fix roles
This commit is contained in:
@@ -1,5 +1,6 @@
|
||||
import { Module } from '@nestjs/common';
|
||||
import { TypeOrmModule } from '@nestjs/typeorm';
|
||||
import { Reserve } from '../reserves/entities/reserve.entity';
|
||||
import { AuthorizationService } from './authorization.service';
|
||||
import { Permission } from './entities/permission.entity';
|
||||
import { UserPermission } from './entities/user-permission.entity';
|
||||
@@ -10,7 +11,7 @@ import { ServicePolicy } from './policies/service.policy';
|
||||
import { StylistPolicy } from './policies/stylist.policy';
|
||||
|
||||
@Module({
|
||||
imports: [TypeOrmModule.forFeature([Permission, UserPermission])],
|
||||
imports: [TypeOrmModule.forFeature([Permission, UserPermission, Reserve])],
|
||||
providers: [
|
||||
AuthorizationService,
|
||||
SalonPolicy,
|
||||
|
||||
@@ -7,6 +7,9 @@ export enum PermissionCode {
|
||||
SALONS_DELETE = 'salons:delete',
|
||||
CUSTOMERS_READ = 'customers:read',
|
||||
CUSTOMERS_WRITE = 'customers:write',
|
||||
CUSTOMERS_DELETE = 'customers:delete',
|
||||
SMS_TEMPLATES_READ = 'sms-templates:read',
|
||||
SMS_TEMPLATES_WRITE = 'sms-templates:write',
|
||||
STYLISTS_READ = 'stylists:read',
|
||||
STYLISTS_WRITE = 'stylists:write',
|
||||
STYLISTS_DELETE = 'stylists:delete',
|
||||
|
||||
@@ -1,20 +1,30 @@
|
||||
import { Injectable } from '@nestjs/common';
|
||||
import { InjectRepository } from '@nestjs/typeorm';
|
||||
import { Repository } from 'typeorm';
|
||||
import { AuthUser } from '../../auth/interfaces/auth-user.interface';
|
||||
import { Customer } from '../../customers/entities/customer.entity';
|
||||
import { Reserve } from '../../reserves/entities/reserve.entity';
|
||||
import { UserRole } from '../../users/enums/user-role.enum';
|
||||
import { AuthorizationService } from '../authorization.service';
|
||||
|
||||
@Injectable()
|
||||
export class CustomerPolicy {
|
||||
constructor(private readonly authorizationService: AuthorizationService) {}
|
||||
constructor(
|
||||
private readonly authorizationService: AuthorizationService,
|
||||
@InjectRepository(Reserve)
|
||||
private readonly reservesRepository: Repository<Reserve>,
|
||||
) {}
|
||||
|
||||
canRead(user: AuthUser, customer: Customer): boolean {
|
||||
async canRead(user: AuthUser, customer: Customer): Promise<boolean> {
|
||||
if (this.authorizationService.isAdmin(user)) {
|
||||
return true;
|
||||
}
|
||||
if (user.role === UserRole.CUSTOMER) {
|
||||
return customer.userId === user.id;
|
||||
}
|
||||
if (user.role === UserRole.SALON) {
|
||||
return this.hasReserveAtSalon(customer.id, user.id);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -27,4 +37,16 @@ export class CustomerPolicy {
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
private async hasReserveAtSalon(
|
||||
customerId: string,
|
||||
salonOwnerId: string,
|
||||
): Promise<boolean> {
|
||||
return this.reservesRepository.exists({
|
||||
where: {
|
||||
customerId,
|
||||
salon: { ownerId: salonOwnerId },
|
||||
},
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,7 +1,9 @@
|
||||
import { Injectable } from '@nestjs/common';
|
||||
import { AuthUser } from '../../auth/interfaces/auth-user.interface';
|
||||
import { UserRole } from '../../users/enums/user-role.enum';
|
||||
import { UpdateReserveDto } from '../../reserves/dto/update-reserve.dto';
|
||||
import { Reserve } from '../../reserves/entities/reserve.entity';
|
||||
import { ReserveStatus } from '../../reserves/enums/reserve-status.enum';
|
||||
import { AuthorizationService } from '../authorization.service';
|
||||
|
||||
@Injectable()
|
||||
@@ -34,7 +36,55 @@ export class ReservePolicy {
|
||||
return false;
|
||||
}
|
||||
|
||||
canUpdate(user: AuthUser, reserve: Reserve): boolean {
|
||||
return this.canRead(user, reserve);
|
||||
canUpdate(
|
||||
user: AuthUser,
|
||||
reserve: Reserve,
|
||||
updateDto: UpdateReserveDto,
|
||||
): boolean {
|
||||
if (!this.canRead(user, reserve)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (this.authorizationService.isAdmin(user)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if (user.role === UserRole.SALON) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if (user.role === UserRole.CUSTOMER) {
|
||||
return this.isCustomerCancellationUpdate(updateDto);
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
private isCustomerCancellationUpdate(updateDto: UpdateReserveDto): boolean {
|
||||
const providedFields = (
|
||||
Object.keys(updateDto) as (keyof UpdateReserveDto)[]
|
||||
).filter((key) => updateDto[key] !== undefined);
|
||||
|
||||
if (providedFields.length === 0) {
|
||||
return false;
|
||||
}
|
||||
|
||||
const allowedFields: (keyof UpdateReserveDto)[] = [
|
||||
'status',
|
||||
'cancellationReason',
|
||||
];
|
||||
|
||||
if (!providedFields.every((field) => allowedFields.includes(field))) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (
|
||||
updateDto.status !== undefined &&
|
||||
updateDto.status !== ReserveStatus.CANCELLED
|
||||
) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return updateDto.status === ReserveStatus.CANCELLED;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user