ammar/backend
1
0
Fork 0
mirror of https://github.com/SyncrowIOT/backend.git synced 2025-11-27 01:24:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #31 from SyncrowIOT/SP-202-be-handle-space-permissions

Browse Source 
Sp 202 be handle space permissions
This commit is contained in:
Ammar Qaffaf
2024-05-19 03:26:23 -04:00
committed by GitHub
parent 9a3a02be66 616ddd4d4c
commit 25c3765d9c
14 changed files with 247 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
libs/common/src/helper/helper.module.ts
View File

@ -1,11 +1,14 @@
import { Global, Module } from '@nestjs/common';
import { HelperHashService } from './services';
import { SpacePermissionService } from './services/space.permission.service';
import { SpaceRepository } from '../modules/space/repositories';
import { SpaceRepositoryModule } from '../modules/space/space.repository.module';
@Global()
@Module({
providers: [HelperHashService],
exports: [HelperHashService],
providers: [HelperHashService, SpacePermissionService, SpaceRepository],
exports: [HelperHashService, SpacePermissionService],
controllers: [],
imports: [],
imports: [SpaceRepositoryModule],
})
export class HelperModule {}

1
libs/common/src/helper/services/index.ts
View File

@ -1 +1,2 @@
export * from './helper.hash.service';
export * from './space.permission.service';

39
libs/common/src/helper/services/space.permission.service.ts Normal file
View File

@ -0,0 +1,39 @@
import { Injectable } from '@nestjs/common';
import { SpaceRepository } from '@app/common/modules/space/repositories';
import { BadRequestException } from '@nestjs/common';
@Injectable()
export class SpacePermissionService {
constructor(private readonly spaceRepository: SpaceRepository) {}
async checkUserPermission(
spaceUuid: string,
userUuid: string,
type: string,
): Promise<void> {
try {
const spaceData = await this.spaceRepository.findOne({
where: {
uuid: spaceUuid,
spaceType: {
type: type,
},
userSpaces: {
user: {
uuid: userUuid,
},
},
},
relations: ['spaceType', 'userSpaces', 'userSpaces.user'],
});
if (!spaceData) {
throw new BadRequestException(
`You do not have permission to access this ${type}`,
);
}
} catch (err) {
throw new BadRequestException(err.message || 'Invalid UUID');
}
}
}

9
src/building/controllers/building.controller.ts
View File

@ -18,6 +18,7 @@ import { GetBuildingChildDto } from '../dtos/get.building.dto';
import { UpdateBuildingNameDto } from '../dtos/update.building.dto';
import { CheckCommunityTypeGuard } from 'src/guards/community.type.guard';
import { CheckUserBuildingGuard } from 'src/guards/user.building.guard';
import { BuildingPermissionGuard } from 'src/guards/building.permission.guard';
@ApiTags('Building Module')
@Controller({
@ -43,7 +44,7 @@ export class BuildingController {
}
@ApiBearerAuth()
@UseGuards(JwtAuthGuard)
@UseGuards(JwtAuthGuard, BuildingPermissionGuard)
@Get(':buildingUuid')
async getBuildingByUuid(@Param('buildingUuid') buildingUuid: string) {
try {
@ -59,7 +60,7 @@ export class BuildingController {
}
@ApiBearerAuth()
@UseGuards(JwtAuthGuard)
@UseGuards(JwtAuthGuard, BuildingPermissionGuard)
@Get('child/:buildingUuid')
async getBuildingChildByUuid(
@Param('buildingUuid') buildingUuid: string,
@ -79,7 +80,7 @@ export class BuildingController {
}
}
@ApiBearerAuth()
@UseGuards(JwtAuthGuard)
@UseGuards(JwtAuthGuard, BuildingPermissionGuard)
@Get('parent/:buildingUuid')
async getBuildingParentByUuid(@Param('buildingUuid') buildingUuid: string) {
try {
@ -122,7 +123,7 @@ export class BuildingController {
}
@ApiBearerAuth()
@UseGuards(JwtAuthGuard)
@UseGuards(JwtAuthGuard, BuildingPermissionGuard)
@Put('rename/:buildingUuid')
async renameBuildingByUuid(
@Param('buildingUuid') buildingUuid: string,

4
src/community/community.module.ts
View File

@ -10,6 +10,7 @@ import { UserSpaceRepositoryModule } from '@app/common/modules/user-space/user.s
import { UserSpaceRepository } from '@app/common/modules/user-space/repositories';
import { UserRepositoryModule } from '@app/common/modules/user/user.repository.module';
import { UserRepository } from '@app/common/modules/user/repositories';
import { SpacePermissionService } from '@app/common/helper/services';
@Module({
imports: [
@ -26,7 +27,8 @@ import { UserRepository } from '@app/common/modules/user/repositories';
SpaceTypeRepository,
UserSpaceRepository,
UserRepository,
SpacePermissionService,
],
exports: [CommunityService],
exports: [CommunityService, SpacePermissionService],
})
export class CommunityModule {}

7
src/community/controllers/community.controller.ts
View File

@ -20,6 +20,7 @@ import {
import { GetCommunityChildDto } from '../dtos/get.community.dto';
import { UpdateCommunityNameDto } from '../dtos/update.community.dto';
import { CheckUserCommunityGuard } from 'src/guards/user.community.guard';
import { CommunityPermissionGuard } from 'src/guards/community.permission.guard';
@ApiTags('Community Module')
@Controller({
@ -46,7 +47,7 @@ export class CommunityController {
}
@ApiBearerAuth()
@UseGuards(JwtAuthGuard)
@UseGuards(JwtAuthGuard, CommunityPermissionGuard)
@Get(':communityUuid')
async getCommunityByUuid(@Param('communityUuid') communityUuid: string) {
try {
@ -62,7 +63,7 @@ export class CommunityController {
}
@ApiBearerAuth()
@UseGuards(JwtAuthGuard)
@UseGuards(JwtAuthGuard, CommunityPermissionGuard)
@Get('child/:communityUuid')
async getCommunityChildByUuid(
@Param('communityUuid') communityUuid: string,
@ -110,7 +111,7 @@ export class CommunityController {
}
}
@ApiBearerAuth()
@UseGuards(JwtAuthGuard)
@UseGuards(JwtAuthGuard, CommunityPermissionGuard)
@Put('rename/:communityUuid')
async renameCommunityByUuid(
@Param('communityUuid') communityUuid: string,

9
src/floor/controllers/floor.controller.ts
View File

@ -18,6 +18,7 @@ import { GetFloorChildDto } from '../dtos/get.floor.dto';
import { UpdateFloorNameDto } from '../dtos/update.floor.dto';
import { CheckBuildingTypeGuard } from 'src/guards/building.type.guard';
import { CheckUserFloorGuard } from 'src/guards/user.floor.guard';
import { FloorPermissionGuard } from 'src/guards/floor.permission.guard';
@ApiTags('Floor Module')
@Controller({
@ -43,7 +44,7 @@ export class FloorController {
}
@ApiBearerAuth()
@UseGuards(JwtAuthGuard)
@UseGuards(JwtAuthGuard, FloorPermissionGuard)
@Get(':floorUuid')
async getFloorByUuid(@Param('floorUuid') floorUuid: string) {
try {
@ -58,7 +59,7 @@ export class FloorController {
}
@ApiBearerAuth()
@UseGuards(JwtAuthGuard)
@UseGuards(JwtAuthGuard, FloorPermissionGuard)
@Get('child/:floorUuid')
async getFloorChildByUuid(
@Param('floorUuid') floorUuid: string,
@ -78,7 +79,7 @@ export class FloorController {
}
}
@ApiBearerAuth()
@UseGuards(JwtAuthGuard)
@UseGuards(JwtAuthGuard, FloorPermissionGuard)
@Get('parent/:floorUuid')
async getFloorParentByUuid(@Param('floorUuid') floorUuid: string) {
try {
@ -122,7 +123,7 @@ export class FloorController {
}
@ApiBearerAuth()
@UseGuards(JwtAuthGuard)
@UseGuards(JwtAuthGuard, FloorPermissionGuard)
@Put('rename/:floorUuid')
async renameFloorByUuid(
@Param('floorUuid') floorUuid: string,

35
src/guards/building.permission.guard.ts Normal file
View File

@ -0,0 +1,35 @@
import { SpacePermissionService } from '@app/common/helper/services/space.permission.service';
import {
BadRequestException,
CanActivate,
ExecutionContext,
Injectable,
} from '@nestjs/common';
@Injectable()
export class BuildingPermissionGuard implements CanActivate {
constructor(private readonly permissionService: SpacePermissionService) {}
async canActivate(context: ExecutionContext): Promise<boolean> {
const req = context.switchToHttp().getRequest();
try {
const { buildingUuid } = req.params;
const { user } = req;
if (!buildingUuid) {
throw new BadRequestException('buildingUuid is required');
}
await this.permissionService.checkUserPermission(
buildingUuid,
user.uuid,
'building',
);
return true;
} catch (error) {
throw error;
}
}
}

35
src/guards/community.permission.guard.ts Normal file
View File

@ -0,0 +1,35 @@
import { SpacePermissionService } from '@app/common/helper/services/space.permission.service';
import {
BadRequestException,
CanActivate,
ExecutionContext,
Injectable,
} from '@nestjs/common';
@Injectable()
export class CommunityPermissionGuard implements CanActivate {
constructor(private readonly permissionService: SpacePermissionService) {}
async canActivate(context: ExecutionContext): Promise<boolean> {
const req = context.switchToHttp().getRequest();
try {
const { communityUuid } = req.params;
const { user } = req;
if (!communityUuid) {
throw new BadRequestException('communityUuid is required');
}
await this.permissionService.checkUserPermission(
communityUuid,
user.uuid,
'community',
);
return true;
} catch (error) {
throw error;
}
}
}

35
src/guards/floor.permission.guard.ts Normal file
View File

@ -0,0 +1,35 @@
import { SpacePermissionService } from '@app/common/helper/services/space.permission.service';
import {
BadRequestException,
CanActivate,
ExecutionContext,
Injectable,
} from '@nestjs/common';
@Injectable()
export class FloorPermissionGuard implements CanActivate {
constructor(private readonly permissionService: SpacePermissionService) {}
async canActivate(context: ExecutionContext): Promise<boolean> {
const req = context.switchToHttp().getRequest();
try {
const { floorUuid } = req.params;
const { user } = req;
if (!floorUuid) {
throw new BadRequestException('floorUuid is required');
}
await this.permissionService.checkUserPermission(
floorUuid,
user.uuid,
'floor',
);
return true;
} catch (error) {
throw error;
}
}
}

35
src/guards/room.permission.guard.ts Normal file
View File

@ -0,0 +1,35 @@
import { SpacePermissionService } from '@app/common/helper/services/space.permission.service';
import {
BadRequestException,
CanActivate,
ExecutionContext,
Injectable,
} from '@nestjs/common';
@Injectable()
export class RoomPermissionGuard implements CanActivate {
constructor(private readonly permissionService: SpacePermissionService) {}
async canActivate(context: ExecutionContext): Promise<boolean> {
const req = context.switchToHttp().getRequest();
try {
const { roomUuid } = req.params;
const { user } = req;
if (!roomUuid) {
throw new BadRequestException('roomUuid is required');
}
await this.permissionService.checkUserPermission(
roomUuid,
user.uuid,
'room',
);
return true;
} catch (error) {
throw error;
}
}
}

35
src/guards/unit.permission.guard.ts Normal file
View File

@ -0,0 +1,35 @@
import { SpacePermissionService } from '@app/common/helper/services/space.permission.service';
import {
BadRequestException,
CanActivate,
ExecutionContext,
Injectable,
} from '@nestjs/common';
@Injectable()
export class UnitPermissionGuard implements CanActivate {
constructor(private readonly permissionService: SpacePermissionService) {}
async canActivate(context: ExecutionContext): Promise<boolean> {
const req = context.switchToHttp().getRequest();
try {
const { unitUuid } = req.params;
const { user } = req;
if (!unitUuid) {
throw new BadRequestException('unitUuid is required');
}
await this.permissionService.checkUserPermission(
unitUuid,
user.uuid,
'unit',
);
return true;
} catch (error) {
throw error;
}
}
}

7
src/room/controllers/room.controller.ts
View File

@ -16,6 +16,7 @@ import { AddRoomDto, AddUserRoomDto } from '../dtos/add.room.dto';
import { UpdateRoomNameDto } from '../dtos/update.room.dto';
import { CheckUnitTypeGuard } from 'src/guards/unit.type.guard';
import { CheckUserRoomGuard } from 'src/guards/user.room.guard';
import { RoomPermissionGuard } from 'src/guards/room.permission.guard';
@ApiTags('Room Module')
@Controller({
@ -41,7 +42,7 @@ export class RoomController {
}
@ApiBearerAuth()
@UseGuards(JwtAuthGuard)
@UseGuards(JwtAuthGuard, RoomPermissionGuard)
@Get(':roomUuid')
async getRoomByUuid(@Param('roomUuid') roomUuid: string) {
try {
@ -56,7 +57,7 @@ export class RoomController {
}
@ApiBearerAuth()
@UseGuards(JwtAuthGuard)
@UseGuards(JwtAuthGuard, RoomPermissionGuard)
@Get('parent/:roomUuid')
async getRoomParentByUuid(@Param('roomUuid') roomUuid: string) {
try {
@ -98,7 +99,7 @@ export class RoomController {
}
@ApiBearerAuth()
@UseGuards(JwtAuthGuard)
@UseGuards(JwtAuthGuard, RoomPermissionGuard)
@Put('rename/:roomUuid')
async renameRoomByUuid(
@Param('roomUuid') roomUuid: string,

9
src/unit/controllers/unit.controller.ts
View File

@ -18,6 +18,7 @@ import { GetUnitChildDto } from '../dtos/get.unit.dto';
import { UpdateUnitNameDto } from '../dtos/update.unit.dto';
import { CheckFloorTypeGuard } from 'src/guards/floor.type.guard';
import { CheckUserUnitGuard } from 'src/guards/user.unit.guard';
import { UnitPermissionGuard } from 'src/guards/unit.permission.guard';
@ApiTags('Unit Module')
@Controller({
@ -43,7 +44,7 @@ export class UnitController {
}
@ApiBearerAuth()
@UseGuards(JwtAuthGuard)
@UseGuards(JwtAuthGuard, UnitPermissionGuard)
@Get(':unitUuid')
async getUnitByUuid(@Param('unitUuid') unitUuid: string) {
try {
@ -58,7 +59,7 @@ export class UnitController {
}
@ApiBearerAuth()
@UseGuards(JwtAuthGuard)
@UseGuards(JwtAuthGuard, UnitPermissionGuard)
@Get('child/:unitUuid')
async getUnitChildByUuid(
@Param('unitUuid') unitUuid: string,
@ -75,7 +76,7 @@ export class UnitController {
}
}
@ApiBearerAuth()
@UseGuards(JwtAuthGuard)
@UseGuards(JwtAuthGuard, UnitPermissionGuard)
@Get('parent/:unitUuid')
async getUnitParentByUuid(@Param('unitUuid') unitUuid: string) {
try {
@ -117,7 +118,7 @@ export class UnitController {
}
@ApiBearerAuth()
@UseGuards(JwtAuthGuard)
@UseGuards(JwtAuthGuard, UnitPermissionGuard)
@Put('rename/:unitUuid')
async renameUnitByUuid(
@Param('unitUuid') unitUuid: string,