feat(timesheets): implement role guards for timesheets

src/time-and-attendance/expenses/controllers/expense.controller.ts

@@ -16,8 +16,7 @@ export class ExpenseController {
     }
 
     @Patch('update')
-    update(
+    update(@Body() body: { update :{ id: number; dto: updateExpenseDto }}): Promise<UpdateExpenseResult>{
-    @Body() body: { update :{ id: number; dto: updateExpenseDto }}): Promise<UpdateExpenseResult>{
         return this.upsert_service.updateExpense(body.update);
     }
 

src/time-and-attendance/leave-requests/controllers/leave-requests.controller.ts

@@ -14,16 +14,7 @@ export class LeaveRequestController {
     async upsertLeaveRequest(@Body() dto: UpsertLeaveRequestDto) {
         const  { action, leave_requests } = await this.leave_service.handle(dto);
         return { action, leave_requests };
-    }q
+    }
-
-    //TODO:
-    /*
-    @Get('archive')
-    findAllArchived(){...}
-
-    @Get('archive/:id')
-    findOneArchived(id){...}
-    */
 
 }
 

src/time-and-attendance/time-tracker/timesheets/controllers/timesheet.controller.ts

@@ -1,11 +1,15 @@
 import { Controller, Get, ParseIntPipe, Query, Req, UnauthorizedException} from "@nestjs/common";
+import { RolesAllowed } from "src/common/decorators/roles.decorators";
 import { GetTimesheetsOverviewService } from "src/time-and-attendance/time-tracker/timesheets/services/timesheet-get-overview.service";
+import { Roles as RoleEnum } from '.prisma/client';
+
 
 @Controller('timesheets')
 export class TimesheetController {
     constructor( private readonly timesheetOverview: GetTimesheetsOverviewService ){}
 
     @Get()
+    @RolesAllowed(RoleEnum.SUPERVISOR, RoleEnum.HR, RoleEnum.ACCOUNTING, RoleEnum.ADMIN)
     async getTimesheetByIds( 
     @Req() req,
     @Query('year', ParseIntPipe)           year:           number,