forked from Ynov/ptitspas-ynov-back
now more role specific
This commit is contained in:
parent
c9f58a81f1
commit
753237ee83
@ -13,40 +13,56 @@ import { ApiBearerAuth, ApiTags } from '@nestjs/swagger';
|
|||||||
import { EnfantsService } from './enfants.service';
|
import { EnfantsService } from './enfants.service';
|
||||||
import { CreateEnfantsDto } from './dto/create_enfants.dto';
|
import { CreateEnfantsDto } from './dto/create_enfants.dto';
|
||||||
import { UpdateEnfantsDto } from './dto/update_enfants.dto';
|
import { UpdateEnfantsDto } from './dto/update_enfants.dto';
|
||||||
import { Users } from 'src/entities/users.entity';
|
import { RoleType, Users } from 'src/entities/users.entity';
|
||||||
import { User } from 'src/common/decorators/user.decorator';
|
import { User } from 'src/common/decorators/user.decorator';
|
||||||
import { AuthGuard } from 'src/common/guards/auth.guard';
|
import { AuthGuard } from 'src/common/guards/auth.guard';
|
||||||
|
import { Roles } from 'src/common/decorators/roles.decorator';
|
||||||
|
import { RolesGuard } from 'src/common/guards/roles.guard';
|
||||||
|
|
||||||
@ApiBearerAuth('access-token')
|
@ApiBearerAuth('access-token')
|
||||||
@ApiTags('Enfants')
|
@ApiTags('Enfants')
|
||||||
@UseGuards(AuthGuard)
|
@UseGuards(AuthGuard, RolesGuard)
|
||||||
@Controller('enfants')
|
@Controller('enfants')
|
||||||
export class EnfantsController {
|
export class EnfantsController {
|
||||||
constructor(private readonly enfantsService: EnfantsService) {}
|
constructor(private readonly enfantsService: EnfantsService) { }
|
||||||
|
|
||||||
|
@Roles(RoleType.PARENT)
|
||||||
@Post()
|
@Post()
|
||||||
create(@Body() dto: CreateEnfantsDto, @User() currentUser: Users) {
|
create(@Body() dto: CreateEnfantsDto, @User() currentUser: Users) {
|
||||||
return this.enfantsService.create(dto, currentUser);
|
return this.enfantsService.create(dto, currentUser);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Roles(RoleType.ADMINISTRATEUR, RoleType.GESTIONNAIRE, RoleType.SUPER_ADMIN)
|
||||||
@Get()
|
@Get()
|
||||||
findAll() {
|
findAll() {
|
||||||
return this.enfantsService.findAll();
|
return this.enfantsService.findAll();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Roles(
|
||||||
|
RoleType.PARENT,
|
||||||
|
RoleType.ADMINISTRATEUR,
|
||||||
|
RoleType.SUPER_ADMIN,
|
||||||
|
RoleType.GESTIONNAIRE
|
||||||
|
)
|
||||||
@Get(':id')
|
@Get(':id')
|
||||||
findOne(@Param('id', new ParseUUIDPipe()) id: string) {
|
findOne(
|
||||||
return this.enfantsService.findOne(id);
|
@Param('id', new ParseUUIDPipe()) id: string,
|
||||||
|
@User() currentUser: Users
|
||||||
|
) {
|
||||||
|
return this.enfantsService.findOne(id, currentUser);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Roles(RoleType.ADMINISTRATEUR, RoleType.SUPER_ADMIN, RoleType.PARENT)
|
||||||
@Patch(':id')
|
@Patch(':id')
|
||||||
update(
|
update(
|
||||||
@Param('id', new ParseUUIDPipe()) id: string,
|
@Param('id', new ParseUUIDPipe()) id: string,
|
||||||
@Body() dto: UpdateEnfantsDto,
|
@Body() dto: UpdateEnfantsDto,
|
||||||
|
@User() currentUser: Users,
|
||||||
) {
|
) {
|
||||||
return this.enfantsService.update(id, dto);
|
return this.enfantsService.update(id, dto, currentUser);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Roles(RoleType.SUPER_ADMIN)
|
||||||
@Delete(':id')
|
@Delete(':id')
|
||||||
remove(@Param('id', new ParseUUIDPipe()) id: string) {
|
remove(@Param('id', new ParseUUIDPipe()) id: string) {
|
||||||
return this.enfantsService.remove(id);
|
return this.enfantsService.remove(id);
|
||||||
|
|||||||
@ -1,6 +1,7 @@
|
|||||||
import {
|
import {
|
||||||
BadRequestException,
|
BadRequestException,
|
||||||
ConflictException,
|
ConflictException,
|
||||||
|
ForbiddenException,
|
||||||
Injectable,
|
Injectable,
|
||||||
NotFoundException,
|
NotFoundException,
|
||||||
} from '@nestjs/common';
|
} from '@nestjs/common';
|
||||||
@ -9,7 +10,7 @@ import { Repository } from 'typeorm';
|
|||||||
import { Children, StatutEnfantType } from 'src/entities/children.entity';
|
import { Children, StatutEnfantType } from 'src/entities/children.entity';
|
||||||
import { Parents } from 'src/entities/parents.entity';
|
import { Parents } from 'src/entities/parents.entity';
|
||||||
import { ParentsChildren } from 'src/entities/parents_children.entity';
|
import { ParentsChildren } from 'src/entities/parents_children.entity';
|
||||||
import { Users } from 'src/entities/users.entity';
|
import { RoleType, Users } from 'src/entities/users.entity';
|
||||||
import { CreateEnfantsDto } from './dto/create_enfants.dto';
|
import { CreateEnfantsDto } from './dto/create_enfants.dto';
|
||||||
|
|
||||||
@Injectable()
|
@Injectable()
|
||||||
@ -21,7 +22,7 @@ export class EnfantsService {
|
|||||||
private readonly parentsRepository: Repository<Parents>,
|
private readonly parentsRepository: Repository<Parents>,
|
||||||
@InjectRepository(ParentsChildren)
|
@InjectRepository(ParentsChildren)
|
||||||
private readonly parentsChildrenRepository: Repository<ParentsChildren>,
|
private readonly parentsChildrenRepository: Repository<ParentsChildren>,
|
||||||
) {}
|
) { }
|
||||||
|
|
||||||
// Création d’un enfant
|
// Création d’un enfant
|
||||||
async create(dto: CreateEnfantsDto, currentUser: Users): Promise<Children> {
|
async create(dto: CreateEnfantsDto, currentUser: Users): Promise<Children> {
|
||||||
@ -56,7 +57,7 @@ export class EnfantsService {
|
|||||||
});
|
});
|
||||||
await this.parentsChildrenRepository.save(parentLink);
|
await this.parentsChildrenRepository.save(parentLink);
|
||||||
|
|
||||||
return this.findOne(child.id);
|
return this.findOne(child.id, currentUser);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Liste des enfants
|
// Liste des enfants
|
||||||
@ -68,22 +69,41 @@ export class EnfantsService {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Récupérer un enfant par id
|
// Récupérer un enfant par id
|
||||||
async findOne(id: string): Promise<Children> {
|
async findOne(id: string, currentUser: Users): Promise<Children> {
|
||||||
const child = await this.childrenRepository.findOne({
|
const child = await this.childrenRepository.findOne({
|
||||||
where: { id },
|
where: { id },
|
||||||
relations: ['parentLinks'],
|
relations: ['parentLinks'],
|
||||||
});
|
});
|
||||||
if (!child) throw new NotFoundException('Enfant introuvable');
|
if (!child) throw new NotFoundException('Enfant introuvable');
|
||||||
|
|
||||||
|
switch (currentUser.role) {
|
||||||
|
case RoleType.PARENT:
|
||||||
|
if (!child.parentLinks.some(link => link.parentId === currentUser.id)) {
|
||||||
|
throw new ForbiddenException('Cet enfant ne vous appartient pas');
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
case RoleType.ADMINISTRATEUR:
|
||||||
|
case RoleType.SUPER_ADMIN:
|
||||||
|
case RoleType.GESTIONNAIRE:
|
||||||
|
// accès complet
|
||||||
|
break;
|
||||||
|
|
||||||
|
default:
|
||||||
|
throw new ForbiddenException('Accès interdit');
|
||||||
|
}
|
||||||
|
|
||||||
return child;
|
return child;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
// Mise à jour
|
// Mise à jour
|
||||||
async update(id: string, dto: Partial<CreateEnfantsDto>): Promise<Children> {
|
async update(id: string, dto: Partial<CreateEnfantsDto>, currentUser: Users): Promise<Children> {
|
||||||
const child = await this.childrenRepository.findOne({ where: { id } });
|
const child = await this.childrenRepository.findOne({ where: { id } });
|
||||||
if (!child) throw new NotFoundException('Enfant introuvable');
|
if (!child) throw new NotFoundException('Enfant introuvable');
|
||||||
|
|
||||||
await this.childrenRepository.update(id, dto);
|
await this.childrenRepository.update(id, dto);
|
||||||
return this.findOne(id);
|
return this.findOne(id, currentUser);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Suppression
|
// Suppression
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user