id]/forms/index.ts | 73 ----------------------- 2 files changed, 122 deletions(-) delete mode 100644 pages/api/workspace/[id]/forms/helpers.ts delete mode 100644 pages/api/workspace/[id]/forms/index.ts diff --git a/pages/api/workspace/[id]/forms/helpers.ts b/pages/api/workspace/[id]/forms/helpers.ts deleted file mode 100644 index 58cda7c6..00000000 --- a/pages/api/workspace/[id]/forms/helpers.ts +++ /dev/null @@ -1,49 +0,0 @@ -/** - * Orbit Forms - * Licensed under GPL-3.0 (see LICENSE for details) - * - * Helpers to make life easier in the other scripts - * - * @author BuddyWinte - * @since 2.1.10-beta20 - */ - -type Permission = string; -interface Role { - permissions: Permission[]; -} -interface UserWithRoles { - roles: Role[]; -} - -/** - * Checks if a user has a given permission. - * - * Supports: - * - Exact matches: "Form.View" - * - Wildcards: "Form.*" - * - * @returns true if the user has permissions - * @returns false if the user doesn't have permissions - * @readonly - */ -export function hasPerms( - user: UserWithRoles, - permission: string -): boolean { - if (!user?.roles?.length) return false; - for (const role of user.roles) { - if (!role?.permissions?.length) continue; - for (const perm of role.permissions) { - if (perm === permission) return true; - if (perm.endsWith(".*")) { - const prefix = perm.slice(0,-2); - if (permission.startsWith(prefix + ".")) { - return true; - } - } - } - } - - return false; -} \ No newline at end of file diff --git a/pages/api/workspace/[id]/forms/index.ts b/pages/api/workspace/[id]/forms/index.ts deleted file mode 100644 index 3c21c65a..00000000 --- a/pages/api/workspace/[id]/forms/index.ts +++ /dev/null @@ -1,73 +0,0 @@ -import type { NextApiRequest, NextApiResponse } from "next"; -import prisma from "@/utils/database"; -type Data = { - success: boolean; - error?: string; - forms?: unknown[]; -}; -import { withAuth, AuthenticatedRequest } from "@/lib/withAuth"; -import { hasPerms } from "./helpers"; - -export default withAuth(handler); - -// GET /api/workspace/[id]/forms - Returns a list of forms a specific user can see -// POST /api/workspace/[id]/forms - Create a new form -export async function handler( - req: AuthenticatedRequest, - res: NextApiResponse, -) { - const user = await prisma.user.findUnique({ - where: { - userid: req.auth.userId, - }, - include: { - roles: { - select: { - id: true, - name: true, - permissions: true, - }, - }, - workspaceMemberships: { - where: { - workspaceGroupId: Number(req.query.id), - }, - include: { - workspace: true, - }, - }, - }, - }); - - if (!user) { - return res.status(404).json({ - success: false, - error: "User not found", - }); - } - - if (req.method === "GET") { - if (!hasPerms(user, "Form.View")) { - return res.status(403).json({ - success: false, - error: "Missing permission: Form.View", - }); - } - - const forms = await prisma.form.findMany({ - where: { - workspaceGroupId: workspaceId, - }, - }); - - return res.status(200).json({ - success: true, - forms, - }); - } - - return res.status(405).json({ - success: false, - error: "Method Not Allowed" - }) -}