✨ Allow updating remote timetables with permission

server/api/index.js

@@ -82,6 +82,34 @@ export async function getTimetable(req, res) {
   });
 }
 
+// Edit timetable API endpoint (/api/timetable)
+// Updates a remote timetable with the requested data
+export async function putTimetable(req, res) {
+  const timetableId = parseInt(req.query.id);
+  const data = req.body.data;
+  if (
+    !(await hasPermission(req.locals.session, "timetable.update", timetableId))
+  ) {
+    res.status(401).send({
+      success: false,
+      error: "missing_permission",
+      message: "You don't have permission to update this timetable!",
+    });
+    return;
+  }
+
+  await prisma.timetable.update({
+    where: {
+      id: timetableId,
+    },
+    data: {
+      data,
+      title: req.body.title,
+    },
+  });
+  res.status(201).send();
+}
+
 // Helper function for converting a date string
 // (eg. "2022-06-02" or "1654128000000") to a
 // unix timestamp

server/index.js

@@ -8,6 +8,7 @@ import {
   getSubstitutions,
   getHistory,
   getClasses,
+  putTimetable,
   getInfo,
   putKey,
   deleteKey,
@@ -63,6 +64,7 @@ app.get("/api/info", getInfo);
 app.put("/api/key", putKey);
 app.delete("/api/key", deleteKey);
 app.get("/api/timetable", getTimetable);
+app.put("/api/timetable", putTimetable);
 app.get("/api/substitutions", getSubstitutions);
 app.get("/api/history", getHistory);
 app.get("/api/classes", getClasses);