louis/targo-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(module_access): fix module access validation

Browse Source
This commit is contained in:
Matthieu Haineault 2025-12-15 09:00:27 -05:00
parent b01506f013
commit 3c773df376
3 changed files with 32 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/common/guards/modules.guard.ts
View File

@ -36,7 +36,7 @@ export class ModulesGuard implements CanActivate {
for (const module of requiredModules) {
if (!user.user_module_access.includes(module)) {
throw new ForbiddenException(
`The role ${user.role} is not authorized to access this resource.`,
`This account does not have required access to: ${module}.`,
);
}
}

30
src/identity-and-account/employees/services/employees-get.service.ts
View File

@ -1,7 +1,7 @@
import { Injectable } from "@nestjs/common";
import { PrismaService } from "src/prisma/prisma.service";
import { Modules } from "src/common/mappers/module-access.mapper";
import { module_list, Modules } from "src/common/mappers/module-access.mapper";
import { EmailToIdResolver } from "src/common/mappers/email-id.mapper";
import { toStringFromDate } from "src/common/utils/date-utils";
import { Result } from "src/common/errors/result-error.factory";
@ -175,7 +175,7 @@ export class EmployeesGetService {
let module_access_array: Modules[] = [];
if (employee.user.user_module_access) {
module_access_array = toKeysFromBoolean(employee.user.user_module_access);
module_access_array = toStringFromBoolean(employee.user.user_module_access);
}
const company_name = toStringFromCompanyCode(employee.company_code);
@ -201,4 +201,30 @@ export class EmployeesGetService {
},
};
};
}
const createDefaultModuleAccess = (): Record<Modules, boolean> =>
module_list.reduce((acc, mod) => {
acc[mod] = false;
return acc;
}, {} as Record<Modules, boolean>);
export const toBooleanFromString = (arr?: readonly string[] | null): Record<Modules, boolean> => {
const result = createDefaultModuleAccess();
if (!arr || !Array.isArray(arr)) return result;
for (const item of arr) {
if (typeof item !== 'string') continue;
const trimmed = item.trim();
if ((module_list as readonly string[]).includes(trimmed)) {
result[trimmed as Modules] = true;
}
}
return result;
}
export const toStringFromBoolean = (boolean_module_access: Record<Modules, boolean>): Modules[] => {
const access_array = Object.entries(boolean_module_access);
const allowed_accesses = access_array.filter(([_key, value]) => value === true);
return allowed_accesses.map(([key]) => key as Modules);
}

6
src/time-and-attendance/attachments/services/attachment-delete.service.ts
View File

@ -1,4 +1,4 @@
import { Injectable, NotFoundException } from "@nestjs/common";
import { Injectable } from "@nestjs/common";
import { Result } from "src/common/errors/result-error.factory";
import { PrismaService } from "src/prisma/prisma.service";
@ -15,8 +15,8 @@ export class AttachmentDeleteService {
await tx.attachments.update({ where: { id: Number(id) }, data: { status: 'DELETED' } });
// decrement refcount
const dec = await tx.$executeRaw `
UPDATE "Blobs" SET refcount = refcount - 1
const dec = await tx.$executeRaw`
UPDATE "blobs" SET refcount = refcount - 1
WHERE sha256 = ${attachment.sha256} AND refcount > 0;`;
return { ok: true, decremented: dec > 0 };