sofiane1234/ptitspas-ynov-back
1
0
Fork 0
forked from Ynov/ptitspas-ynov-back
Code Pull Requests Activity

now more role specific

Browse Source
This commit is contained in:
sdraris 2025-10-02 11:17:22 +02:00
parent c9f58a81f1
commit 753237ee83
2 changed files with 48 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/routes/enfants/enfants.controller.ts
View File

@ -13,40 +13,56 @@ import { ApiBearerAuth, ApiTags } from '@nestjs/swagger';
import { EnfantsService } from './enfants.service'; import { EnfantsService } from './enfants.service';
import { CreateEnfantsDto } from './dto/create_enfants.dto'; import { CreateEnfantsDto } from './dto/create_enfants.dto';
import { UpdateEnfantsDto } from './dto/update_enfants.dto'; import { UpdateEnfantsDto } from './dto/update_enfants.dto';
import { Users } from 'src/entities/users.entity'; import { RoleType, Users } from 'src/entities/users.entity';
import { User } from 'src/common/decorators/user.decorator'; import { User } from 'src/common/decorators/user.decorator';
import { AuthGuard } from 'src/common/guards/auth.guard'; import { AuthGuard } from 'src/common/guards/auth.guard';
import { Roles } from 'src/common/decorators/roles.decorator';
import { RolesGuard } from 'src/common/guards/roles.guard';
@ApiBearerAuth('access-token') @ApiBearerAuth('access-token')
@ApiTags('Enfants') @ApiTags('Enfants')
@UseGuards(AuthGuard) @UseGuards(AuthGuard, RolesGuard)
@Controller('enfants') @Controller('enfants')
export class EnfantsController { export class EnfantsController {
constructor(private readonly enfantsService: EnfantsService) { } constructor(private readonly enfantsService: EnfantsService) { }
@Roles(RoleType.PARENT)
@Post() @Post()
create(@Body() dto: CreateEnfantsDto, @User() currentUser: Users) { create(@Body() dto: CreateEnfantsDto, @User() currentUser: Users) {
return this.enfantsService.create(dto, currentUser); return this.enfantsService.create(dto, currentUser);
} }
@Roles(RoleType.ADMINISTRATEUR, RoleType.GESTIONNAIRE, RoleType.SUPER_ADMIN)
@Get() @Get()
findAll() { findAll() {
return this.enfantsService.findAll(); return this.enfantsService.findAll();
} }
@Roles(
RoleType.PARENT,
RoleType.ADMINISTRATEUR,
RoleType.SUPER_ADMIN,
RoleType.GESTIONNAIRE
)
@Get(':id') @Get(':id')
findOne(@Param('id', new ParseUUIDPipe()) id: string) { findOne(
return this.enfantsService.findOne(id); @Param('id', new ParseUUIDPipe()) id: string,
@User() currentUser: Users
) {
return this.enfantsService.findOne(id, currentUser);
} }
@Roles(RoleType.ADMINISTRATEUR, RoleType.SUPER_ADMIN, RoleType.PARENT)
@Patch(':id') @Patch(':id')
update( update(
@Param('id', new ParseUUIDPipe()) id: string, @Param('id', new ParseUUIDPipe()) id: string,
@Body() dto: UpdateEnfantsDto, @Body() dto: UpdateEnfantsDto,
@User() currentUser: Users,
) { ) {
return this.enfantsService.update(id, dto); return this.enfantsService.update(id, dto, currentUser);
} }
@Roles(RoleType.SUPER_ADMIN)
@Delete(':id') @Delete(':id')
remove(@Param('id', new ParseUUIDPipe()) id: string) { remove(@Param('id', new ParseUUIDPipe()) id: string) {
return this.enfantsService.remove(id); return this.enfantsService.remove(id);

30
src/routes/enfants/enfants.service.ts
View File

@ -1,6 +1,7 @@
import { import {
BadRequestException, BadRequestException,
ConflictException, ConflictException,
ForbiddenException,
Injectable, Injectable,
NotFoundException, NotFoundException,
} from '@nestjs/common'; } from '@nestjs/common';
@ -9,7 +10,7 @@ import { Repository } from 'typeorm';
import { Children, StatutEnfantType } from 'src/entities/children.entity'; import { Children, StatutEnfantType } from 'src/entities/children.entity';
import { Parents } from 'src/entities/parents.entity'; import { Parents } from 'src/entities/parents.entity';
import { ParentsChildren } from 'src/entities/parents_children.entity'; import { ParentsChildren } from 'src/entities/parents_children.entity';
import { Users } from 'src/entities/users.entity'; import { RoleType, Users } from 'src/entities/users.entity';
import { CreateEnfantsDto } from './dto/create_enfants.dto'; import { CreateEnfantsDto } from './dto/create_enfants.dto';
@Injectable() @Injectable()
@ -56,7 +57,7 @@ export class EnfantsService {
}); });
await this.parentsChildrenRepository.save(parentLink); await this.parentsChildrenRepository.save(parentLink);
return this.findOne(child.id); return this.findOne(child.id, currentUser);
} }
// Liste des enfants // Liste des enfants
@ -68,22 +69,41 @@ export class EnfantsService {
} }
// Récupérer un enfant par id // Récupérer un enfant par id
async findOne(id: string): Promise<Children> { async findOne(id: string, currentUser: Users): Promise<Children> {
const child = await this.childrenRepository.findOne({ const child = await this.childrenRepository.findOne({
where: { id }, where: { id },
relations: ['parentLinks'], relations: ['parentLinks'],
}); });
if (!child) throw new NotFoundException('Enfant introuvable'); if (!child) throw new NotFoundException('Enfant introuvable');
switch (currentUser.role) {
case RoleType.PARENT:
if (!child.parentLinks.some(link => link.parentId === currentUser.id)) {
throw new ForbiddenException('Cet enfant ne vous appartient pas');
}
break;
case RoleType.ADMINISTRATEUR:
case RoleType.SUPER_ADMIN:
case RoleType.GESTIONNAIRE:
// accès complet
break;
default:
throw new ForbiddenException('Accès interdit');
}
return child; return child;
} }
// Mise à jour // Mise à jour
async update(id: string, dto: Partial<CreateEnfantsDto>): Promise<Children> { async update(id: string, dto: Partial<CreateEnfantsDto>, currentUser: Users): Promise<Children> {
const child = await this.childrenRepository.findOne({ where: { id } }); const child = await this.childrenRepository.findOne({ where: { id } });
if (!child) throw new NotFoundException('Enfant introuvable'); if (!child) throw new NotFoundException('Enfant introuvable');
await this.childrenRepository.update(id, dto); await this.childrenRepository.update(id, dto);
return this.findOne(id); return this.findOne(id, currentUser);
} }
// Suppression // Suppression