-
Andri Joos authoredfe588b71
calendar_event_api_endpoint.dart 1.85 KiB
import 'package:api/requesting_user/requesting_user_details.dart';
import 'package:lib/lib.dart';
import 'package:api/calendar_event/calendar_event.dart';
class CalendarEventApiEndpoint extends DbApiEndpoint<CalendarEvent, CalendarEvent> {
final RequestingUserDetails requestingUser;
CalendarEventApiEndpoint({
required super.database,
required super.itemFromRequest,
required super.itemToResponse,
required this.requestingUser,
});
@override
Future<CalendarEvent> create(CalendarEvent item) {
if (!requestingUser.teamIds.contains(item.teamId)){
throw UnauthorizedException();
}
if (requestingUser.userId != item.userId) {
throw UnauthorizedException();
}
return super.create(item);
}
@override
Future<CalendarEvent> getFromId(String id) async {
var item = await super.getFromId(id);
if(requestingUser.userId != item.userId) {
throw UnauthorizedException();
}
return item;
}
@override
Stream<CalendarEvent> getFromQueries(Iterable<String> queries) async* {
await for(var queryResult in super.getFromQueries(queries)) {
if (requestingUser.userId == queryResult.userId) {
yield queryResult;
}
}
}
@override
Stream<CalendarEvent> getAll() async* {
await for(var item in super.getAll()) {
if(requestingUser.userId == item.userId) {
yield item;
}
}
}
@override
Future<CalendarEvent> update(CalendarEvent item) async {
var routeId = item.id;
if (routeId == null) {
throw RequiredArgumentMissing(RequestResponseVariables.idFieldName);
}
if (requestingUser.userId != item.userId) {
throw UnauthorizedException();
}
var dbItem = await getFromId(item.id!);
if (requestingUser.userId != dbItem.userId) {
throw UnauthorizedException();