auth
This commit is contained in:
@@ -1,10 +1,13 @@
|
||||
import {
|
||||
BadRequestException,
|
||||
ForbiddenException,
|
||||
Injectable,
|
||||
NotFoundException,
|
||||
} from '@nestjs/common';
|
||||
import { InjectRepository } from '@nestjs/typeorm';
|
||||
import { Repository } from 'typeorm';
|
||||
import { SalonPolicy } from '../authorization/policies/salon.policy';
|
||||
import { AuthUser } from '../auth/interfaces/auth-user.interface';
|
||||
import { UserRole } from '../users/enums/user-role.enum';
|
||||
import { UsersService } from '../users/users.service';
|
||||
import { CreateSalonDto } from './dto/create-salon.dto';
|
||||
@@ -17,15 +20,28 @@ export class SalonsService {
|
||||
@InjectRepository(Salon)
|
||||
private readonly salonsRepository: Repository<Salon>,
|
||||
private readonly usersService: UsersService,
|
||||
private readonly salonPolicy: SalonPolicy,
|
||||
) {}
|
||||
|
||||
async create(createSalonDto: CreateSalonDto): Promise<Salon> {
|
||||
await this.ensureOwnerIsSalonOwner(createSalonDto.ownerId);
|
||||
const salon = this.salonsRepository.create(createSalonDto);
|
||||
async create(createSalonDto: CreateSalonDto, user: AuthUser): Promise<Salon> {
|
||||
const ownerId = this.resolveOwnerId(createSalonDto, user);
|
||||
await this.ensureOwnerIsSalonOwner(ownerId);
|
||||
|
||||
const salon = this.salonsRepository.create({
|
||||
...createSalonDto,
|
||||
ownerId,
|
||||
});
|
||||
return this.salonsRepository.save(salon);
|
||||
}
|
||||
|
||||
findAll(): Promise<Salon[]> {
|
||||
findAll(user?: AuthUser): Promise<Salon[]> {
|
||||
if (user?.role === UserRole.SALON) {
|
||||
return this.salonsRepository.find({
|
||||
where: { ownerId: user.id },
|
||||
relations: { owner: true },
|
||||
});
|
||||
}
|
||||
|
||||
return this.salonsRepository.find({ relations: { owner: true } });
|
||||
}
|
||||
|
||||
@@ -40,17 +56,42 @@ export class SalonsService {
|
||||
return salon;
|
||||
}
|
||||
|
||||
async update(id: string, updateSalonDto: UpdateSalonDto): Promise<Salon> {
|
||||
async update(
|
||||
id: string,
|
||||
updateSalonDto: UpdateSalonDto,
|
||||
user: AuthUser,
|
||||
): Promise<Salon> {
|
||||
const salon = await this.findOne(id);
|
||||
if (!this.salonPolicy.canUpdate(user, salon)) {
|
||||
throw new ForbiddenException();
|
||||
}
|
||||
Object.assign(salon, updateSalonDto);
|
||||
return this.salonsRepository.save(salon);
|
||||
}
|
||||
|
||||
async remove(id: string): Promise<void> {
|
||||
async remove(id: string, user: AuthUser): Promise<void> {
|
||||
const salon = await this.findOne(id);
|
||||
if (!this.salonPolicy.canDelete(user, salon)) {
|
||||
throw new ForbiddenException();
|
||||
}
|
||||
await this.salonsRepository.remove(salon);
|
||||
}
|
||||
|
||||
private resolveOwnerId(
|
||||
createSalonDto: CreateSalonDto,
|
||||
user: AuthUser,
|
||||
): string {
|
||||
if (user.role === UserRole.SALON) {
|
||||
return user.id;
|
||||
}
|
||||
|
||||
if (!createSalonDto.ownerId) {
|
||||
throw new BadRequestException('ownerId is required for admin');
|
||||
}
|
||||
|
||||
return createSalonDto.ownerId;
|
||||
}
|
||||
|
||||
private async ensureOwnerIsSalonOwner(ownerId: string): Promise<void> {
|
||||
const owner = await this.usersService.findOne(ownerId);
|
||||
if (owner.role !== UserRole.SALON) {
|
||||
|
||||
Reference in New Issue
Block a user