From 867bdd09c0f2afd52c8056a9e4d4db212ab27f1e Mon Sep 17 00:00:00 2001
From: Marc Seitz <marc@mfts.io>
Date: Tue, 26 Nov 2024 18:21:45 +0900
Subject: [PATCH 1/2] refactor: remove hardcoded id

---
 pages/api/links/download/index.ts | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/pages/api/links/download/index.ts b/pages/api/links/download/index.ts
index afc9bc84..18454c52 100644
--- a/pages/api/links/download/index.ts
+++ b/pages/api/links/download/index.ts
@@ -92,15 +92,6 @@ export default async function handle(
         data: { downloadedAt: new Date() },
       });
 
-      // TODO: team hardcode for special download
-      if (
-        view.document!.teamId === "clwt1qwt00000qz39aqra71w6" &&
-        view.document!.versions[0].type === "sheet"
-      ) {
-        const downloadUrl = view.document!.versions[0].file;
-        return res.status(200).json({ downloadUrl });
-      }
-
       const downloadUrl = await getFile({
         type: view.document!.versions[0].storageType,
         data:

From e221114385fd9081d11edf50a64b432c146b561a Mon Sep 17 00:00:00 2001
From: Marc Seitz <marc@mfts.io>
Date: Tue, 26 Nov 2024 18:25:59 +0900
Subject: [PATCH 2/2] feat: allow managers to create a token

---
 pages/api/teams/[teamId]/tokens/index.ts | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/pages/api/teams/[teamId]/tokens/index.ts b/pages/api/teams/[teamId]/tokens/index.ts
index bd948bae..1a1196ea 100644
--- a/pages/api/teams/[teamId]/tokens/index.ts
+++ b/pages/api/teams/[teamId]/tokens/index.ts
@@ -98,9 +98,12 @@ export default async function handle(
         },
       });
 
-      // Only admins can create tokens
-      if (role !== "ADMIN") {
-        return res.status(403).json({ error: "Forbidden" });
+      // Only admins and managers can create tokens
+      if (role !== "ADMIN" && role !== "MANAGER") {
+        return res.status(403).json({
+          error:
+            "You don't have the permissions to create a token. Please contact your administrator or manager.",
+        });
       }
 
       // Generate token
@@ -151,7 +154,10 @@ export default async function handle(
 
       // Only admins can delete tokens
       if (role !== "ADMIN") {
-        return res.status(403).json({ error: "Forbidden" });
+        return res.status(403).json({
+          error:
+            "You don't have the permissions to delete a token. Please contact your administrator.",
+        });
       }
 
       // Delete the token