louis/targo-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(module-access): fix module access for none-admin users

Browse Source
This commit is contained in:
Matthieu Haineault 2025-12-19 12:23:55 -05:00
parent 40fe965a6d
commit 027dd48efb
10 changed files with 22 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/identity-and-account/authentication/controllers/auth.controller.ts
View File

@ -1,7 +1,6 @@
import { Controller, Get, Req, Res, UnauthorizedException, UseGuards } from '@nestjs/common';
import { OIDCLoginGuard } from '../guards/authentik-auth.guard';
import { Request, Response } from 'express';
import { env } from 'node:process';
@Controller('auth')
export class AuthController {

2
src/identity-and-account/employees/employees.controller.ts
View File

@ -23,7 +23,7 @@ export class EmployeesController {
}
@Get('profile')
@ModuleAccessAllowed(ModulesEnum.employee_management)
@ModuleAccessAllowed(ModulesEnum.personal_profile)
async findProfile(@Access('email') email: string, @Query('employee_email') employee_email?: string,
): Promise<Result<Partial<EmployeeDetailedDto>, string>> {
return await this.getService.findOneDetailedProfile(email, employee_email);

2
src/time-and-attendance/schedule-presets/schedule-presets.controller.ts
View File

@ -43,7 +43,7 @@ export class SchedulePresetsController {
@Delete('delete/:id')
@ModuleAccessAllowed(ModulesEnum.employee_management)
async deletePreset(
@Param('id', ParseIntPipe) id: number) {
@Param('id') id: number) {
return await this.deleteService.deletePreset(id);
}

1
src/time-and-attendance/schedule-presets/schedule-presets.dto.ts
View File

@ -5,7 +5,6 @@ import { HH_MM_REGEX } from "src/common/utils/constants.utils";
export class SchedulePresetsDto {
@IsInt() id!: number;
@IsString() name!: string;
@IsBoolean() @IsOptional() is_default: boolean;
@IsArray() @ArrayMinSize(1) shifts: SchedulePresetShiftsDto[];
}

2
src/time-and-attendance/schedule-presets/services/schedule-presets-apply.service.ts
View File

@ -32,7 +32,6 @@ export class SchedulePresetsApplyService {
schedule_preset: {
select: {
id: true,
is_default: true,
shifts: true,
},
},
@ -94,7 +93,6 @@ export class SchedulePresetsApplyService {
schedule_preset: {
select: {
id: true,
is_default: true,
shifts: {
where: { week_day: $Enums.Weekday[week_day] },
select: {

14
src/time-and-attendance/schedule-presets/services/schedule-presets-create.service.ts
View File

@ -56,17 +56,17 @@ export class SchedulePresetsCreateService {
await this.prisma.$transaction(async (tx) => {
//check if employee chose this preset has a default preset and ensure all others are false
if (dto.is_default) {
await tx.schedulePresets.updateMany({
where: { is_default: true },
data: { is_default: false },
});
}
// if (dto.is_default) {
// await tx.schedulePresets.updateMany({
// where: { is_default: true },
// data: { is_default: false },
// });
// }
await tx.schedulePresets.create({
data: {
name: dto.name,
is_default: dto.is_default ?? false,
// is_default: dto.is_default ?? false,
shifts: {
create: dto.shifts.map((shift, index) => {
//validated bank_codes sent as a Result Array to access its data

17
src/time-and-attendance/schedule-presets/services/schedule-presets-delete.service.ts
View File

@ -1,6 +1,8 @@
import { Injectable } from "@nestjs/common";
import { Result } from "src/common/errors/result-error.factory";
import { PrismaService } from "src/prisma/prisma.service";
@Injectable()
export class SchedulePresetDeleteService {
constructor(private readonly prisma: PrismaService) { }
@ -8,19 +10,22 @@ export class SchedulePresetDeleteService {
// DELETE
//_________________________________________________________________
async deletePreset(preset_id: number): Promise<Result<boolean, string>> {
const preset = await this.prisma.schedulePresets.findFirst({
console.log('preset_id received: ', preset_id)
const preset = await this.prisma.schedulePresets.findUnique({
where: { id: preset_id },
select: { id: true },
});
if (!preset) return { success: false, error: `SCHEDULE_PRESET_NOT_FOUND` };
await this.prisma.employees.updateMany({
where: { schedule_preset_id: preset.id },
console.log('preset found: ', preset.id)
const updated_employees = await this.prisma.employees.updateMany({
where: { schedule_preset_id: preset_id },
data: {
schedule_preset_id: null,
schedule_preset_id: 0,
},
});
console.log('employee schedule id updated', updated_employees);
await this.prisma.$transaction(async (tx) => {
await tx.schedulePresetShifts.deleteMany({ where: { preset_id: preset_id } });

3
src/time-and-attendance/schedule-presets/services/schedule-presets-get.service.ts
View File

@ -15,7 +15,7 @@ export class SchedulePresetsGetService {
async getSchedulePresets(): Promise<Result<SchedulePresetsDto[], string>> {
try {
const presets = await this.prisma.schedulePresets.findMany({
orderBy: [{ is_default: 'desc' }, { name: 'asc' }],
orderBy: [{ name: 'asc' }],
include: {
shifts: {
orderBy: [{ week_day: 'asc' }, { start_time: 'asc' }],
@ -28,7 +28,6 @@ export class SchedulePresetsGetService {
const response: SchedulePresetsDto[] = presets.map((preset) => ({
id: preset.id,
name: preset.name,
is_default: preset.is_default,
shifts: preset.shifts.map<Omit<SchedulePresetShiftsDto, 'id'>>((shift) => ({
preset_id: shift.preset_id,
week_day: shift.week_day,

11
src/time-and-attendance/schedule-presets/services/schedule-presets-update.service.ts
View File

@ -22,7 +22,6 @@ export class SchedulePresetUpdateService {
where: { id: dto.id },
select: {
id: true,
is_default: true,
shifts: true,
},
});
@ -52,22 +51,12 @@ export class SchedulePresetUpdateService {
}
await this.prisma.$transaction(async (tx) => {
if (dto.is_default) {
await tx.schedulePresets.updateMany({
where: {
is_default: true,
NOT: { id: existing.id },
},
data: { is_default: false },
});
}
await tx.schedulePresetShifts.deleteMany({ where: { preset_id: existing.id } });
await tx.schedulePresets.update({
where: { id: existing.id },
data: {
name: dto.name,
is_default: dto.is_default ?? false,
shifts: {
create: dto.shifts.map((shift, index) => {
const result = bank_code_results[index] as { success: true, data: number };

2
src/time-and-attendance/timesheets/timesheet.controller.ts
View File

@ -14,7 +14,7 @@ export class TimesheetController {
) { }
@Get(':year/:period_number')
@ModuleAccessAllowed(ModulesEnum.timesheets_approval)
@ModuleAccessAllowed(ModulesEnum.timesheets)
getTimesheetByPayPeriod(
@Access('email') email: string,
@Param('year', ParseIntPipe) year: number,