fix(controller): added ModuleAccess tag
This commit is contained in:
Matthieu Haineault
parent
ebc1cd77d8
commit
68477c17b7
|
|
@ -6,7 +6,7 @@ import {
|
||||||
} from '@nestjs/common';
|
} from '@nestjs/common';
|
||||||
import { Reflector } from '@nestjs/core';
|
import { Reflector } from '@nestjs/core';
|
||||||
import { MODULES_KEY } from '../decorators/modules-guard.decorators';
|
import { MODULES_KEY } from '../decorators/modules-guard.decorators';
|
||||||
import { Modules, Roles } from '.prisma/client';
|
import { Modules } from '.prisma/client';
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,20 +1,20 @@
|
||||||
import { Roles as RoleEnum } from ".prisma/client";
|
// import { Roles as RoleEnum } from ".prisma/client";
|
||||||
|
|
||||||
export const GLOBAL_CONTROLLER_ROLES: readonly RoleEnum[] = [
|
// export const GLOBAL_CONTROLLER_ROLES: readonly RoleEnum[] = [
|
||||||
RoleEnum.EMPLOYEE,
|
// RoleEnum.EMPLOYEE,
|
||||||
RoleEnum.ACCOUNTING,
|
// RoleEnum.ACCOUNTING,
|
||||||
RoleEnum.HR,
|
// RoleEnum.HR,
|
||||||
RoleEnum.SUPERVISOR,
|
// RoleEnum.SUPERVISOR,
|
||||||
RoleEnum.ADMIN,
|
// RoleEnum.ADMIN,
|
||||||
];
|
// ];
|
||||||
|
|
||||||
export const MANAGER_ROLES: readonly RoleEnum[] = [
|
// export const MANAGER_ROLES: readonly RoleEnum[] = [
|
||||||
RoleEnum.HR,
|
// RoleEnum.HR,
|
||||||
RoleEnum.SUPERVISOR,
|
// RoleEnum.SUPERVISOR,
|
||||||
RoleEnum.ADMIN,
|
// RoleEnum.ADMIN,
|
||||||
]
|
// ]
|
||||||
|
|
||||||
export const PAY_SERVICE: readonly RoleEnum[] = [
|
// export const PAY_SERVICE: readonly RoleEnum[] = [
|
||||||
RoleEnum.HR,
|
// RoleEnum.HR,
|
||||||
RoleEnum.ACCOUNTING,
|
// RoleEnum.ACCOUNTING,
|
||||||
]
|
// ]
|
||||||
|
|
@ -7,8 +7,6 @@ import { EmployeesService } from "src/identity-and-account/employees/services/em
|
||||||
import { ModuleAccessAllowed } from "src/common/decorators/modules-guard.decorators";
|
import { ModuleAccessAllowed } from "src/common/decorators/modules-guard.decorators";
|
||||||
import { Modules as ModulesEnum } from ".prisma/client";
|
import { Modules as ModulesEnum } from ".prisma/client";
|
||||||
|
|
||||||
//TODO: create a custom decorator to replace the findModuleAcces call function
|
|
||||||
|
|
||||||
@Controller('employees')
|
@Controller('employees')
|
||||||
export class EmployeesController {
|
export class EmployeesController {
|
||||||
constructor(private readonly employeesService: EmployeesService) { }
|
constructor(private readonly employeesService: EmployeesService) { }
|
||||||
|
|
|
||||||
|
|
@ -1,20 +1,24 @@
|
||||||
import { Body, Controller, Get, Patch, Query, Req } from "@nestjs/common";
|
import { Body, Controller, Get, Patch, Query } from "@nestjs/common";
|
||||||
import { PreferencesService } from "../services/preferences.service";
|
import { PreferencesService } from "../services/preferences.service";
|
||||||
import { PreferencesDto } from "../dtos/preferences.dto";
|
import { PreferencesDto } from "../dtos/preferences.dto";
|
||||||
import { Result } from "src/common/errors/result-error.factory";
|
import { Result } from "src/common/errors/result-error.factory";
|
||||||
import { Access } from "src/common/decorators/module-access.decorators";
|
import { Access } from "src/common/decorators/module-access.decorators";
|
||||||
|
import { ModuleAccessAllowed } from "src/common/decorators/modules-guard.decorators";
|
||||||
|
import { Modules as ModulesEnum } from ".prisma/client";
|
||||||
|
|
||||||
@Controller('preferences')
|
@Controller('preferences')
|
||||||
export class PreferencesController {
|
export class PreferencesController {
|
||||||
constructor(private readonly service: PreferencesService) { }
|
constructor(private readonly service: PreferencesService) { }
|
||||||
|
|
||||||
@Patch('update')
|
@Patch('update')
|
||||||
|
@ModuleAccessAllowed(ModulesEnum.personal_profile)
|
||||||
async updatePreferences(@Access('email') email: string, @Body() payload: PreferencesDto
|
async updatePreferences(@Access('email') email: string, @Body() payload: PreferencesDto
|
||||||
): Promise<Result<PreferencesDto, string>> {
|
): Promise<Result<PreferencesDto, string>> {
|
||||||
return this.service.updatePreferences(email, payload);
|
return this.service.updatePreferences(email, payload);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Get()
|
@Get()
|
||||||
|
@ModuleAccessAllowed(ModulesEnum.personal_profile)
|
||||||
async findPreferences(@Access('email') email: string, @Query() employee_email?: string) {
|
async findPreferences(@Access('email') email: string, @Query() employee_email?: string) {
|
||||||
return this.service.findPreferences(email, employee_email);
|
return this.service.findPreferences(email, employee_email);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -4,6 +4,8 @@ import { Result } from "src/common/errors/result-error.factory";
|
||||||
import { ModuleAccess } from "src/identity-and-account/user-module-access/dtos/module-acces.dto";
|
import { ModuleAccess } from "src/identity-and-account/user-module-access/dtos/module-acces.dto";
|
||||||
import { AccessGetService } from "src/identity-and-account/user-module-access/services/module-access-get.service";
|
import { AccessGetService } from "src/identity-and-account/user-module-access/services/module-access-get.service";
|
||||||
import { AccessUpdateService } from "src/identity-and-account/user-module-access/services/module-access-update.service";
|
import { AccessUpdateService } from "src/identity-and-account/user-module-access/services/module-access-update.service";
|
||||||
|
import { ModuleAccessAllowed } from "src/common/decorators/modules-guard.decorators";
|
||||||
|
import { Modules as ModulesEnum } from ".prisma/client";
|
||||||
|
|
||||||
@Controller('module_access')
|
@Controller('module_access')
|
||||||
export class ModuleAccessController {
|
export class ModuleAccessController {
|
||||||
|
|
@ -13,24 +15,17 @@ export class ModuleAccessController {
|
||||||
) { }
|
) { }
|
||||||
|
|
||||||
@Get()
|
@Get()
|
||||||
|
@ModuleAccessAllowed(ModulesEnum.employee_management)
|
||||||
async findAccess(@Access('email') email: string, @Query('employee_email') employee_email?: string
|
async findAccess(@Access('email') email: string, @Query('employee_email') employee_email?: string
|
||||||
): Promise<Result<boolean, string>> {
|
): Promise<Result<boolean, string>> {
|
||||||
const granted_access = await this.getService.findModuleAccess(email);
|
|
||||||
if (!granted_access.success) return { success: false, error: 'INVALID_USER' };
|
|
||||||
if (!granted_access.data.employee_management) return { success: false, error: 'UNAUTHORIZED_ACCESS' };
|
|
||||||
|
|
||||||
await this.getService.findModuleAccess(email, employee_email);
|
await this.getService.findModuleAccess(email, employee_email);
|
||||||
return { success: true, data: true };
|
return { success: true, data: true };
|
||||||
};
|
};
|
||||||
|
|
||||||
@Patch('update')
|
@Patch('update')
|
||||||
|
@ModuleAccessAllowed(ModulesEnum.employee_management)
|
||||||
async updateAccess(@Access('email') email: string, @Body() dto: ModuleAccess, @Query('employee_email') employee_email?: string
|
async updateAccess(@Access('email') email: string, @Body() dto: ModuleAccess, @Query('employee_email') employee_email?: string
|
||||||
): Promise<Result<boolean, string>> {
|
): Promise<Result<boolean, string>> {
|
||||||
const granted_access = await this.getService.findModuleAccess(email);
|
|
||||||
if (!granted_access.success) return { success: false, error: 'INVALID_USER' };
|
|
||||||
//check if credentials are enough to use this resource
|
|
||||||
if (!granted_access.data.employee_management) return { success: false, error: 'UNAUTHORIZED_ACCESS' };
|
|
||||||
|
|
||||||
await this.updateService.updateModuleAccess(email, dto, employee_email);
|
await this.updateService.updateModuleAccess(email, dto, employee_email);
|
||||||
return { success: true, data: true };
|
return { success: true, data: true };
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user