feat(expenses): implement role guards

src/time-and-attendance/expenses/controllers/expense.controller.ts

@@ -3,12 +3,15 @@ import { CreateExpenseResult, UpdateExpenseResult } from "src/time-and-attendanc
 import { ExpenseUpsertService } from "src/time-and-attendance/expenses/services/expense-upsert.service";
 import { updateExpenseDto } from "src/time-and-attendance/expenses/dtos/expense-update.dto";
 import { ExpenseDto } from "src/time-and-attendance/expenses/dtos/expense-create.dto";
+import { RolesAllowed } from "src/common/decorators/roles.decorators";
+import { Roles as RoleEnum } from '.prisma/client';
 
 @Controller('expense')
 export class ExpenseController {
     constructor( private readonly upsert_service: ExpenseUpsertService ){}
 
     @Post('create')
+    @RolesAllowed(RoleEnum.EMPLOYEE, RoleEnum.ACCOUNTING, RoleEnum.HR, RoleEnum.SUPERVISOR, RoleEnum.ADMIN)
     create( @Req() req, @Body() dto: ExpenseDto): Promise<CreateExpenseResult>{
         const email = req.user?.email;
         if(!email) throw new UnauthorizedException('Unauthorized User');
@@ -16,12 +19,16 @@ export class ExpenseController {
     }
 
     @Patch('update')
+    @RolesAllowed(RoleEnum.EMPLOYEE, RoleEnum.ACCOUNTING, RoleEnum.HR, RoleEnum.SUPERVISOR, RoleEnum.ADMIN)
     update(@Body() body: { update :{ id: number; dto: updateExpenseDto }}): Promise<UpdateExpenseResult>{
         return this.upsert_service.updateExpense(body.update);
     }
 
     @Delete('delete/:expense_id')
+    @RolesAllowed(RoleEnum.EMPLOYEE, RoleEnum.ACCOUNTING, RoleEnum.HR, RoleEnum.SUPERVISOR, RoleEnum.ADMIN)
     remove(@Param('expense_id') expense_id: number) {
         return this.upsert_service.deleteExpense(expense_id);
     }
-}
+}
+
+