fix roles

This commit is contained in:
2026-06-30 12:01:13 +03:30
parent c1105c9954
commit d79fa12d65
14 changed files with 136 additions and 14 deletions
+24 -2
View File
@@ -1,20 +1,30 @@
import { Injectable } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import { AuthUser } from '../../auth/interfaces/auth-user.interface';
import { Customer } from '../../customers/entities/customer.entity';
import { Reserve } from '../../reserves/entities/reserve.entity';
import { UserRole } from '../../users/enums/user-role.enum';
import { AuthorizationService } from '../authorization.service';
@Injectable()
export class CustomerPolicy {
constructor(private readonly authorizationService: AuthorizationService) {}
constructor(
private readonly authorizationService: AuthorizationService,
@InjectRepository(Reserve)
private readonly reservesRepository: Repository<Reserve>,
) {}
canRead(user: AuthUser, customer: Customer): boolean {
async canRead(user: AuthUser, customer: Customer): Promise<boolean> {
if (this.authorizationService.isAdmin(user)) {
return true;
}
if (user.role === UserRole.CUSTOMER) {
return customer.userId === user.id;
}
if (user.role === UserRole.SALON) {
return this.hasReserveAtSalon(customer.id, user.id);
}
return false;
}
@@ -27,4 +37,16 @@ export class CustomerPolicy {
}
return false;
}
private async hasReserveAtSalon(
customerId: string,
salonOwnerId: string,
): Promise<boolean> {
return this.reservesRepository.exists({
where: {
customerId,
salon: { ownerId: salonOwnerId },
},
});
}
}
+52 -2
View File
@@ -1,7 +1,9 @@
import { Injectable } from '@nestjs/common';
import { AuthUser } from '../../auth/interfaces/auth-user.interface';
import { UserRole } from '../../users/enums/user-role.enum';
import { UpdateReserveDto } from '../../reserves/dto/update-reserve.dto';
import { Reserve } from '../../reserves/entities/reserve.entity';
import { ReserveStatus } from '../../reserves/enums/reserve-status.enum';
import { AuthorizationService } from '../authorization.service';
@Injectable()
@@ -34,7 +36,55 @@ export class ReservePolicy {
return false;
}
canUpdate(user: AuthUser, reserve: Reserve): boolean {
return this.canRead(user, reserve);
canUpdate(
user: AuthUser,
reserve: Reserve,
updateDto: UpdateReserveDto,
): boolean {
if (!this.canRead(user, reserve)) {
return false;
}
if (this.authorizationService.isAdmin(user)) {
return true;
}
if (user.role === UserRole.SALON) {
return true;
}
if (user.role === UserRole.CUSTOMER) {
return this.isCustomerCancellationUpdate(updateDto);
}
return false;
}
private isCustomerCancellationUpdate(updateDto: UpdateReserveDto): boolean {
const providedFields = (
Object.keys(updateDto) as (keyof UpdateReserveDto)[]
).filter((key) => updateDto[key] !== undefined);
if (providedFields.length === 0) {
return false;
}
const allowedFields: (keyof UpdateReserveDto)[] = [
'status',
'cancellationReason',
];
if (!providedFields.every((field) => allowedFields.includes(field))) {
return false;
}
if (
updateDto.status !== undefined &&
updateDto.status !== ReserveStatus.CANCELLED
) {
return false;
}
return updateDto.status === ReserveStatus.CANCELLED;
}
}