fix(module_access): fix module access validation

2025-12-15 09:00:27 -05:00 · 2025-12-15 09:00:27 -05:00 · 3c773df376
commit 3c773df376
parent b01506f013
3 changed files with 32 additions and 6 deletions
--- a/src/common/guards/modules.guard.ts
+++ b/src/common/guards/modules.guard.ts
@ -36,7 +36,7 @@ export class ModulesGuard implements CanActivate {
    for (const module of requiredModules) {
        if (!user.user_module_access.includes(module)) {
          throw new ForbiddenException(
-            `The role ${user.role} is not authorized to access this resource.`,
+            `This account does not have required access to: ${module}.`,
          );
        }
    }
--- a/src/identity-and-account/employees/services/employees-get.service.ts
+++ b/src/identity-and-account/employees/services/employees-get.service.ts
@ -1,7 +1,7 @@
 import { Injectable } from "@nestjs/common";
 import { PrismaService } from "src/prisma/prisma.service";
-import { Modules } from "src/common/mappers/module-access.mapper";
+import { module_list, Modules } from "src/common/mappers/module-access.mapper";
 import { EmailToIdResolver } from "src/common/mappers/email-id.mapper";
 import { toStringFromDate } from "src/common/utils/date-utils";
 import { Result } from "src/common/errors/result-error.factory";
@ -175,7 +175,7 @@ export class EmployeesGetService {
 		let module_access_array: Modules[] = [];
 		if (employee.user.user_module_access) {
-			module_access_array = toKeysFromBoolean(employee.user.user_module_access);
+			module_access_array = toStringFromBoolean(employee.user.user_module_access);
 		}
 		const company_name = toStringFromCompanyCode(employee.company_code);
@ -202,3 +202,29 @@ export class EmployeesGetService {
 		};
 	};
 }
 const createDefaultModuleAccess = (): Record<Modules, boolean> =>
    module_list.reduce((acc, mod) => {
        acc[mod] = false;
        return acc;
    }, {} as Record<Modules, boolean>);
 export const toBooleanFromString = (arr?: readonly string[] | null): Record<Modules, boolean> => {
    const result = createDefaultModuleAccess();
    if (!arr || !Array.isArray(arr)) return result;
    for (const item of arr) {
        if (typeof item !== 'string') continue;
        const trimmed = item.trim();
        if ((module_list as readonly string[]).includes(trimmed)) {
            result[trimmed as Modules] = true;
        }
    }
    return result;
 }
 export const toStringFromBoolean = (boolean_module_access: Record<Modules, boolean>): Modules[] => {
    const access_array = Object.entries(boolean_module_access);
    const allowed_accesses = access_array.filter(([_key, value]) => value === true);
    return allowed_accesses.map(([key]) => key as Modules);
 }
--- a/src/time-and-attendance/attachments/services/attachment-delete.service.ts
+++ b/src/time-and-attendance/attachments/services/attachment-delete.service.ts
@ -1,4 +1,4 @@
-import { Injectable, NotFoundException } from "@nestjs/common";
+import { Injectable } from "@nestjs/common";
 import { Result } from "src/common/errors/result-error.factory";
 import { PrismaService } from "src/prisma/prisma.service";
@ -16,7 +16,7 @@ export class AttachmentDeleteService {
            // decrement refcount
            const dec = await tx.$executeRaw`
-                UPDATE "Blobs" SET refcount = refcount - 1 
+                UPDATE "blobs" SET refcount = refcount - 1 
                WHERE sha256 = ${attachment.sha256} AND refcount > 0;`;
            return { ok: true, decremented: dec > 0 };