diff --git a/src/common/guards/modules.guard.ts b/src/common/guards/modules.guard.ts index 6ca2907..b4654c5 100644 --- a/src/common/guards/modules.guard.ts +++ b/src/common/guards/modules.guard.ts @@ -33,10 +33,12 @@ export class ModulesGuard implements CanActivate { if (!user) { return false; } - if (!requiredModules.includes(user.role)) { - throw new ForbiddenException( - `The role ${user.role} is not authorized to access this resource.`, - ); + for (const module of requiredModules) { + if (!user.user_module_access.includes(module)) { + throw new ForbiddenException( + `The role ${user.role} is not authorized to access this resource.`, + ); + } } return true; } diff --git a/src/common/mappers/module-access.mapper.ts b/src/common/mappers/module-access.mapper.ts index fbc7ae7..ec02ade 100644 --- a/src/common/mappers/module-access.mapper.ts +++ b/src/common/mappers/module-access.mapper.ts @@ -35,9 +35,8 @@ export const toBooleanFromString = (arr?: readonly string[] | null): Record): Record => { - return module_list.reduce((acc, mod) => { - acc[mod] = map[mod] ? mod : null; - return acc; - }, {} as Record); +export const toStringFromBoolean = (boolean_module_access: Record): Modules[] => { + const access_array = Object.entries(boolean_module_access); + const allowed_accesses = access_array.filter(([_key, value]) => value === true); + return allowed_accesses.map(([key]) => key as Modules); } \ No newline at end of file diff --git a/src/identity-and-account/employees/services/employees.service.ts b/src/identity-and-account/employees/services/employees.service.ts index 4b550ee..0ebaed4 100644 --- a/src/identity-and-account/employees/services/employees.service.ts +++ b/src/identity-and-account/employees/services/employees.service.ts @@ -159,10 +159,7 @@ export class EmployeesService { let module_access_array: Modules[] = []; if (employee.user.user_module_access) { - const stringfy_module_access = toStringFromBoolean(employee.user.user_module_access); - module_access_array = module_list - .map(mod => stringfy_module_access[mod]) - .filter((value): value is Modules => value !== null && value !== undefined); + module_access_array = toStringFromBoolean(employee.user.user_module_access); } let company_name = 'Solucom'; diff --git a/src/identity-and-account/users-management/services/abstract-user.service.ts b/src/identity-and-account/users-management/services/abstract-user.service.ts index 14092ce..946df80 100644 --- a/src/identity-and-account/users-management/services/abstract-user.service.ts +++ b/src/identity-and-account/users-management/services/abstract-user.service.ts @@ -1,5 +1,6 @@ import { Injectable, NotFoundException } from '@nestjs/common'; -import { Users } from '@prisma/client'; +import { Modules, Users } from '@prisma/client'; +import { toStringFromBoolean } from 'src/common/mappers/module-access.mapper'; import { PrismaService } from 'src/prisma/prisma.service'; @Injectable() @@ -26,12 +27,16 @@ export abstract class AbstractUserService { if (!user) { throw new NotFoundException(`No user with email #${email} exists`); } - const clean_user = { + + let module_access: Modules[] = []; + if (user.user_module_access !== null) module_access = toStringFromBoolean(user.user_module_access); + + const clean_user = { first_name: user.first_name, last_name: user.last_name, email: user.email, role: user.role, - user_module_access: user.user_module_access, + user_module_access: module_access, } return clean_user; diff --git a/src/identity-and-account/users-management/user.dto.ts b/src/identity-and-account/users-management/user.dto.ts new file mode 100644 index 0000000..3b5924a --- /dev/null +++ b/src/identity-and-account/users-management/user.dto.ts @@ -0,0 +1,10 @@ +import { Modules, Roles } from "@prisma/client"; +import { IsArray, IsEmail, IsEnum, IsString } from "class-validator"; + +export class UserDto { + @IsString() first_name!: string; + @IsString() last_name!: string; + @IsEmail() email!: string; + @IsEnum(Roles) role!: string; + @IsArray() @IsEnum(Modules, { each: true }) user_module_access!: Modules[]; +} \ No newline at end of file