louis/targo-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(module-access): fix module access for none-admin users

Browse Source
This commit is contained in:
Matthieu Haineault 2025-12-19 12:23:55 -05:00
parent 40fe965a6d
commit 027dd48efb
10 changed files with 22 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/identity-and-account/authentication/controllers/auth.controller.ts
View File

@ -1,7 +1,6 @@
import { Controller, Get, Req, Res, UnauthorizedException, UseGuards } from '@nestjs/common'; import { Controller, Get, Req, Res, UnauthorizedException, UseGuards } from '@nestjs/common';
import { OIDCLoginGuard } from '../guards/authentik-auth.guard'; import { OIDCLoginGuard } from '../guards/authentik-auth.guard';
import { Request, Response } from 'express'; import { Request, Response } from 'express';
import { env } from 'node:process';
@Controller('auth') @Controller('auth')
export class AuthController { export class AuthController {

2
src/identity-and-account/employees/employees.controller.ts
View File

@ -23,7 +23,7 @@ export class EmployeesController {
} }
@Get('profile') @Get('profile')
@ModuleAccessAllowed(ModulesEnum.employee_management) @ModuleAccessAllowed(ModulesEnum.personal_profile)
async findProfile(@Access('email') email: string, @Query('employee_email') employee_email?: string, async findProfile(@Access('email') email: string, @Query('employee_email') employee_email?: string,
): Promise<Result<Partial<EmployeeDetailedDto>, string>> { ): Promise<Result<Partial<EmployeeDetailedDto>, string>> {
return await this.getService.findOneDetailedProfile(email, employee_email); return await this.getService.findOneDetailedProfile(email, employee_email);

2
src/time-and-attendance/schedule-presets/schedule-presets.controller.ts
View File

@ -43,7 +43,7 @@ export class SchedulePresetsController {
@Delete('delete/:id') @Delete('delete/:id')
@ModuleAccessAllowed(ModulesEnum.employee_management) @ModuleAccessAllowed(ModulesEnum.employee_management)
async deletePreset( async deletePreset(
@Param('id', ParseIntPipe) id: number) { @Param('id') id: number) {
return await this.deleteService.deletePreset(id); return await this.deleteService.deletePreset(id);
} }

1
src/time-and-attendance/schedule-presets/schedule-presets.dto.ts
View File

@ -5,7 +5,6 @@ import { HH_MM_REGEX } from "src/common/utils/constants.utils";
export class SchedulePresetsDto { export class SchedulePresetsDto {
@IsInt() id!: number; @IsInt() id!: number;
@IsString() name!: string; @IsString() name!: string;
@IsBoolean() @IsOptional() is_default: boolean;
@IsArray() @ArrayMinSize(1) shifts: SchedulePresetShiftsDto[]; @IsArray() @ArrayMinSize(1) shifts: SchedulePresetShiftsDto[];
} }

2
src/time-and-attendance/schedule-presets/services/schedule-presets-apply.service.ts
View File

@ -32,7 +32,6 @@ export class SchedulePresetsApplyService {
schedule_preset: { schedule_preset: {
select: { select: {
id: true, id: true,
is_default: true,
shifts: true, shifts: true,
}, },
}, },
@ -94,7 +93,6 @@ export class SchedulePresetsApplyService {
schedule_preset: { schedule_preset: {
select: { select: {
id: true, id: true,
is_default: true,
shifts: { shifts: {
where: { week_day: $Enums.Weekday[week_day] }, where: { week_day: $Enums.Weekday[week_day] },
select: { select: {

14
src/time-and-attendance/schedule-presets/services/schedule-presets-create.service.ts
View File

@ -56,17 +56,17 @@ export class SchedulePresetsCreateService {
await this.prisma.$transaction(async (tx) => { await this.prisma.$transaction(async (tx) => {
//check if employee chose this preset has a default preset and ensure all others are false //check if employee chose this preset has a default preset and ensure all others are false
if (dto.is_default) { // if (dto.is_default) {
await tx.schedulePresets.updateMany({ // await tx.schedulePresets.updateMany({
where: { is_default: true }, // where: { is_default: true },
data: { is_default: false }, // data: { is_default: false },
}); // });
} // }
await tx.schedulePresets.create({ await tx.schedulePresets.create({
data: { data: {
name: dto.name, name: dto.name,
is_default: dto.is_default ?? false, // is_default: dto.is_default ?? false,
shifts: { shifts: {
create: dto.shifts.map((shift, index) => { create: dto.shifts.map((shift, index) => {
//validated bank_codes sent as a Result Array to access its data //validated bank_codes sent as a Result Array to access its data

15
src/time-and-attendance/schedule-presets/services/schedule-presets-delete.service.ts
View File

@ -1,6 +1,8 @@
import { Injectable } from "@nestjs/common";
import { Result } from "src/common/errors/result-error.factory"; import { Result } from "src/common/errors/result-error.factory";
import { PrismaService } from "src/prisma/prisma.service"; import { PrismaService } from "src/prisma/prisma.service";
@Injectable()
export class SchedulePresetDeleteService { export class SchedulePresetDeleteService {
constructor(private readonly prisma: PrismaService) { } constructor(private readonly prisma: PrismaService) { }
@ -8,19 +10,22 @@ export class SchedulePresetDeleteService {
// DELETE // DELETE
//_________________________________________________________________ //_________________________________________________________________
async deletePreset(preset_id: number): Promise<Result<boolean, string>> { async deletePreset(preset_id: number): Promise<Result<boolean, string>> {
const preset = await this.prisma.schedulePresets.findFirst({ console.log('preset_id received: ', preset_id)
const preset = await this.prisma.schedulePresets.findUnique({
where: { id: preset_id }, where: { id: preset_id },
select: { id: true }, select: { id: true },
}); });
if (!preset) return { success: false, error: `SCHEDULE_PRESET_NOT_FOUND` }; if (!preset) return { success: false, error: `SCHEDULE_PRESET_NOT_FOUND` };
console.log('preset found: ', preset.id)
await this.prisma.employees.updateMany({ const updated_employees = await this.prisma.employees.updateMany({
where: { schedule_preset_id: preset.id }, where: { schedule_preset_id: preset_id },
data: { data: {
schedule_preset_id: null, schedule_preset_id: 0,
}, },
}); });
console.log('employee schedule id updated', updated_employees);
await this.prisma.$transaction(async (tx) => { await this.prisma.$transaction(async (tx) => {
await tx.schedulePresetShifts.deleteMany({ where: { preset_id: preset_id } }); await tx.schedulePresetShifts.deleteMany({ where: { preset_id: preset_id } });

3
src/time-and-attendance/schedule-presets/services/schedule-presets-get.service.ts
View File

@ -15,7 +15,7 @@ export class SchedulePresetsGetService {
async getSchedulePresets(): Promise<Result<SchedulePresetsDto[], string>> { async getSchedulePresets(): Promise<Result<SchedulePresetsDto[], string>> {
try { try {
const presets = await this.prisma.schedulePresets.findMany({ const presets = await this.prisma.schedulePresets.findMany({
orderBy: [{ is_default: 'desc' }, { name: 'asc' }], orderBy: [{ name: 'asc' }],
include: { include: {
shifts: { shifts: {
orderBy: [{ week_day: 'asc' }, { start_time: 'asc' }], orderBy: [{ week_day: 'asc' }, { start_time: 'asc' }],
@ -28,7 +28,6 @@ export class SchedulePresetsGetService {
const response: SchedulePresetsDto[] = presets.map((preset) => ({ const response: SchedulePresetsDto[] = presets.map((preset) => ({
id: preset.id, id: preset.id,
name: preset.name, name: preset.name,
is_default: preset.is_default,
shifts: preset.shifts.map<Omit<SchedulePresetShiftsDto, 'id'>>((shift) => ({ shifts: preset.shifts.map<Omit<SchedulePresetShiftsDto, 'id'>>((shift) => ({
preset_id: shift.preset_id, preset_id: shift.preset_id,
week_day: shift.week_day, week_day: shift.week_day,

11
src/time-and-attendance/schedule-presets/services/schedule-presets-update.service.ts
View File

@ -22,7 +22,6 @@ export class SchedulePresetUpdateService {
where: { id: dto.id }, where: { id: dto.id },
select: { select: {
id: true, id: true,
is_default: true,
shifts: true, shifts: true,
}, },
}); });
@ -52,22 +51,12 @@ export class SchedulePresetUpdateService {
} }
await this.prisma.$transaction(async (tx) => { await this.prisma.$transaction(async (tx) => {
if (dto.is_default) {
await tx.schedulePresets.updateMany({
where: {
is_default: true,
NOT: { id: existing.id },
},
data: { is_default: false },
});
}
await tx.schedulePresetShifts.deleteMany({ where: { preset_id: existing.id } }); await tx.schedulePresetShifts.deleteMany({ where: { preset_id: existing.id } });
await tx.schedulePresets.update({ await tx.schedulePresets.update({
where: { id: existing.id }, where: { id: existing.id },
data: { data: {
name: dto.name, name: dto.name,
is_default: dto.is_default ?? false,
shifts: { shifts: {
create: dto.shifts.map((shift, index) => { create: dto.shifts.map((shift, index) => {
const result = bank_code_results[index] as { success: true, data: number }; const result = bank_code_results[index] as { success: true, data: number };

2
src/time-and-attendance/timesheets/timesheet.controller.ts
View File

@ -14,7 +14,7 @@ export class TimesheetController {
) { } ) { }
@Get(':year/:period_number') @Get(':year/:period_number')
@ModuleAccessAllowed(ModulesEnum.timesheets_approval) @ModuleAccessAllowed(ModulesEnum.timesheets)
getTimesheetByPayPeriod( getTimesheetByPayPeriod(
@Access('email') email: string, @Access('email') email: string,
@Param('year', ParseIntPipe) year: number, @Param('year', ParseIntPipe) year: number,