feat(user notifications): added the ability for users to sub to notifications and add multi email

backend/notification/notificationSub.delete.route.ts

@@ -3,12 +3,12 @@ import { type Response, Router } from "express";
 import z from "zod";
 import { db } from "../db/db.controller.js";
 import { notificationSub } from "../db/schema/notifications.sub.schema.js";
+import { auth } from "../utils/auth.utils.js";
 import { apiReturn } from "../utils/returnHelper.utils.js";
 import { tryCatch } from "../utils/trycatch.utils.js";
 import { modifiedNotification } from "./notification.controller.js";
 
 const newSubscribe = z.object({
-	emails: z.email().array().describe("An array of emails"),
 	userId: z.string().describe("User id."),
 	notificationId: z.string().describe("Notification id"),
 });
@@ -16,14 +16,26 @@ const newSubscribe = z.object({
 const r = Router();
 
 r.delete("/", async (req, res: Response) => {
+	const hasPermissions = await auth.api.userHasPermission({
+		body: {
+			//userId: req?.user?.id,
+			role: req.user?.roles as any,
+			permissions: {
+				notifications: ["readAll"], // This must match the structure in your access control
+			},
+		},
+	});
+
 	try {
 		const validated = newSubscribe.parse(req.body);
+
 		const { data, error } = await tryCatch(
 			db
 				.delete(notificationSub)
 				.where(
 					and(
-						eq(notificationSub.userId, validated.userId),
+						//eq(notificationSub.userId, hasPermissions ? validated.userId : req?.user?.id ?? ""), // allows the admin to delete this
+						eq(notificationSub.userId, req?.user?.id ?? ""),
 						eq(notificationSub.notificationId, validated.notificationId),
 					),
 				)
@@ -44,6 +56,18 @@ r.delete("/", async (req, res: Response) => {
 			});
 		}
 
+		if (data.length <= 0) {
+			return apiReturn(res, {
+				success: false,
+				level: "info",
+				module: "notification",
+				subModule: "post",
+				message: `Subscription was not deleted invalid data sent over`,
+				data: data ?? [],
+				status: 200,
+			});
+		}
+
 		return apiReturn(res, {
 			success: true,
 			level: "info",

backend/notification/notificationSub.get.route.ts

@@ -21,12 +21,16 @@ r.get("/", async (req, res: Response) => {
 		},
 	});
 
+	if (userId !== "") {
+		hasPermissions.success = false;
+	}
+
 	const { data, error } = await tryCatch(
 		db
 			.select()
 			.from(notificationSub)
 			.where(
-				userId || !hasPermissions.success
+				!hasPermissions.success
 					? eq(notificationSub.userId, `${req?.user?.id ?? ""}`)
 					: undefined,
 			),

backend/notification/notificationSub.post.route.ts

@@ -25,8 +25,25 @@ r.post("/", async (req, res: Response) => {
 	try {
 		const validated = newSubscribe.parse(req.body);
 
+		const emails = validated.emails
+			.map((e) => e.trim().toLowerCase())
+			.filter(Boolean);
+
+		const uniqueEmails = [...new Set(emails)];
+
 		const { data, error } = await tryCatch(
-			db.insert(notificationSub).values(validated).returning(),
+			db
+				.insert(notificationSub)
+				.values({
+					userId: req?.user?.id ?? "",
+					notificationId: validated.notificationId,
+					emails: uniqueEmails,
+				})
+				.onConflictDoUpdate({
+					target: [notificationSub.userId, notificationSub.notificationId],
+					set: { emails: uniqueEmails },
+				})
+				.returning(),
 		);
 
 		await modifiedNotification(validated.notificationId);