From 5268737bd1a4bd61b7ef5d8e284f9bae92359e6a Mon Sep 17 00:00:00 2001
From: Matthieu Haineault <matthieuh@targointernet.com>
Date: Mon, 3 Nov 2025 12:11:13 -0500
Subject: [PATCH] feat(expenses): implement role guards

---
 .../expenses/controllers/expense.controller.ts           | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/time-and-attendance/expenses/controllers/expense.controller.ts b/src/time-and-attendance/expenses/controllers/expense.controller.ts
index 5f9a7ff..fb81eb2 100644
--- a/src/time-and-attendance/expenses/controllers/expense.controller.ts
+++ b/src/time-and-attendance/expenses/controllers/expense.controller.ts
@@ -3,12 +3,15 @@ import { CreateExpenseResult, UpdateExpenseResult } from "src/time-and-attendanc
 import { ExpenseUpsertService } from "src/time-and-attendance/expenses/services/expense-upsert.service";
 import { updateExpenseDto } from "src/time-and-attendance/expenses/dtos/expense-update.dto";
 import { ExpenseDto } from "src/time-and-attendance/expenses/dtos/expense-create.dto";
+import { RolesAllowed } from "src/common/decorators/roles.decorators";
+import { Roles as RoleEnum } from '.prisma/client';
 
 @Controller('expense')
 export class ExpenseController {
     constructor( private readonly upsert_service: ExpenseUpsertService ){}
 
     @Post('create')
+    @RolesAllowed(RoleEnum.EMPLOYEE, RoleEnum.ACCOUNTING, RoleEnum.HR, RoleEnum.SUPERVISOR, RoleEnum.ADMIN)
     create( @Req() req, @Body() dto: ExpenseDto): Promise<CreateExpenseResult>{
         const email = req.user?.email;
         if(!email) throw new UnauthorizedException('Unauthorized User');
@@ -16,12 +19,16 @@ export class ExpenseController {
     }
 
     @Patch('update')
+    @RolesAllowed(RoleEnum.EMPLOYEE, RoleEnum.ACCOUNTING, RoleEnum.HR, RoleEnum.SUPERVISOR, RoleEnum.ADMIN)
     update(@Body() body: { update :{ id: number; dto: updateExpenseDto }}): Promise<UpdateExpenseResult>{
         return this.upsert_service.updateExpense(body.update);
     }
 
     @Delete('delete/:expense_id')
+    @RolesAllowed(RoleEnum.EMPLOYEE, RoleEnum.ACCOUNTING, RoleEnum.HR, RoleEnum.SUPERVISOR, RoleEnum.ADMIN)
     remove(@Param('expense_id') expense_id: number) {
         return this.upsert_service.deleteExpense(expense_id);
     }
-}
\ No newline at end of file
+}
+
+