auth
This commit is contained in:
@@ -1,6 +1,12 @@
|
||||
import { Injectable, NotFoundException } from '@nestjs/common';
|
||||
import {
|
||||
ForbiddenException,
|
||||
Injectable,
|
||||
NotFoundException,
|
||||
} from '@nestjs/common';
|
||||
import { InjectRepository } from '@nestjs/typeorm';
|
||||
import { Repository } from 'typeorm';
|
||||
import { CustomerPolicy } from '../authorization/policies/customer.policy';
|
||||
import { AuthUser } from '../auth/interfaces/auth-user.interface';
|
||||
import { UserRole } from '../users/enums/user-role.enum';
|
||||
import { UsersService } from '../users/users.service';
|
||||
import { CreateCustomerDto } from './dto/create-customer.dto';
|
||||
@@ -13,6 +19,7 @@ export class CustomersService {
|
||||
@InjectRepository(Customer)
|
||||
private readonly customersRepository: Repository<Customer>,
|
||||
private readonly usersService: UsersService,
|
||||
private readonly customerPolicy: CustomerPolicy,
|
||||
) {}
|
||||
|
||||
async create(createCustomerDto: CreateCustomerDto): Promise<Customer> {
|
||||
@@ -37,7 +44,7 @@ export class CustomersService {
|
||||
return this.customersRepository.find({ relations: { user: true } });
|
||||
}
|
||||
|
||||
async findOne(id: string): Promise<Customer> {
|
||||
async findOne(id: string, user?: AuthUser): Promise<Customer> {
|
||||
const customer = await this.customersRepository.findOne({
|
||||
where: { id },
|
||||
relations: { user: true },
|
||||
@@ -45,14 +52,24 @@ export class CustomersService {
|
||||
if (!customer) {
|
||||
throw new NotFoundException(`Customer #${id} not found`);
|
||||
}
|
||||
|
||||
if (user && !this.customerPolicy.canRead(user, customer)) {
|
||||
throw new ForbiddenException();
|
||||
}
|
||||
|
||||
return customer;
|
||||
}
|
||||
|
||||
async update(
|
||||
id: string,
|
||||
updateCustomerDto: UpdateCustomerDto,
|
||||
user: AuthUser,
|
||||
): Promise<Customer> {
|
||||
const customer = await this.findOne(id);
|
||||
if (!this.customerPolicy.canUpdate(user, customer)) {
|
||||
throw new ForbiddenException();
|
||||
}
|
||||
|
||||
const { firstName, lastName, mobile, dateOfBirth, address } =
|
||||
updateCustomerDto;
|
||||
|
||||
@@ -76,7 +93,7 @@ export class CustomersService {
|
||||
}
|
||||
|
||||
await this.customersRepository.save(customer);
|
||||
return this.findOne(customer.id);
|
||||
return this.findOne(customer.id, user);
|
||||
}
|
||||
|
||||
async remove(id: string): Promise<void> {
|
||||
|
||||
Reference in New Issue
Block a user