66 lines
1.7 KiB
TypeScript
66 lines
1.7 KiB
TypeScript
import type { APIRoute } from 'astro';
|
|
import { db } from '../../../db';
|
|
import { users, members } from '../../../db/schema';
|
|
import { eq, and } from 'drizzle-orm';
|
|
|
|
export const POST: APIRoute = async ({ request, locals, redirect }) => {
|
|
const user = locals.user;
|
|
if (!user) {
|
|
return new Response('Unauthorized', { status: 401 });
|
|
}
|
|
|
|
// Check if user is admin
|
|
const userMembership = await db.select()
|
|
.from(members)
|
|
.where(eq(members.userId, user.id))
|
|
.get();
|
|
|
|
if (!userMembership || (userMembership.role !== 'owner' && userMembership.role !== 'admin')) {
|
|
return new Response('Unauthorized', { status: 403 });
|
|
}
|
|
|
|
const formData = await request.formData();
|
|
const email = formData.get('email')?.toString();
|
|
const role = formData.get('role')?.toString() || 'member';
|
|
|
|
if (!email) {
|
|
return new Response('Email is required', { status: 400 });
|
|
}
|
|
|
|
if (!['member', 'admin'].includes(role)) {
|
|
return new Response('Invalid role', { status: 400 });
|
|
}
|
|
|
|
// Find user by email
|
|
const invitedUser = await db.select()
|
|
.from(users)
|
|
.where(eq(users.email, email))
|
|
.get();
|
|
|
|
if (!invitedUser) {
|
|
return new Response('User not found. They must create an account first.', { status: 404 });
|
|
}
|
|
|
|
// Check if already a member
|
|
const existingMember = await db.select()
|
|
.from(members)
|
|
.where(and(
|
|
eq(members.userId, invitedUser.id),
|
|
eq(members.organizationId, userMembership.organizationId)
|
|
))
|
|
.get();
|
|
|
|
if (existingMember) {
|
|
return new Response('User is already a member', { status: 400 });
|
|
}
|
|
|
|
// Add to organization
|
|
await db.insert(members).values({
|
|
userId: invitedUser.id,
|
|
organizationId: userMembership.organizationId,
|
|
role,
|
|
});
|
|
|
|
return redirect('/dashboard/team');
|
|
};
|