This commit is contained in:
2026-06-28 20:32:52 +03:30
parent 7a5b3f0bea
commit bf35179d55
45 changed files with 1555 additions and 46 deletions
+47 -6
View File
@@ -1,10 +1,13 @@
import {
BadRequestException,
ForbiddenException,
Injectable,
NotFoundException,
} from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import { SalonPolicy } from '../authorization/policies/salon.policy';
import { AuthUser } from '../auth/interfaces/auth-user.interface';
import { UserRole } from '../users/enums/user-role.enum';
import { UsersService } from '../users/users.service';
import { CreateSalonDto } from './dto/create-salon.dto';
@@ -17,15 +20,28 @@ export class SalonsService {
@InjectRepository(Salon)
private readonly salonsRepository: Repository<Salon>,
private readonly usersService: UsersService,
private readonly salonPolicy: SalonPolicy,
) {}
async create(createSalonDto: CreateSalonDto): Promise<Salon> {
await this.ensureOwnerIsSalonOwner(createSalonDto.ownerId);
const salon = this.salonsRepository.create(createSalonDto);
async create(createSalonDto: CreateSalonDto, user: AuthUser): Promise<Salon> {
const ownerId = this.resolveOwnerId(createSalonDto, user);
await this.ensureOwnerIsSalonOwner(ownerId);
const salon = this.salonsRepository.create({
...createSalonDto,
ownerId,
});
return this.salonsRepository.save(salon);
}
findAll(): Promise<Salon[]> {
findAll(user?: AuthUser): Promise<Salon[]> {
if (user?.role === UserRole.SALON) {
return this.salonsRepository.find({
where: { ownerId: user.id },
relations: { owner: true },
});
}
return this.salonsRepository.find({ relations: { owner: true } });
}
@@ -40,17 +56,42 @@ export class SalonsService {
return salon;
}
async update(id: string, updateSalonDto: UpdateSalonDto): Promise<Salon> {
async update(
id: string,
updateSalonDto: UpdateSalonDto,
user: AuthUser,
): Promise<Salon> {
const salon = await this.findOne(id);
if (!this.salonPolicy.canUpdate(user, salon)) {
throw new ForbiddenException();
}
Object.assign(salon, updateSalonDto);
return this.salonsRepository.save(salon);
}
async remove(id: string): Promise<void> {
async remove(id: string, user: AuthUser): Promise<void> {
const salon = await this.findOne(id);
if (!this.salonPolicy.canDelete(user, salon)) {
throw new ForbiddenException();
}
await this.salonsRepository.remove(salon);
}
private resolveOwnerId(
createSalonDto: CreateSalonDto,
user: AuthUser,
): string {
if (user.role === UserRole.SALON) {
return user.id;
}
if (!createSalonDto.ownerId) {
throw new BadRequestException('ownerId is required for admin');
}
return createSalonDto.ownerId;
}
private async ensureOwnerIsSalonOwner(ownerId: string): Promise<void> {
const owner = await this.usersService.findOne(ownerId);
if (owner.role !== UserRole.SALON) {