forked from Ynov/ptitspas-ynov-back
now more role specific
This commit is contained in:
parent
c9f58a81f1
commit
753237ee83
@ -13,40 +13,56 @@ import { ApiBearerAuth, ApiTags } from '@nestjs/swagger';
|
||||
import { EnfantsService } from './enfants.service';
|
||||
import { CreateEnfantsDto } from './dto/create_enfants.dto';
|
||||
import { UpdateEnfantsDto } from './dto/update_enfants.dto';
|
||||
import { Users } from 'src/entities/users.entity';
|
||||
import { RoleType, Users } from 'src/entities/users.entity';
|
||||
import { User } from 'src/common/decorators/user.decorator';
|
||||
import { AuthGuard } from 'src/common/guards/auth.guard';
|
||||
import { Roles } from 'src/common/decorators/roles.decorator';
|
||||
import { RolesGuard } from 'src/common/guards/roles.guard';
|
||||
|
||||
@ApiBearerAuth('access-token')
|
||||
@ApiTags('Enfants')
|
||||
@UseGuards(AuthGuard)
|
||||
@UseGuards(AuthGuard, RolesGuard)
|
||||
@Controller('enfants')
|
||||
export class EnfantsController {
|
||||
constructor(private readonly enfantsService: EnfantsService) {}
|
||||
constructor(private readonly enfantsService: EnfantsService) { }
|
||||
|
||||
@Roles(RoleType.PARENT)
|
||||
@Post()
|
||||
create(@Body() dto: CreateEnfantsDto, @User() currentUser: Users) {
|
||||
return this.enfantsService.create(dto, currentUser);
|
||||
}
|
||||
|
||||
@Roles(RoleType.ADMINISTRATEUR, RoleType.GESTIONNAIRE, RoleType.SUPER_ADMIN)
|
||||
@Get()
|
||||
findAll() {
|
||||
return this.enfantsService.findAll();
|
||||
}
|
||||
|
||||
@Roles(
|
||||
RoleType.PARENT,
|
||||
RoleType.ADMINISTRATEUR,
|
||||
RoleType.SUPER_ADMIN,
|
||||
RoleType.GESTIONNAIRE
|
||||
)
|
||||
@Get(':id')
|
||||
findOne(@Param('id', new ParseUUIDPipe()) id: string) {
|
||||
return this.enfantsService.findOne(id);
|
||||
findOne(
|
||||
@Param('id', new ParseUUIDPipe()) id: string,
|
||||
@User() currentUser: Users
|
||||
) {
|
||||
return this.enfantsService.findOne(id, currentUser);
|
||||
}
|
||||
|
||||
@Roles(RoleType.ADMINISTRATEUR, RoleType.SUPER_ADMIN, RoleType.PARENT)
|
||||
@Patch(':id')
|
||||
update(
|
||||
@Param('id', new ParseUUIDPipe()) id: string,
|
||||
@Body() dto: UpdateEnfantsDto,
|
||||
@User() currentUser: Users,
|
||||
) {
|
||||
return this.enfantsService.update(id, dto);
|
||||
return this.enfantsService.update(id, dto, currentUser);
|
||||
}
|
||||
|
||||
@Roles(RoleType.SUPER_ADMIN)
|
||||
@Delete(':id')
|
||||
remove(@Param('id', new ParseUUIDPipe()) id: string) {
|
||||
return this.enfantsService.remove(id);
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
import {
|
||||
BadRequestException,
|
||||
ConflictException,
|
||||
ForbiddenException,
|
||||
Injectable,
|
||||
NotFoundException,
|
||||
} from '@nestjs/common';
|
||||
@ -9,7 +10,7 @@ import { Repository } from 'typeorm';
|
||||
import { Children, StatutEnfantType } from 'src/entities/children.entity';
|
||||
import { Parents } from 'src/entities/parents.entity';
|
||||
import { ParentsChildren } from 'src/entities/parents_children.entity';
|
||||
import { Users } from 'src/entities/users.entity';
|
||||
import { RoleType, Users } from 'src/entities/users.entity';
|
||||
import { CreateEnfantsDto } from './dto/create_enfants.dto';
|
||||
|
||||
@Injectable()
|
||||
@ -21,7 +22,7 @@ export class EnfantsService {
|
||||
private readonly parentsRepository: Repository<Parents>,
|
||||
@InjectRepository(ParentsChildren)
|
||||
private readonly parentsChildrenRepository: Repository<ParentsChildren>,
|
||||
) {}
|
||||
) { }
|
||||
|
||||
// Création d’un enfant
|
||||
async create(dto: CreateEnfantsDto, currentUser: Users): Promise<Children> {
|
||||
@ -56,7 +57,7 @@ export class EnfantsService {
|
||||
});
|
||||
await this.parentsChildrenRepository.save(parentLink);
|
||||
|
||||
return this.findOne(child.id);
|
||||
return this.findOne(child.id, currentUser);
|
||||
}
|
||||
|
||||
// Liste des enfants
|
||||
@ -68,22 +69,41 @@ export class EnfantsService {
|
||||
}
|
||||
|
||||
// Récupérer un enfant par id
|
||||
async findOne(id: string): Promise<Children> {
|
||||
async findOne(id: string, currentUser: Users): Promise<Children> {
|
||||
const child = await this.childrenRepository.findOne({
|
||||
where: { id },
|
||||
relations: ['parentLinks'],
|
||||
});
|
||||
if (!child) throw new NotFoundException('Enfant introuvable');
|
||||
|
||||
switch (currentUser.role) {
|
||||
case RoleType.PARENT:
|
||||
if (!child.parentLinks.some(link => link.parentId === currentUser.id)) {
|
||||
throw new ForbiddenException('Cet enfant ne vous appartient pas');
|
||||
}
|
||||
break;
|
||||
|
||||
case RoleType.ADMINISTRATEUR:
|
||||
case RoleType.SUPER_ADMIN:
|
||||
case RoleType.GESTIONNAIRE:
|
||||
// accès complet
|
||||
break;
|
||||
|
||||
default:
|
||||
throw new ForbiddenException('Accès interdit');
|
||||
}
|
||||
|
||||
return child;
|
||||
}
|
||||
|
||||
|
||||
// Mise à jour
|
||||
async update(id: string, dto: Partial<CreateEnfantsDto>): Promise<Children> {
|
||||
async update(id: string, dto: Partial<CreateEnfantsDto>, currentUser: Users): Promise<Children> {
|
||||
const child = await this.childrenRepository.findOne({ where: { id } });
|
||||
if (!child) throw new NotFoundException('Enfant introuvable');
|
||||
|
||||
await this.childrenRepository.update(id, dto);
|
||||
return this.findOne(id);
|
||||
return this.findOne(id, currentUser);
|
||||
}
|
||||
|
||||
// Suppression
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user