louis/targo-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(expenses): implement role guards

Browse Source
This commit is contained in:
Matthieu Haineault 2025-11-03 12:11:13 -05:00
parent 7ee87d8409
commit 5268737bd1
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/time-and-attendance/expenses/controllers/expense.controller.ts
View File

@ -3,12 +3,15 @@ import { CreateExpenseResult, UpdateExpenseResult } from "src/time-and-attendanc
import { ExpenseUpsertService } from "src/time-and-attendance/expenses/services/expense-upsert.service"; import { ExpenseUpsertService } from "src/time-and-attendance/expenses/services/expense-upsert.service";
import { updateExpenseDto } from "src/time-and-attendance/expenses/dtos/expense-update.dto"; import { updateExpenseDto } from "src/time-and-attendance/expenses/dtos/expense-update.dto";
import { ExpenseDto } from "src/time-and-attendance/expenses/dtos/expense-create.dto"; import { ExpenseDto } from "src/time-and-attendance/expenses/dtos/expense-create.dto";
import { RolesAllowed } from "src/common/decorators/roles.decorators";
import { Roles as RoleEnum } from '.prisma/client';
@Controller('expense') @Controller('expense')
export class ExpenseController { export class ExpenseController {
constructor( private readonly upsert_service: ExpenseUpsertService ){} constructor( private readonly upsert_service: ExpenseUpsertService ){}
@Post('create') @Post('create')
@RolesAllowed(RoleEnum.EMPLOYEE, RoleEnum.ACCOUNTING, RoleEnum.HR, RoleEnum.SUPERVISOR, RoleEnum.ADMIN)
create( @Req() req, @Body() dto: ExpenseDto): Promise<CreateExpenseResult>{ create( @Req() req, @Body() dto: ExpenseDto): Promise<CreateExpenseResult>{
const email = req.user?.email; const email = req.user?.email;
if(!email) throw new UnauthorizedException('Unauthorized User'); if(!email) throw new UnauthorizedException('Unauthorized User');
@ -16,12 +19,16 @@ export class ExpenseController {
} }
@Patch('update') @Patch('update')
@RolesAllowed(RoleEnum.EMPLOYEE, RoleEnum.ACCOUNTING, RoleEnum.HR, RoleEnum.SUPERVISOR, RoleEnum.ADMIN)
update(@Body() body: { update :{ id: number; dto: updateExpenseDto }}): Promise<UpdateExpenseResult>{ update(@Body() body: { update :{ id: number; dto: updateExpenseDto }}): Promise<UpdateExpenseResult>{
return this.upsert_service.updateExpense(body.update); return this.upsert_service.updateExpense(body.update);
} }
@Delete('delete/:expense_id') @Delete('delete/:expense_id')
@RolesAllowed(RoleEnum.EMPLOYEE, RoleEnum.ACCOUNTING, RoleEnum.HR, RoleEnum.SUPERVISOR, RoleEnum.ADMIN)
remove(@Param('expense_id') expense_id: number) { remove(@Param('expense_id') expense_id: number) {
return this.upsert_service.deleteExpense(expense_id); return this.upsert_service.deleteExpense(expense_id);
} }
} }