refactor(expenses): added email to req inside controller and pass email to the function to pin point the right timesheet

src/time-and-attendance/modules/expenses/controllers/expense.controller.ts

@@ -1,4 +1,4 @@
-import { Controller, Post, Param, ParseIntPipe, Body, Patch, Delete } from "@nestjs/common";
+import { Controller, Post, Param, Body, Patch, Delete, Req, UnauthorizedException } from "@nestjs/common";
 import { CreateExpenseResult, UpdateExpenseResult } from "src/time-and-attendance/utils/type.utils";
 import { ExpenseUpsertService } from "src/time-and-attendance/modules/expenses/services/expense-upsert.service";
 import { updateExpenseDto } from "src/time-and-attendance/modules/expenses/dtos/expense-update.dto";
@@ -10,8 +10,10 @@ export class ExpenseController {
     constructor( private readonly upsert_service: ExpenseUpsertService ){}
 
     @Post('create')
-    create(@Body() dto: ExpenseDto): Promise<CreateExpenseResult>{
+    create( @Req() req, @Body() dto: ExpenseDto): Promise<CreateExpenseResult>{
-        return this.upsert_service.createExpense(dto);
+        const email = req.user?.email;
+        if(!email) throw new UnauthorizedException('Unauthorized User');
+        return this.upsert_service.createExpense(dto, email);
     }
 
     @Patch('update')

src/time-and-attendance/modules/expenses/services/expense-upsert.service.ts

@@ -1,22 +1,29 @@
 
 import { CreateExpenseResult, UpdateExpensePayload, UpdateExpenseResult, DeleteExpenseResult, NormalizedExpense } from "src/time-and-attendance/utils/type.utils";
 import { toDateFromString, toStringFromDate } from "src/time-and-attendance/utils/date-time.utils";
-import { Injectable, NotFoundException } from "@nestjs/common";
+import { Injectable, NotFoundException, Req } from "@nestjs/common";
 import { expense_select } from "src/time-and-attendance/utils/selects.utils";
 import { PrismaService } from "src/prisma/prisma.service";
 import { GetExpenseDto } from "src/time-and-attendance/modules/expenses/dtos/expense-get.dto";
 import { ExpenseDto } from "src/time-and-attendance/modules/expenses/dtos/expense-create.dto";
+import { EmailToIdResolver } from "src/time-and-attendance/modules/shared/utils/resolve-email-id.utils";
 
 
 @Injectable()
 export class ExpenseUpsertService {
-    constructor(private readonly prisma: PrismaService) { }
+    constructor(
+        private readonly prisma: PrismaService,
+        private readonly emailResolver: EmailToIdResolver,
+    ) { }
 
     //_________________________________________________________________
     //                              CREATE
     //_________________________________________________________________
-    async createExpense( dto: ExpenseDto): Promise<CreateExpenseResult> {
+    async createExpense( dto: ExpenseDto, email: string): Promise<CreateExpenseResult> {
         try {
+            //fetch employee_id using req.user.email
+            const employee_id = await this.emailResolver.findIdByEmail(email);
+
             //normalize strings and dates
             const normed_expense = this.normalizeExpenseDto(dto);
 
@@ -25,11 +32,12 @@ export class ExpenseUpsertService {
             const parsed_mileage = this.parseOptionalNumber(dto.mileage, "mileage");
             const parsed_attachment = this.parseOptionalNumber(dto.attachment, "attachment");
 
-            const timesheet = await this.prisma.timesheets.findUnique({
+            const timesheet = await this.prisma.timesheets.findFirst({
-                where: { id: dto.timesheet_id },
+                where: { id: dto.timesheet_id, employee_id: employee_id },
-                select: { id: true },
+                select: { id: true, employee_id: true },
             });
             if(!timesheet) throw new NotFoundException(`Timesheet with id ${dto.timesheet_id} not found`);
+            
             //create a new expense
             const expense = await this.prisma.expenses.create({
                 data: {