Add space permission service and guards for various entities

libs/common/src/helper/helper.module.ts

@@ -1,11 +1,14 @@
 import { Global, Module } from '@nestjs/common';
 import { HelperHashService } from './services';
+import { SpacePermissionService } from './services/space.permission.service';
+import { SpaceRepository } from '../modules/space/repositories';
+import { SpaceRepositoryModule } from '../modules/space/space.repository.module';
 
 @Global()
 @Module({
-  providers: [HelperHashService],
+  providers: [HelperHashService, SpacePermissionService, SpaceRepository],
-  exports: [HelperHashService],
+  exports: [HelperHashService, SpacePermissionService],
   controllers: [],
-  imports: [],
+  imports: [SpaceRepositoryModule],
 })
 export class HelperModule {}

libs/common/src/helper/services/index.ts

@@ -1 +1,2 @@
 export * from './helper.hash.service';
+export * from './space.permission.service';

libs/common/src/helper/services/space.permission.service.ts

@@ -0,0 +1,35 @@
+import { Injectable } from '@nestjs/common';
+import { SpaceRepository } from '@app/common/modules/space/repositories';
+import { BadRequestException } from '@nestjs/common';
+
+@Injectable()
+export class SpacePermissionService {
+  constructor(private readonly spaceRepository: SpaceRepository) {}
+
+  async checkUserPermission(
+    spaceUuid: string,
+    userUuid: string,
+    type: string,
+  ): Promise<void> {
+    const spaceData = await this.spaceRepository.findOne({
+      where: {
+        uuid: spaceUuid,
+        spaceType: {
+          type: type,
+        },
+        userSpaces: {
+          user: {
+            uuid: userUuid,
+          },
+        },
+      },
+      relations: ['spaceType', 'userSpaces', 'userSpaces.user'],
+    });
+
+    if (!spaceData) {
+      throw new BadRequestException(
+        `You do not have permission to access this ${type}`,
+      );
+    }
+  }
+}

src/guards/building.permission.guard.ts

@@ -0,0 +1,35 @@
+import { SpacePermissionService } from '@app/common/helper/services/space.permission.service';
+import {
+  BadRequestException,
+  CanActivate,
+  ExecutionContext,
+  Injectable,
+} from '@nestjs/common';
+
+@Injectable()
+export class BuildingPermissionGuard implements CanActivate {
+  constructor(private readonly permissionService: SpacePermissionService) {}
+
+  async canActivate(context: ExecutionContext): Promise<boolean> {
+    const req = context.switchToHttp().getRequest();
+
+    try {
+      const { buildingUuid } = req.params;
+      const { user } = req;
+
+      if (!buildingUuid) {
+        throw new BadRequestException('buildingUuid is required');
+      }
+
+      await this.permissionService.checkUserPermission(
+        buildingUuid,
+        user.uuid,
+        'building',
+      );
+
+      return true;
+    } catch (error) {
+      throw error;
+    }
+  }
+}

src/guards/community.permission.guard.ts

@@ -0,0 +1,35 @@
+import { SpacePermissionService } from '@app/common/helper/services/space.permission.service';
+import {
+  BadRequestException,
+  CanActivate,
+  ExecutionContext,
+  Injectable,
+} from '@nestjs/common';
+
+@Injectable()
+export class CommunityPermissionGuard implements CanActivate {
+  constructor(private readonly permissionService: SpacePermissionService) {}
+
+  async canActivate(context: ExecutionContext): Promise<boolean> {
+    const req = context.switchToHttp().getRequest();
+
+    try {
+      const { communityUuid } = req.params;
+      const { user } = req;
+
+      if (!communityUuid) {
+        throw new BadRequestException('communityUuid is required');
+      }
+
+      await this.permissionService.checkUserPermission(
+        communityUuid,
+        user.uuid,
+        'community',
+      );
+
+      return true;
+    } catch (error) {
+      throw error;
+    }
+  }
+}

src/guards/floor.permission.guard.ts

@@ -0,0 +1,35 @@
+import { SpacePermissionService } from '@app/common/helper/services/space.permission.service';
+import {
+  BadRequestException,
+  CanActivate,
+  ExecutionContext,
+  Injectable,
+} from '@nestjs/common';
+
+@Injectable()
+export class FloorPermissionGuard implements CanActivate {
+  constructor(private readonly permissionService: SpacePermissionService) {}
+
+  async canActivate(context: ExecutionContext): Promise<boolean> {
+    const req = context.switchToHttp().getRequest();
+
+    try {
+      const { floorUuid } = req.params;
+      const { user } = req;
+
+      if (!floorUuid) {
+        throw new BadRequestException('floorUuid is required');
+      }
+
+      await this.permissionService.checkUserPermission(
+        floorUuid,
+        user.uuid,
+        'floor',
+      );
+
+      return true;
+    } catch (error) {
+      throw error;
+    }
+  }
+}

src/guards/room.permission.guard.ts

@@ -0,0 +1,35 @@
+import { SpacePermissionService } from '@app/common/helper/services/space.permission.service';
+import {
+  BadRequestException,
+  CanActivate,
+  ExecutionContext,
+  Injectable,
+} from '@nestjs/common';
+
+@Injectable()
+export class RoomPermissionGuard implements CanActivate {
+  constructor(private readonly permissionService: SpacePermissionService) {}
+
+  async canActivate(context: ExecutionContext): Promise<boolean> {
+    const req = context.switchToHttp().getRequest();
+
+    try {
+      const { roomUuid } = req.params;
+      const { user } = req;
+
+      if (!roomUuid) {
+        throw new BadRequestException('roomUuid is required');
+      }
+
+      await this.permissionService.checkUserPermission(
+        roomUuid,
+        user.uuid,
+        'room',
+      );
+
+      return true;
+    } catch (error) {
+      throw error;
+    }
+  }
+}

src/guards/unit.permission.guard.ts

@@ -0,0 +1,35 @@
+import { SpacePermissionService } from '@app/common/helper/services/space.permission.service';
+import {
+  BadRequestException,
+  CanActivate,
+  ExecutionContext,
+  Injectable,
+} from '@nestjs/common';
+
+@Injectable()
+export class UnitPermissionGuard implements CanActivate {
+  constructor(private readonly permissionService: SpacePermissionService) {}
+
+  async canActivate(context: ExecutionContext): Promise<boolean> {
+    const req = context.switchToHttp().getRequest();
+
+    try {
+      const { unitUuid } = req.params;
+      const { user } = req;
+
+      if (!unitUuid) {
+        throw new BadRequestException('unitUuid is required');
+      }
+
+      await this.permissionService.checkUserPermission(
+        unitUuid,
+        user.uuid,
+        'unit',
+      );
+
+      return true;
+    } catch (error) {
+      throw error;
+    }
+  }
+}