UNPKG

@arsendoman/book-publisher-store

Version:

A Nest.js package for book publishing and storing

github.com/arsendoman/book-publisher-store

arsendoman/book-publisher-store

121 lines (112 loc) 3.61 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
import { Body, Controller, Delete, Get, HttpException, HttpStatus, Param, Patch, Put, Request, SerializeOptions, UseGuards, UsePipes, ValidationPipe, } from '@nestjs/common'; import { Roles } from '../../database/mongo/schemas'; import { AllowedRoles } from 'src/application/decorators/roles.decorator'; import { PermissionGuard } from 'src/application/guards/auth.guard'; import { RequestInterface } from 'src/application/auth/types/request.auth'; import { ProfileResponseDto } from 'src/application/dtos/response/profile/profile.response.dto'; import { ProfileService } from 'src/application/services/profiles/profiles.service'; import { JwtAuthGuard } from '../../application/guards/jwt.auth.guard'; import { ApiBearerAuth, ApiParam } from '@nestjs/swagger'; import { RoleUpdateDto } from '../../application/dtos/request/profile/profileUpdate.dto'; import { ProfileDto } from '../../application/dtos/request/profile/profileDto'; @Controller('profile') @ApiBearerAuth('JWT-auth') @SerializeOptions({ excludePrefixes: ['_'], }) export class ProfileController { constructor(private readonly profileService: ProfileService) {} @Get('/:id') @ApiParam({ name: 'id', required: true, description: 'Enter user id to delete', type: 'string', // Specify the type as 'string' }) @AllowedRoles(Roles.ADMIN, Roles.CUSTOMER, Roles.SUPER_ADMIN) @UseGuards(JwtAuthGuard, PermissionGuard) getCurrentProfile( @Request() req: RequestInterface, @Param('id') id: string, ): Promise<ProfileResponseDto> { if (req.user.role == 'customer' && req.user.id !== id) { throw new HttpException( 'You do not have a permissions to see this profile', HttpStatus.FORBIDDEN, ); } return this.profileService.getCurrentProfile(id); } @Get('all') @AllowedRoles(Roles.SUPER_ADMIN) @UseGuards(JwtAuthGuard, PermissionGuard) getAllProfilesInfo( @Request() req: RequestInterface, ): Promise<ProfileResponseDto[]> { return this.profileService.getAllProfiles(req.user.id); } @Delete('/:id') @ApiParam({ name: 'id', required: true, description: 'Enter user id to delete', type: 'string', // Specify the type as 'string' }) @AllowedRoles(Roles.SUPER_ADMIN) @UseGuards(JwtAuthGuard, PermissionGuard) deleteCurrentProfile(@Param('id') id: string) { this.profileService.deleteCurrentProfile(id); return HttpStatus.NO_CONTENT; } @Put('/:id') @ApiParam({ name: 'id', required: true, description: 'Enter user id to update', type: 'string', // Specify the type as 'string' }) @AllowedRoles(Roles.ADMIN, Roles.CUSTOMER, Roles.SUPER_ADMIN) @UseGuards(JwtAuthGuard, PermissionGuard) updateProfileInfo( @Body() profileUpdateDto: ProfileDto, @Request() req: RequestInterface, @Param('id') id: string, ): Promise<ProfileResponseDto> { if (req.user.role == 'customer' && req.user.id !== id) { throw new HttpException( 'You do not have a permissions to update this profile', HttpStatus.FORBIDDEN, ); } return this.profileService.updateUserProfile(id, profileUpdateDto); } @Patch('/:id') @ApiParam({ name: 'id', required: true, description: 'Enter user id', type: 'string', // Specify the type as 'string' }) @AllowedRoles(Roles.ADMIN, Roles.SUPER_ADMIN) updateUserRole( @Param('id') id: string, // Specify the type explicitly as 'string' @Body() userRole: RoleUpdateDto, ): Promise<ProfileResponseDto> { return this.profileService.updateUserRole(id, userRole); } }