This commit is contained in:
2026-06-28 20:32:52 +03:30
parent 7a5b3f0bea
commit bf35179d55
45 changed files with 1555 additions and 46 deletions
+20 -3
View File
@@ -1,6 +1,12 @@
import { Injectable, NotFoundException } from '@nestjs/common';
import {
ForbiddenException,
Injectable,
NotFoundException,
} from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import { CustomerPolicy } from '../authorization/policies/customer.policy';
import { AuthUser } from '../auth/interfaces/auth-user.interface';
import { UserRole } from '../users/enums/user-role.enum';
import { UsersService } from '../users/users.service';
import { CreateCustomerDto } from './dto/create-customer.dto';
@@ -13,6 +19,7 @@ export class CustomersService {
@InjectRepository(Customer)
private readonly customersRepository: Repository<Customer>,
private readonly usersService: UsersService,
private readonly customerPolicy: CustomerPolicy,
) {}
async create(createCustomerDto: CreateCustomerDto): Promise<Customer> {
@@ -37,7 +44,7 @@ export class CustomersService {
return this.customersRepository.find({ relations: { user: true } });
}
async findOne(id: string): Promise<Customer> {
async findOne(id: string, user?: AuthUser): Promise<Customer> {
const customer = await this.customersRepository.findOne({
where: { id },
relations: { user: true },
@@ -45,14 +52,24 @@ export class CustomersService {
if (!customer) {
throw new NotFoundException(`Customer #${id} not found`);
}
if (user && !this.customerPolicy.canRead(user, customer)) {
throw new ForbiddenException();
}
return customer;
}
async update(
id: string,
updateCustomerDto: UpdateCustomerDto,
user: AuthUser,
): Promise<Customer> {
const customer = await this.findOne(id);
if (!this.customerPolicy.canUpdate(user, customer)) {
throw new ForbiddenException();
}
const { firstName, lastName, mobile, dateOfBirth, address } =
updateCustomerDto;
@@ -76,7 +93,7 @@ export class CustomersService {
}
await this.customersRepository.save(customer);
return this.findOne(customer.id);
return this.findOne(customer.id, user);
}
async remove(id: string): Promise<void> {