From 371425ab60ee19b723a0dda43d4cb3b9924d7d5c Mon Sep 17 00:00:00 2001
From: Brian Cao <brianbcao@gmail.com>
Date: Mon, 21 Nov 2022 11:39:59 -0800
Subject: [PATCH 1/3] Fix error when updating website.

---
 pages/api/websites/[id]/index.ts | 2 +-
 tsconfig.json                    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pages/api/websites/[id]/index.ts b/pages/api/websites/[id]/index.ts
index f26313c4..7b634e13 100644
--- a/pages/api/websites/[id]/index.ts
+++ b/pages/api/websites/[id]/index.ts
@@ -41,7 +41,7 @@ export default async (
   if (req.method === 'POST') {
     const { ...data } = req.body;
 
-    if (!data.userId && !data.teamId) {
+    if (data.userId && data.userId === null && data.teamId && data.teamId === null) {
       badRequest(res, 'A website must be assigned to a User or Team.');
     }
 
diff --git a/tsconfig.json b/tsconfig.json
index cbb5413f..b022d603 100644
--- a/tsconfig.json
+++ b/tsconfig.json
@@ -23,6 +23,6 @@
     "noEmit": true,
     "jsx": "preserve"
   },
-  "include": ["next-env.d.ts", "**/*.ts", "**/*.tsx", "queries/admin/website/getAllWebsites.ts"],
+  "include": ["next-env.d.ts", "**/*.ts", "**/*.tsx"],
   "exclude": ["node_modules"]
 }

From d60ad1c78206d4d965b185f53b13d7a1e7af35d3 Mon Sep 17 00:00:00 2001
From: Brian Cao <brianbcao@gmail.com>
Date: Mon, 21 Nov 2022 16:44:42 -0800
Subject: [PATCH 2/3] Fix isAdmin check.  Fix Schema.

---
 db/postgresql/schema.prisma  | 10 ++++------
 pages/api/teams/[id]/user.ts | 12 +++++++++---
 pages/api/users/[id]/role.ts |  8 --------
 pages/api/websites/index.ts  |  6 +++++-
 4 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/db/postgresql/schema.prisma b/db/postgresql/schema.prisma
index d47b9d55..962d9a15 100644
--- a/db/postgresql/schema.prisma
+++ b/db/postgresql/schema.prisma
@@ -18,8 +18,7 @@ model User {
   groupUser GroupUser[]
   userRole  UserRole[]
   teamUser  TeamUser[]
-  Website   Website?    @relation(fields: [websiteId], references: [id])
-  websiteId String?     @db.Uuid
+  Website   Website[]
 
   @@map("user")
 }
@@ -52,8 +51,8 @@ model Website {
   createdAt DateTime? @default(now()) @map("created_at") @db.Timestamptz(6)
   isDeleted Boolean   @default(false) @map("is_deleted")
 
-  team Team[]
-  user User[]
+  team Team? @relation(fields: [teamId], references: [id])
+  user User? @relation(fields: [userId], references: [id])
 
   @@index([createdAt])
   @@index([shareId])
@@ -183,8 +182,7 @@ model Team {
 
   teamUsers TeamUser[]
   UserRole  UserRole[]
-  Website   Website?   @relation(fields: [websiteId], references: [id])
-  websiteId String?    @db.Uuid
+  Website   Website[]
 
   @@map("team")
 }
diff --git a/pages/api/teams/[id]/user.ts b/pages/api/teams/[id]/user.ts
index 529f0195..8a0bb98b 100644
--- a/pages/api/teams/[id]/user.ts
+++ b/pages/api/teams/[id]/user.ts
@@ -4,8 +4,8 @@ import { UmamiApi } from 'lib/constants';
 import { uuid } from 'lib/crypto';
 import { useAuth } from 'lib/middleware';
 import { NextApiResponse } from 'next';
-import { methodNotAllowed, ok, unauthorized } from 'next-basics';
-import { createTeamUser, deleteTeamUser, getUsersByTeamId } from 'queries';
+import { badRequest, methodNotAllowed, ok, unauthorized } from 'next-basics';
+import { createTeamUser, deleteTeamUser, getUsersByTeamId, getTeamUser } from 'queries';
 
 export interface TeamUserRequestQuery {
   id: string;
@@ -41,6 +41,13 @@ export default async (
 
     const { user_id: userId } = req.body;
 
+    // Check for TeamUser
+    const teamUser = getTeamUser({ userId, teamId });
+
+    if (!teamUser) {
+      return badRequest(res, 'The User already exists on this Team.');
+    }
+
     const updated = await createTeamUser({ id: uuid(), userId, teamId });
 
     return ok(res, updated);
@@ -50,7 +57,6 @@ export default async (
     if (!(await allowQuery(req, UmamiApi.AuthType.TeamOwner))) {
       return unauthorized(res, 'You must be the owner of this team.');
     }
-
     const { team_user_id } = req.body;
 
     await deleteTeamUser(team_user_id);
diff --git a/pages/api/users/[id]/role.ts b/pages/api/users/[id]/role.ts
index aab90ebd..fe3dcbd4 100644
--- a/pages/api/users/[id]/role.ts
+++ b/pages/api/users/[id]/role.ts
@@ -42,7 +42,6 @@ export default async (
   if (req.method === 'POST') {
     const { roleId, teamId } = req.body;
 
-    // Check when userRolename changes
     const userRole = getUserRole({ userId: id, roleId, teamId });
 
     if (userRole) {
@@ -57,13 +56,6 @@ export default async (
   if (req.method === 'DELETE') {
     const { userRoleId } = req.body;
 
-    // Check when userRolename changes
-    const userRole = getUserRole({ id: userRoleId });
-
-    if (userRole) {
-      return badRequest(res, 'Role already exists for User.');
-    }
-
     const updated = await deleteUserRole(userRoleId);
 
     return ok(res, updated);
diff --git a/pages/api/websites/index.ts b/pages/api/websites/index.ts
index 50469efb..85da6c10 100644
--- a/pages/api/websites/index.ts
+++ b/pages/api/websites/index.ts
@@ -5,6 +5,8 @@ import { useAuth, useCors } from 'lib/middleware';
 import { NextApiResponse } from 'next';
 import { methodNotAllowed, ok } from 'next-basics';
 import { createWebsite, getAllWebsites, getWebsitesByUserId } from 'queries';
+import { checkPermission } from 'lib/auth';
+import { UmamiApi } from 'lib/constants';
 
 export interface WebsitesRequestQuery {
   include_all?: boolean;
@@ -25,12 +27,14 @@ export default async (
   await useAuth(req, res);
 
   const {
-    user: { id: userId, isAdmin },
+    user: { id: userId },
   } = req.auth;
 
   if (req.method === 'GET') {
     const { include_all } = req.query;
 
+    const isAdmin = await checkPermission(req, UmamiApi.Permission.Admin);
+
     const websites =
       isAdmin && include_all ? await getAllWebsites() : await getWebsitesByUserId(userId);
 

From 3efd2a5b10585ecb9fc5396e9ccb1c6feed0896b Mon Sep 17 00:00:00 2001
From: Brian Cao <brianbcao@gmail.com>
Date: Mon, 21 Nov 2022 22:32:59 -0800
Subject: [PATCH 3/3] Remove user/team transfer from website update.

---
 pages/api/websites/[id]/index.ts | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/pages/api/websites/[id]/index.ts b/pages/api/websites/[id]/index.ts
index 7b634e13..e525f237 100644
--- a/pages/api/websites/[id]/index.ts
+++ b/pages/api/websites/[id]/index.ts
@@ -15,8 +15,6 @@ export interface WebsiteRequestBody {
   name: string;
   domain: string;
   shareId: string;
-  userId?: string;
-  teamId?: string;
 }
 
 export default async (
@@ -39,14 +37,10 @@ export default async (
   }
 
   if (req.method === 'POST') {
-    const { ...data } = req.body;
-
-    if (data.userId && data.userId === null && data.teamId && data.teamId === null) {
-      badRequest(res, 'A website must be assigned to a User or Team.');
-    }
+    const { name, domain, shareId } = req.body;
 
     try {
-      await updateWebsite(websiteId, data);
+      await updateWebsite(websiteId, { name, domain, shareId });
     } catch (e: any) {
       if (e.message.includes('Unique constraint') && e.message.includes('share_id')) {
         return serverError(res, 'That share ID is already taken.');