120 lines
3.3 KiB
TypeScript
120 lines
3.3 KiB
TypeScript
import { jsonError } from "../../../common.js";
|
|
|
|
export async function onRequestDelete(context: RequestContext) {
|
|
const eventId = context.params.id as string;
|
|
const eventData:
|
|
| ({
|
|
[k: string]: number;
|
|
} & { created_by: string })
|
|
| null = await context.env.D1.prepare(
|
|
"SELECT created_by, day, month, year FROM events WHERE id = ?;",
|
|
)
|
|
.bind(eventId)
|
|
.first();
|
|
|
|
if (!eventData) return jsonError("No event exists with that ID", 404);
|
|
|
|
const { current_user: currentUser } = context.data;
|
|
const isETM = [1 << 4, 1 << 12].find((int) => currentUser.permissions & int);
|
|
|
|
if (eventData.created_by !== currentUser.id && !isETM)
|
|
return jsonError("You are not authorized to delete that event", 403);
|
|
|
|
const now = new Date();
|
|
now.setUTCHours(0, 0, 0, 0);
|
|
|
|
const eventDate = new Date(
|
|
eventData.year,
|
|
eventData.month - 1,
|
|
eventData.day,
|
|
);
|
|
|
|
if (!isETM && now.getTime() <= eventDate.getTime())
|
|
return jsonError(
|
|
"Event cannot be deleted on or after the scheduled date",
|
|
403,
|
|
);
|
|
|
|
await context.env.D1.prepare("DELETE FROM events WHERE id = ?;")
|
|
.bind(eventId)
|
|
.run();
|
|
|
|
return new Response(null, {
|
|
status: 204,
|
|
});
|
|
}
|
|
|
|
export async function onRequestPatch(context: RequestContext) {
|
|
const eventId = context.params.id as string;
|
|
const { body } = context.data;
|
|
const eventData: Record<string, number | string> | null =
|
|
await context.env.D1.prepare(
|
|
"SELECT answer, created_by, day, details, month, year FROM events WHERE id = ?;",
|
|
)
|
|
.bind(eventId)
|
|
.first();
|
|
|
|
if (!eventData) return jsonError("No event exists with that ID", 404);
|
|
|
|
const { current_user: currentUser } = context.data;
|
|
|
|
if (
|
|
eventData.created_by !== currentUser.id &&
|
|
![1 << 4, 1 << 12].find((int) => currentUser.permissions & int)
|
|
)
|
|
return jsonError("You are not authorized to modify this event", 403);
|
|
|
|
eventData.answer &&= body.answer;
|
|
eventData.details &&= body.details;
|
|
|
|
await context.env.D1.prepare(
|
|
"UPDATE events SET answer = ?, approved = 0, day = ?, details = ?, pending = 1 WHERE id = ?;",
|
|
)
|
|
.bind(eventData.answer, eventData.day, eventData.details, eventId)
|
|
.run();
|
|
|
|
await fetch(context.env.EVENTS_WEBHOOK, {
|
|
body: JSON.stringify({
|
|
embeds: [
|
|
{
|
|
title: "Event Modified",
|
|
color: 3756250,
|
|
description: `${context.data.current_user.username} updated their ${(eventData.type as string).toUpperCase()} for ${eventData.year}-${eventData.month.toString().padStart(2, "0")}-${eventData.day.toString().padStart(2, "0")}`,
|
|
},
|
|
],
|
|
}),
|
|
headers: {
|
|
"content-type": "application/json",
|
|
},
|
|
method: "POST",
|
|
});
|
|
|
|
return new Response(null, {
|
|
status: 204,
|
|
});
|
|
}
|
|
|
|
export async function onRequestPost(context: RequestContext) {
|
|
const eventId = context.params.id as string;
|
|
const eventData = await context.env.D1.prepare(
|
|
"SELECT approved, performed_at FROM events WHERE id = ?;",
|
|
)
|
|
.bind(eventId)
|
|
.first();
|
|
|
|
if (!eventData) return jsonError("No event exists with that ID", 404);
|
|
|
|
if (!eventData.approved)
|
|
return jsonError("Cannot perform unapproved event", 403);
|
|
|
|
await context.env.D1.prepare(
|
|
"UPDATE events SET performed_at = ? WHERE id = ?;",
|
|
)
|
|
.bind(Date.now(), eventId)
|
|
.run();
|
|
|
|
return new Response(null, {
|
|
status: 204,
|
|
});
|
|
}
|