fix roles

This commit is contained in:
2026-06-30 12:01:13 +03:30
parent c1105c9954
commit d79fa12d65
14 changed files with 136 additions and 14 deletions
+9 -1
View File
@@ -10,9 +10,12 @@ import {
UseGuards,
} from '@nestjs/common';
import { CurrentUser } from '../auth/decorators/current-user.decorator';
import { Permissions } from '../auth/decorators/permissions.decorator';
import { Roles } from '../auth/decorators/roles.decorator';
import { PermissionsGuard } from '../auth/guards/permissions.guard';
import { RolesGuard } from '../auth/guards/roles.guard';
import { AuthUser } from '../auth/interfaces/auth-user.interface';
import { PermissionCode } from '../authorization/enums/permission-code.enum';
import { UserRole } from '../users/enums/user-role.enum';
import { CreateReserveDto } from './dto/create-reserve.dto';
import { FindReservesQueryDto } from './dto/find-reserves-query.dto';
@@ -20,11 +23,12 @@ import { UpdateReserveDto } from './dto/update-reserve.dto';
import { ReservesService } from './reserves.service';
@Controller('reserves')
@UseGuards(RolesGuard)
@UseGuards(RolesGuard, PermissionsGuard)
export class ReservesController {
constructor(private readonly reservesService: ReservesService) {}
@Roles(UserRole.ADMIN, UserRole.SALON, UserRole.CUSTOMER)
@Permissions(PermissionCode.RESERVES_WRITE)
@Post()
create(
@Body() createReserveDto: CreateReserveDto,
@@ -34,6 +38,7 @@ export class ReservesController {
}
@Roles(UserRole.ADMIN, UserRole.SALON, UserRole.CUSTOMER)
@Permissions(PermissionCode.RESERVES_READ)
@Get()
findAll(
@Query() query: FindReservesQueryDto,
@@ -43,6 +48,7 @@ export class ReservesController {
}
@Roles(UserRole.ADMIN, UserRole.SALON, UserRole.CUSTOMER)
@Permissions(PermissionCode.RESERVES_READ)
@Get(':id/status-history')
findStatusHistory(
@Param('id', ParseUUIDPipe) id: string,
@@ -52,6 +58,7 @@ export class ReservesController {
}
@Roles(UserRole.ADMIN, UserRole.SALON, UserRole.CUSTOMER)
@Permissions(PermissionCode.RESERVES_READ)
@Get(':id')
findOne(
@Param('id', ParseUUIDPipe) id: string,
@@ -61,6 +68,7 @@ export class ReservesController {
}
@Roles(UserRole.ADMIN, UserRole.SALON, UserRole.CUSTOMER)
@Permissions(PermissionCode.RESERVES_WRITE)
@Patch(':id')
update(
@Param('id', ParseUUIDPipe) id: string,
+1 -1
View File
@@ -165,7 +165,7 @@ export class ReservesService {
user: AuthUser,
): Promise<Reserve> {
const reserve = await this.findOne(id, user);
if (!this.reservePolicy.canUpdate(user, reserve)) {
if (!this.reservePolicy.canUpdate(user, reserve, updateReserveDto)) {
throw new ForbiddenException();
}