Allow managing old single user expenses

Author: krokosik

src/server/api/routers/group.ts

@@ -146,21 +146,7 @@ export const groupRouter = createTRPCRouter({
     )
     .mutation(async ({ input, ctx }) => {
       if (input.expenseId) {
-        const expenseParticipant = await db.expenseParticipant.findUnique({
-          where: {
-            expenseId_userId: {
-              expenseId: input.expenseId,
-              userId: ctx.session.user.id,
-            },
-          },
-        });
-
-        if (!expenseParticipant) {
-          throw new TRPCError({
-            code: 'UNAUTHORIZED',
-            message: 'You are not the participant of the expense',
-          });
-        }
+        await validateEditExpensePermission(input.expenseId, ctx.session.user.id);
       }
 
       try {
@@ -471,4 +457,25 @@ export const groupRouter = createTRPCRouter({
     }),
 });
 
+const validateEditExpensePermission = async (expenseId: string, userId: number): Promise<void> => {
+  const [expenseParticipant, addedBy] = await Promise.all([
+    db.expenseParticipant.findUnique({
+      where: {
+        expenseId_userId: {
+          expenseId: expenseId,
+          userId: userId,
+        },
+      },
+    }),
+    db.expense.findUnique({ where: { id: expenseId }, select: { addedBy: true } }),
+  ]);
+
+  if (!expenseParticipant && !addedBy?.addedBy) {
+    throw new TRPCError({
+      code: 'UNAUTHORIZED',
+      message: 'You are not the participant of the expense',
+    });
+  }
+};
+
 export type GroupRouter = typeof groupRouter;

src/server/api/routers/user.ts

@@ -166,21 +166,7 @@ export const userRouter = createTRPCRouter({
     )
     .mutation(async ({ input, ctx }) => {
       if (input.expenseId) {
-        const expenseParticipant = await db.expenseParticipant.findUnique({
-          where: {
-            expenseId_userId: {
-              expenseId: input.expenseId,
-              userId: ctx.session.user.id,
-            },
-          },
-        });
-
-        if (!expenseParticipant) {
-          throw new TRPCError({
-            code: 'UNAUTHORIZED',
-            message: 'You are not the participant of the expense',
-          });
-        }
+        await validateEditExpensePermission(input.expenseId, ctx.session.user.id);
       }
 
       try {
@@ -438,21 +424,7 @@ export const userRouter = createTRPCRouter({
   deleteExpense: protectedProcedure
     .input(z.object({ expenseId: z.string() }))
     .mutation(async ({ input, ctx }) => {
-      const expenseParticipant = await db.expenseParticipant.findUnique({
-        where: {
-          expenseId_userId: {
-            expenseId: input.expenseId,
-            userId: ctx.session.user.id,
-          },
-        },
-      });
-
-      if (!expenseParticipant) {
-        throw new TRPCError({
-          code: 'UNAUTHORIZED',
-          message: 'You are not the participant of the expense',
-        });
-      }
+      await validateEditExpensePermission(input.expenseId, ctx.session.user.id);
 
       await deleteExpense(input.expenseId, ctx.session.user.id);
     }),
@@ -558,4 +530,25 @@ export const userRouter = createTRPCRouter({
   }),
 });
 
+const validateEditExpensePermission = async (expenseId: string, userId: number): Promise<void> => {
+  const [expenseParticipant, addedBy] = await Promise.all([
+    db.expenseParticipant.findUnique({
+      where: {
+        expenseId_userId: {
+          expenseId: expenseId,
+          userId: userId,
+        },
+      },
+    }),
+    db.expense.findUnique({ where: { id: expenseId }, select: { addedBy: true } }),
+  ]);
+
+  if (!expenseParticipant && !addedBy?.addedBy) {
+    throw new TRPCError({
+      code: 'UNAUTHORIZED',
+      message: 'You are not the participant of the expense',
+    });
+  }
+};
+
 export type UserRouter = typeof userRouter;