Mt/scrum-57-child-133-update-timetable-endpoints-for-favorites (#68)

minhhaitran08 · web-flow · commit 3d814b014490 · 2025-03-16T15:21:53.000-04:00
diff --git a/course-matrix/backend/src/controllers/timetablesController.ts b/course-matrix/backend/src/controllers/timetablesController.ts
@@ -18,26 +18,31 @@ export default {
       const user_id = (req as any).user.id;
 
       //Retrieve timetable title
-      const { timetable_title, semester } = req.body;
-      if (!timetable_title) {
-        return res.status(400).json({ error: "timetable title is required" });
-      }
-
-      if (!semester) {
+      const { timetable_title, semester, favorite = false } = req.body;
+      if (!timetable_title || !semester) {
         return res
           .status(400)
-          .json({ error: "timetable semester is required" });
+          .json({ error: "timetable title and semester are required" });
       }
 
       //Create query to insert the user_id and timetable_title into the db
       let insertTimetable = supabase
         .schema("timetable")
         .from("timetables")
-        .insert([{ user_id, timetable_title, semester }])
-        .select();
+        .insert([
+          {
+            user_id,
+            timetable_title,
+            semester,
+            favorite,
+          },
+        ])
+        .select()
+        .single();
 
       const { data: timetableData, error: timetableError } =
         await insertTimetable;
+
       if (timetableError) {
         return res.status(400).json({ error: timetableError.message });
       }
@@ -91,11 +96,11 @@ export default {
       const { id } = req.params;
 
       //Retrieve timetable title
-      const { timetable_title, semester } = req.body;
-      if (!timetable_title && !semester) {
+      const { timetable_title, semester, favorite } = req.body;
+      if (!timetable_title && !semester && favorite === undefined) {
         return res.status(400).json({
           error:
-            "New timetable title or semester is required when updating a timetable",
+            "New timetable title or semester or updated favorite status is required when updating a timetable",
         });
       }
 
@@ -112,26 +117,15 @@ export default {
           .eq("user_id", user_id)
           .maybeSingle();
 
-      const timetable_user_id = timetableUserData?.user_id;
-
-      if (timetableUserError)
-        return res.status(400).json({ error: timetableUserError.message });
-
-      //Validate timetable validity:
-      if (!timetableUserData || timetableUserData.length === 0) {
-        return res.status(404).json({ error: "Calendar id not found" });
-      }
-
-      //Validate user access
-      if (user_id !== timetable_user_id) {
+      if (timetableUserError || !timetableUserData)
         return res
-          .status(401)
-          .json({ error: "Unauthorized access to timetable events" });
-      }
+          .status(400)
+          .json({ error: "Timetable not found or unauthorized" });
 
       let updateData: any = {};
       if (timetable_title) updateData.timetable_title = timetable_title;
       if (semester) updateData.semester = semester;
+      if (favorite !== undefined) updateData.favorite = favorite;
 
       //Update timetable title, for authenticated user only
       let updateTimetableQuery = supabase
@@ -140,7 +134,8 @@ export default {
         .update(updateData)
         .eq("id", id)
         .eq("user_id", user_id)
-        .select();
+        .select()
+        .single();
 
       const { data: timetableData, error: timetableError } =
         await updateTimetableQuery;
@@ -180,7 +175,6 @@ export default {
           .eq("id", id)
           .eq("user_id", user_id)
           .maybeSingle();
-      const timetable_user_id = timetableUserData?.user_id;
 
       if (timetableUserError)
         return res.status(400).json({ error: timetableUserError.message });
@@ -190,13 +184,6 @@ export default {
         return res.status(404).json({ error: "Calendar id not found" });
       }
 
-      //Validate user access
-      if (user_id !== timetable_user_id) {
-        return res
-          .status(401)
-          .json({ error: "Unauthorized access to timetable events" });
-      }
-
       // Delete only if the timetable belongs to the authenticated user
       let deleteTimetableQuery = supabase
         .schema("timetable")
