multi-user support

app/lib/locationActions.ts

@@ -6,6 +6,8 @@ import { redirect } from 'next/navigation';
 import clientPromise from './mongodb';
 import { BillingLocation } from './db-types';
 import { ObjectId } from 'mongodb';
+import { auth, withUser } from '@/app/lib/auth';
+import { AuthenticatedUser } from './types/next-auth';
 
 export type State = {
     errors?: {
@@ -30,7 +32,7 @@ const UpdateLocation = FormSchema.omit({ _id: true });
  * @param formData form data
  * @returns 
  */
-export async function updateOrAddLocation(locationId?: string, yearMonth?: string, prevState:State, formData: FormData) {
+export const updateOrAddLocation = withUser(async (user:AuthenticatedUser, locationId?: string, yearMonth?: string, prevState:State, formData: FormData) => {
 
     const validatedFields = UpdateLocation.safeParse({
         locationName: formData.get('locationName'),
@@ -54,10 +56,13 @@ export async function updateOrAddLocation(locationId?: string, yearMonth?: strin
     const client = await clientPromise;
     const db = client.db("rezije");
 
+    const { id: userId, email: userEmail } = user;
+
     if(locationId) {
         await db.collection<BillingLocation>("lokacije").updateOne(
             {
-                _id: locationId // find a location with the given locationID
+                _id: locationId, // find a location with the given locationID
+                userId // make sure the location belongs to the user
             },
             {
                 $set: {
@@ -68,6 +73,8 @@ export async function updateOrAddLocation(locationId?: string, yearMonth?: strin
     } else if(yearMonth) {
         await db.collection<BillingLocation>("lokacije").insertOne({
             _id: (new ObjectId()).toHexString(),
+            userId,
+            userEmail,
             name: locationName,
             notes: locationNotes,
             yearMonth: parseInt(yearMonth), // ToDo: get the current year and month
@@ -79,14 +86,34 @@ export async function updateOrAddLocation(locationId?: string, yearMonth?: strin
     revalidatePath('/');
     // go to the bill list
     redirect('/');
-}
+});
+
+
+export const fetchAllLocations = withUser(async (user:AuthenticatedUser, locationID:string) => {
 
-export const fetchLocationById = async (locationID:string) => {
     const client = await clientPromise;
     const db = client.db("rezije");
 
+    const { id: userId } = user;
+
+    const locations = await db.collection<BillingLocation>("lokacije")
+    .find({ userId })
+    .sort({ yearMonth: -1, name: 1 }) // sort by yearMonth descending
+    .limit(20)
+    .toArray();
+
+    return(locations);
+})
+
+export const fetchLocationById = withUser(async (user:AuthenticatedUser, locationID:string) => {
+
+    const client = await clientPromise;
+    const db = client.db("rezije");
+
+    const { id: userId } = user;
+
     // find a location with the given locationID
-    const billLocation = await db.collection<BillingLocation>("lokacije").findOne({ _id: locationID });
+    const billLocation = await db.collection<BillingLocation>("lokacije").findOne({ _id: locationID, userId});
 
     if(!billLocation) {
         console.log(`Location ${locationID} not found`);
@@ -94,14 +121,16 @@ export const fetchLocationById = async (locationID:string) => {
     }
 
     return(billLocation);
-}
+})
+
+export const deleteLocationById = withUser(async (user:AuthenticatedUser, locationID:string) => {
 
-export const deleteLocationById = async (locationID:string) => {
     const client = await clientPromise;
     const db = client.db("rezije");
+    const { id: userId } = user;
 
     // find a location with the given locationID
-    const post = await db.collection<BillingLocation>("lokacije").deleteOne({ _id: locationID });
+    const post = await db.collection<BillingLocation>("lokacije").deleteOne({ _id: locationID, userId });
     
     return(post.deletedCount);
-}
+})