fix(employee) change dto so that module access is typesafe, modify update route to exclude session email

docs/swagger/swagger-spec.json

@@ -542,6 +542,16 @@
       "patch": {
         "operationId": "EmployeesController_updateEmployee",
         "parameters": [],
+        "requestBody": {
+          "required": true,
+          "content": {
+            "application/json": {
+              "schema": {
+                "$ref": "#/components/schemas/EmployeeDetailedDto"
+              }
+            }
+          }
+        },
         "responses": {
           "200": {
             "description": ""

src/identity-and-account/employees/controllers/employees.controller.ts

@@ -44,7 +44,7 @@ export class EmployeesController {
 
 	@Patch('update')
 	@ModuleAccessAllowed(ModulesEnum.employee_management)
-	async updateEmployee(@Access('email') email:string, dto:EmployeeDetailedDto, employee_email?: string){
-		return await this.updateService.updateEmployee(email, dto, employee_email);
+	async updateEmployee(@Body() dto:EmployeeDetailedDto){
+		return await this.updateService.updateEmployee(dto);
 	}
 }

src/identity-and-account/employees/dtos/employee-detailed.dto.ts

@@ -15,5 +15,5 @@ export class EmployeeDetailedDto {
     @IsDateString() @IsOptional() last_work_day?: string;
     @IsString() @IsOptional() residence?: string;
     @IsInt() @IsPositive() @Type(() => Number) external_payroll_id: number;
-    @IsString() @IsArray() user_module_access: string[];
+    @IsArray() @IsString({ each: true }) user_module_access: string[];
 }