Add permission and role management features

2025-11-26 18:24:54 +00:00 · 2024-12-16 00:19:14 -06:00
parent 57397e653a
commit 64027d3a16
22 changed files with 473 additions and 17 deletions
--- a/src/app.module.ts
+++ b/src/app.module.ts
@ -7,7 +7,6 @@ import { GroupModule } from './group/group.module';
 import { DeviceModule } from './device/device.module';
 import { UserDevicePermissionModule } from './user-device-permission/user-device-permission.module';
 import { CommunityModule } from './community/community.module';
-import { RoleModule } from './role/role.module';
 import { SeederModule } from '@app/common/seed/seeder.module';
 import { UserNotificationModule } from './user-notification/user-notification.module';
 import { DeviceMessagesSubscriptionModule } from './device-messages/device-messages.module';
@ -24,6 +23,8 @@ import { SpaceModule } from './space/space.module';
 import { ProductModule } from './product';
 import { ProjectModule } from './project';
 import { SpaceModelModule } from './space-model';
+import { InviteUserModule } from './invite-user/invite-user.module';
+import { PermissionModule } from './permission/permission.module';
@Module({
  imports: [
    ConfigModule.forRoot({
@ -31,7 +32,7 @@ import { SpaceModelModule } from './space-model';
    }),
    AuthenticationModule,
    UserModule,
-    RoleModule,
+    InviteUserModule,
    CommunityModule,

    SpaceModule,
@ -51,6 +52,7 @@ import { SpaceModelModule } from './space-model';
    ScheduleModule,
    ProductModule,
    ProjectModule,
+    PermissionModule,
  ],
  providers: [
    {
--- a/src/auth/auth.module.ts
+++ b/src/auth/auth.module.ts
@ -6,10 +6,7 @@ import { UserAuthController } from './controllers';
 import { UserAuthService } from './services';
 import { UserRepository } from '@app/common/modules/user/repositories';
 import { UserSessionRepository } from '@app/common/modules/session/repositories/session.repository';
-import {
-  UserRoleRepository,
-  UserOtpRepository,
-} from '@app/common/modules/user/repositories';
+import { UserOtpRepository } from '@app/common/modules/user/repositories';
 import { RoleTypeRepository } from '@app/common/modules/role-type/repositories';

@Module({
@ -20,7 +17,6 @@ import { RoleTypeRepository } from '@app/common/modules/role-type/repositories';
    UserRepository,
    UserSessionRepository,
    UserOtpRepository,
-    UserRoleRepository,
    RoleTypeRepository,
  ],
  exports: [UserAuthService],
--- a/src/auth/services/user-auth.service.ts
+++ b/src/auth/services/user-auth.service.ts
@ -134,13 +134,12 @@ export class UserAuthService {
          isLoggedOut: false,
        }),
      ]);
+
      const res = await this.authService.login({
        email: user.email,
        userId: user.uuid,
        uuid: user.uuid,
-        roles: user?.roles?.map((role) => {
-          return { uuid: role.uuid, type: role.roleType.type };
-        }),
+        role: user.roleType,
        sessionId: session[1].uuid,
      });
      return res;
--- a/src/decorators/permissions.decorator.ts
+++ b/src/decorators/permissions.decorator.ts
@ -0,0 +1,4 @@
+import { SetMetadata } from '@nestjs/common';
+
+export const Permissions = (...permissions: string[]) =>
+  SetMetadata('permissions', permissions);
--- a/src/guards/permissions.guard.ts
+++ b/src/guards/permissions.guard.ts
@ -0,0 +1,44 @@
+import { Injectable, ExecutionContext } from '@nestjs/common';
+import { AuthGuard } from '@nestjs/passport';
+import { Reflector } from '@nestjs/core';
+import { RolePermissions } from '@app/common/constants/role-permissions';
+import { RoleType } from '@app/common/constants/role.type.enum';
+
+@Injectable()
+export class PermissionsGuard extends AuthGuard('jwt') {
+  constructor(private reflector: Reflector) {
+    super();
+  }
+
+  async canActivate(context: ExecutionContext): Promise<boolean> {
+    // First, run the AuthGuard logic to validate the JWT
+    const isAuthenticated = await super.canActivate(context);
+    if (!isAuthenticated) {
+      return false;
+    }
+
+    // Authorization logic
+    const requiredPermissions = this.reflector.get<string[]>(
+      'permissions',
+      context.getHandler(),
+    );
+
+    if (!requiredPermissions) {
+      return true; // Allow if no permissions are specified
+    }
+
+    const request = context.switchToHttp().getRequest();
+    const user = request.user; // User is now available after AuthGuard
+    console.log('user', user);
+
+    const userRole = user?.role.type as RoleType;
+    if (!userRole || !RolePermissions[userRole]) {
+      return false; // Deny if role or permissions are missing
+    }
+
+    const userPermissions = RolePermissions[userRole];
+
+    // Check if the user has the required permissions
+    return requiredPermissions.every((perm) => userPermissions.includes(perm));
+  }
+}
--- a/src/invite-user/controllers/index.ts
+++ b/src/invite-user/controllers/index.ts
@ -0,0 +1 @@
+export * from './invite-user.controller';
--- a/src/invite-user/controllers/invite-user.controller.ts
+++ b/src/invite-user/controllers/invite-user.controller.ts
@ -0,0 +1,34 @@
+import { InviteUserService } from '../services/invite-user.service';
+import { Body, Controller, Post, UseGuards } from '@nestjs/common';
+import { ApiTags, ApiBearerAuth, ApiOperation } from '@nestjs/swagger';
+import { AddUserInvitationDto } from '../dtos/add.invite-user.dto';
+import { ControllerRoute } from '@app/common/constants/controller-route';
+import { BaseResponseDto } from '@app/common/dto/base.response.dto';
+import { PermissionsGuard } from 'src/guards/permissions.guard';
+import { Permissions } from 'src/decorators/permissions.decorator';
+
+@ApiTags('Invite User Module')
+@Controller({
+  version: '1',
+  path: ControllerRoute.INVITE_USER.ROUTE,
+})
+export class InviteUserController {
+  constructor(private readonly inviteUserService: InviteUserService) {}
+
+  @ApiBearerAuth()
+  @UseGuards(PermissionsGuard)
+  @Permissions('USER_ADD')
+  @Post()
+  @ApiOperation({
+    summary: ControllerRoute.INVITE_USER.ACTIONS.CREATE_USER_INVITATION_SUMMARY,
+    description:
+      ControllerRoute.INVITE_USER.ACTIONS.CREATE_USER_INVITATION_DESCRIPTION,
+  })
+  async createUserInvitation(
+    @Body() addUserInvitationDto: AddUserInvitationDto,
+  ): Promise<BaseResponseDto> {
+    return await this.inviteUserService.createUserInvitation(
+      addUserInvitationDto,
+    );
+  }
+}
--- a/src/invite-user/dtos/add.invite-user.dto.ts
+++ b/src/invite-user/dtos/add.invite-user.dto.ts
@ -0,0 +1,75 @@
+import { ApiProperty } from '@nestjs/swagger';
+import {
+  ArrayMinSize,
+  IsArray,
+  IsNotEmpty,
+  IsOptional,
+  IsString,
+} from 'class-validator';
+
+export class AddUserInvitationDto {
+  @ApiProperty({
+    description: 'The first name of the user',
+    example: 'John',
+    required: true,
+  })
+  @IsString()
+  @IsNotEmpty()
+  public firstName: string;
+
+  @ApiProperty({
+    description: 'The last name of the user',
+    example: 'Doe',
+    required: true,
+  })
+  @IsString()
+  @IsNotEmpty()
+  public lastName: string;
+
+  @ApiProperty({
+    description: 'The email of the user',
+    example: 'OqM9A@example.com',
+    required: true,
+  })
+  @IsString()
+  @IsNotEmpty()
+  public email: string;
+
+  @ApiProperty({
+    description: 'The job title of the user',
+    example: 'Software Engineer',
+    required: true,
+  })
+  @IsString()
+  @IsNotEmpty()
+  public jobTitle: string;
+
+  @ApiProperty({
+    description: 'The phone number of the user',
+    example: '+1234567890',
+    required: true,
+  })
+  @IsString()
+  @IsOptional()
+  public phoneNumber?: string;
+
+  @ApiProperty({
+    description: 'The role uuid of the user',
+    example: 'd290f1ee-6c54-4b01-90e6-d701748f0851',
+    required: true,
+  })
+  @IsString()
+  @IsNotEmpty()
+  public roleUuid: string;
+  @ApiProperty({
+    description: 'The array of space UUIDs (at least one required)',
+    example: ['b5f3c9d2-58b7-4377-b3f7-60acb711d5d9'],
+    required: true,
+  })
+  @IsArray()
+  @ArrayMinSize(1)
+  public spaceUuids: string[];
+  constructor(dto: Partial<AddUserInvitationDto>) {
+    Object.assign(this, dto);
+  }
+}
--- a/src/invite-user/dtos/index.ts
+++ b/src/invite-user/dtos/index.ts
@ -0,0 +1 @@
+export * from './add.invite-user.dto';
--- a/src/invite-user/invite-user.module.ts
+++ b/src/invite-user/invite-user.module.ts
@ -0,0 +1,23 @@
+import { Module } from '@nestjs/common';
+import { InviteUserService } from './services/invite-user.service';
+import { InviteUserController } from './controllers/invite-user.controller';
+import { ConfigModule } from '@nestjs/config';
+import {
+  InviteUserRepository,
+  InviteUserSpaceRepository,
+} from '@app/common/modules/Invite-user/repositories';
+import { UserRepository } from '@app/common/modules/user/repositories';
+import { InviteUserRepositoryModule } from '@app/common/modules/Invite-user/Invite-user.repository.module';
+
+@Module({
+  imports: [ConfigModule, InviteUserRepositoryModule],
+  controllers: [InviteUserController],
+  providers: [
+    InviteUserService,
+    InviteUserRepository,
+    UserRepository,
+    InviteUserSpaceRepository,
+  ],
+  exports: [InviteUserService],
+})
+export class InviteUserModule {}
--- a/src/invite-user/services/index.ts
+++ b/src/invite-user/services/index.ts
@ -0,0 +1 @@
+export * from './invite-user.service';
--- a/src/permission/controllers/index.ts
+++ b/src/permission/controllers/index.ts
@ -0,0 +1 @@
+export * from './permission.controller';
--- a/src/permission/controllers/permission.controller.ts
+++ b/src/permission/controllers/permission.controller.ts
@ -0,0 +1,24 @@
+import { Controller, Get, Param } from '@nestjs/common';
+import { ApiTags, ApiOperation } from '@nestjs/swagger';
+import { ControllerRoute } from '@app/common/constants/controller-route';
+import { EnableDisableStatusEnum } from '@app/common/constants/days.enum';
+import { PermissionService } from '../services';
+
+@ApiTags('Permission Module')
+@Controller({
+  version: EnableDisableStatusEnum.ENABLED,
+  path: ControllerRoute.PERMISSION.ROUTE,
+})
+export class PermissionController {
+  constructor(private readonly permissionService: PermissionService) {}
+
+  @Get(':roleUuid')
+  @ApiOperation({
+    summary: ControllerRoute.PERMISSION.ACTIONS.GET_PERMISSION_BY_ROLE_SUMMARY,
+    description:
+      ControllerRoute.PERMISSION.ACTIONS.GET_PERMISSION_BY_ROLE_DESCRIPTION,
+  })
+  async getPermissionsByRole(@Param('roleUuid') roleUuid: string) {
+    return await this.permissionService.getPermissionsByRole(roleUuid);
+  }
+}
--- a/src/permission/permission.module.ts
+++ b/src/permission/permission.module.ts
@ -0,0 +1,14 @@
+import { Module } from '@nestjs/common';
+import { ConfigModule } from '@nestjs/config';
+import { CommonModule } from '@app/common';
+import { PermissionController } from './controllers';
+import { PermissionService } from './services';
+import { RoleTypeRepository } from '@app/common/modules/role-type/repositories';
+
+@Module({
+  imports: [ConfigModule, CommonModule],
+  controllers: [PermissionController],
+  providers: [PermissionService, RoleTypeRepository],
+  exports: [PermissionService],
+})
+export class PermissionModule {}
--- a/src/permission/services/index.ts
+++ b/src/permission/services/index.ts
@ -0,0 +1 @@
+export * from './permission.service';
--- a/src/permission/services/permission.service.ts
+++ b/src/permission/services/permission.service.ts
@ -0,0 +1,52 @@
+import { PermissionMapping } from '@app/common/constants/permissions-mapping';
+import { RolePermissions } from '@app/common/constants/role-permissions';
+import { RoleType } from '@app/common/constants/role.type.enum';
+import { RoleTypeRepository } from '@app/common/modules/role-type/repositories';
+import { HttpException, HttpStatus, Injectable } from '@nestjs/common';
+
+@Injectable()
+export class PermissionService {
+  constructor(private readonly roleTypeRepository: RoleTypeRepository) {}
+
+  async getPermissionsByRole(roleUuid: string) {
+    try {
+      const role = await this.roleTypeRepository.findOne({
+        where: {
+          uuid: roleUuid,
+        },
+      });
+
+      if (!role) {
+        throw new HttpException('Role not found', HttpStatus.NOT_FOUND);
+      }
+
+      const permissions = this.mapPermissions(role.type.toString() as RoleType);
+      return permissions;
+    } catch (err) {
+      throw new HttpException(
+        err.message || 'Internal Server Error',
+        err.status || HttpStatus.INTERNAL_SERVER_ERROR,
+      );
+    }
+  }
+  mapPermissions(role: RoleType): any[] {
+    const rolePermissions = RolePermissions[role]; // Permissions for the role
+
+    const mappedPermissions = Object.entries(PermissionMapping).map(
+      ([title, subOptions]) => ({
+        title,
+        subOptions: Object.entries(subOptions).map(
+          ([subTitle, permissions]) => ({
+            title: subTitle,
+            subOptions: permissions.map((permission) => ({
+              title: permission,
+              isChecked: rolePermissions.includes(`${subTitle}_${permission}`), // Check if the role has the permission
+            })),
+          }),
+        ),
+      }),
+    );
+
+    return mappedPermissions;
+  }
+}