✨ Allow updating remote timetables with permission

server/api/index.js

@@ -82,6 +82,34 @@ export async function getTimetable(req, res) {
   });
 }
 
+// Edit timetable API endpoint (/api/timetable)
+// Updates a remote timetable with the requested data
+export async function putTimetable(req, res) {
+  const timetableId = parseInt(req.query.id);
+  const data = req.body.data;
+  if (
+    !(await hasPermission(req.locals.session, "timetable.update", timetableId))
+  ) {
+    res.status(401).send({
+      success: false,
+      error: "missing_permission",
+      message: "You don't have permission to update this timetable!",
+    });
+    return;
+  }
+
+  await prisma.timetable.update({
+    where: {
+      id: timetableId,
+    },
+    data: {
+      data,
+      title: req.body.title,
+    },
+  });
+  res.status(201).send();
+}
+
 // Helper function for converting a date string
 // (eg. "2022-06-02" or "1654128000000") to a
 // unix timestamp