fix roles
This commit is contained in:
@@ -10,9 +10,12 @@ import {
|
||||
UseGuards,
|
||||
} from '@nestjs/common';
|
||||
import { CurrentUser } from '../auth/decorators/current-user.decorator';
|
||||
import { Permissions } from '../auth/decorators/permissions.decorator';
|
||||
import { Roles } from '../auth/decorators/roles.decorator';
|
||||
import { PermissionsGuard } from '../auth/guards/permissions.guard';
|
||||
import { RolesGuard } from '../auth/guards/roles.guard';
|
||||
import { AuthUser } from '../auth/interfaces/auth-user.interface';
|
||||
import { PermissionCode } from '../authorization/enums/permission-code.enum';
|
||||
import { UserRole } from '../users/enums/user-role.enum';
|
||||
import { CreateReserveDto } from './dto/create-reserve.dto';
|
||||
import { FindReservesQueryDto } from './dto/find-reserves-query.dto';
|
||||
@@ -20,11 +23,12 @@ import { UpdateReserveDto } from './dto/update-reserve.dto';
|
||||
import { ReservesService } from './reserves.service';
|
||||
|
||||
@Controller('reserves')
|
||||
@UseGuards(RolesGuard)
|
||||
@UseGuards(RolesGuard, PermissionsGuard)
|
||||
export class ReservesController {
|
||||
constructor(private readonly reservesService: ReservesService) {}
|
||||
|
||||
@Roles(UserRole.ADMIN, UserRole.SALON, UserRole.CUSTOMER)
|
||||
@Permissions(PermissionCode.RESERVES_WRITE)
|
||||
@Post()
|
||||
create(
|
||||
@Body() createReserveDto: CreateReserveDto,
|
||||
@@ -34,6 +38,7 @@ export class ReservesController {
|
||||
}
|
||||
|
||||
@Roles(UserRole.ADMIN, UserRole.SALON, UserRole.CUSTOMER)
|
||||
@Permissions(PermissionCode.RESERVES_READ)
|
||||
@Get()
|
||||
findAll(
|
||||
@Query() query: FindReservesQueryDto,
|
||||
@@ -43,6 +48,7 @@ export class ReservesController {
|
||||
}
|
||||
|
||||
@Roles(UserRole.ADMIN, UserRole.SALON, UserRole.CUSTOMER)
|
||||
@Permissions(PermissionCode.RESERVES_READ)
|
||||
@Get(':id/status-history')
|
||||
findStatusHistory(
|
||||
@Param('id', ParseUUIDPipe) id: string,
|
||||
@@ -52,6 +58,7 @@ export class ReservesController {
|
||||
}
|
||||
|
||||
@Roles(UserRole.ADMIN, UserRole.SALON, UserRole.CUSTOMER)
|
||||
@Permissions(PermissionCode.RESERVES_READ)
|
||||
@Get(':id')
|
||||
findOne(
|
||||
@Param('id', ParseUUIDPipe) id: string,
|
||||
@@ -61,6 +68,7 @@ export class ReservesController {
|
||||
}
|
||||
|
||||
@Roles(UserRole.ADMIN, UserRole.SALON, UserRole.CUSTOMER)
|
||||
@Permissions(PermissionCode.RESERVES_WRITE)
|
||||
@Patch(':id')
|
||||
update(
|
||||
@Param('id', ParseUUIDPipe) id: string,
|
||||
|
||||
@@ -165,7 +165,7 @@ export class ReservesService {
|
||||
user: AuthUser,
|
||||
): Promise<Reserve> {
|
||||
const reserve = await this.findOne(id, user);
|
||||
if (!this.reservePolicy.canUpdate(user, reserve)) {
|
||||
if (!this.reservePolicy.canUpdate(user, reserve, updateReserveDto)) {
|
||||
throw new ForbiddenException();
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user