fix(api): add WorkspaceGuard to controllers and fix route ordering
This commit is contained in:
Jason Woltje
@@ -8,8 +8,6 @@ import {
|
||||
Param,
|
||||
Query,
|
||||
UseGuards,
|
||||
Request,
|
||||
UnauthorizedException,
|
||||
} from "@nestjs/common";
|
||||
import { IdeasService } from "./ideas.service";
|
||||
import {
|
||||
@@ -19,112 +17,68 @@ import {
|
||||
QueryIdeasDto,
|
||||
} from "./dto";
|
||||
import { AuthGuard } from "../auth/guards/auth.guard";
|
||||
import { WorkspaceGuard, PermissionGuard } from "../common/guards";
|
||||
import { Workspace, Permission, RequirePermission } from "../common/decorators";
|
||||
import { CurrentUser } from "../auth/decorators/current-user.decorator";
|
||||
|
||||
/**
|
||||
* Controller for idea endpoints
|
||||
* All endpoints require authentication
|
||||
*/
|
||||
@Controller("ideas")
|
||||
@UseGuards(AuthGuard)
|
||||
@UseGuards(AuthGuard, WorkspaceGuard, PermissionGuard)
|
||||
export class IdeasController {
|
||||
constructor(private readonly ideasService: IdeasService) {}
|
||||
|
||||
/**
|
||||
* POST /api/ideas/capture
|
||||
* Quick capture endpoint for rapid idea capture
|
||||
* Requires minimal fields: content only (title optional)
|
||||
*/
|
||||
@Post("capture")
|
||||
@RequirePermission(Permission.WORKSPACE_MEMBER)
|
||||
async capture(
|
||||
@Body() captureIdeaDto: CaptureIdeaDto,
|
||||
@Request() req: any
|
||||
@Workspace() workspaceId: string,
|
||||
@CurrentUser() user: any
|
||||
) {
|
||||
const workspaceId = req.user?.workspaceId;
|
||||
const userId = req.user?.id;
|
||||
|
||||
if (!workspaceId || !userId) {
|
||||
throw new UnauthorizedException("Authentication required");
|
||||
}
|
||||
|
||||
return this.ideasService.capture(workspaceId, userId, captureIdeaDto);
|
||||
return this.ideasService.capture(workspaceId, user.id, captureIdeaDto);
|
||||
}
|
||||
|
||||
/**
|
||||
* POST /api/ideas
|
||||
* Create a new idea with full categorization options
|
||||
*/
|
||||
@Post()
|
||||
async create(@Body() createIdeaDto: CreateIdeaDto, @Request() req: any) {
|
||||
const workspaceId = req.user?.workspaceId;
|
||||
const userId = req.user?.id;
|
||||
|
||||
if (!workspaceId || !userId) {
|
||||
throw new UnauthorizedException("Authentication required");
|
||||
}
|
||||
|
||||
return this.ideasService.create(workspaceId, userId, createIdeaDto);
|
||||
@RequirePermission(Permission.WORKSPACE_MEMBER)
|
||||
async create(
|
||||
@Body() createIdeaDto: CreateIdeaDto,
|
||||
@Workspace() workspaceId: string,
|
||||
@CurrentUser() user: any
|
||||
) {
|
||||
return this.ideasService.create(workspaceId, user.id, createIdeaDto);
|
||||
}
|
||||
|
||||
/**
|
||||
* GET /api/ideas
|
||||
* Get paginated ideas with optional filters
|
||||
* Supports status, domain, project, category, and search filters
|
||||
*/
|
||||
@Get()
|
||||
async findAll(@Query() query: QueryIdeasDto, @Request() req: any) {
|
||||
const workspaceId = req.user?.workspaceId;
|
||||
if (!workspaceId) {
|
||||
throw new UnauthorizedException("Authentication required");
|
||||
}
|
||||
@RequirePermission(Permission.WORKSPACE_ANY)
|
||||
async findAll(
|
||||
@Query() query: QueryIdeasDto,
|
||||
@Workspace() workspaceId: string
|
||||
) {
|
||||
return this.ideasService.findAll({ ...query, workspaceId });
|
||||
}
|
||||
|
||||
/**
|
||||
* GET /api/ideas/:id
|
||||
* Get a single idea by ID
|
||||
*/
|
||||
@Get(":id")
|
||||
async findOne(@Param("id") id: string, @Request() req: any) {
|
||||
const workspaceId = req.user?.workspaceId;
|
||||
if (!workspaceId) {
|
||||
throw new UnauthorizedException("Authentication required");
|
||||
}
|
||||
@RequirePermission(Permission.WORKSPACE_ANY)
|
||||
async findOne(@Param("id") id: string, @Workspace() workspaceId: string) {
|
||||
return this.ideasService.findOne(id, workspaceId);
|
||||
}
|
||||
|
||||
/**
|
||||
* PATCH /api/ideas/:id
|
||||
* Update an idea
|
||||
*/
|
||||
@Patch(":id")
|
||||
@RequirePermission(Permission.WORKSPACE_MEMBER)
|
||||
async update(
|
||||
@Param("id") id: string,
|
||||
@Body() updateIdeaDto: UpdateIdeaDto,
|
||||
@Request() req: any
|
||||
@Workspace() workspaceId: string,
|
||||
@CurrentUser() user: any
|
||||
) {
|
||||
const workspaceId = req.user?.workspaceId;
|
||||
const userId = req.user?.id;
|
||||
|
||||
if (!workspaceId || !userId) {
|
||||
throw new UnauthorizedException("Authentication required");
|
||||
}
|
||||
|
||||
return this.ideasService.update(id, workspaceId, userId, updateIdeaDto);
|
||||
return this.ideasService.update(id, workspaceId, user.id, updateIdeaDto);
|
||||
}
|
||||
|
||||
/**
|
||||
* DELETE /api/ideas/:id
|
||||
* Delete an idea
|
||||
*/
|
||||
@Delete(":id")
|
||||
async remove(@Param("id") id: string, @Request() req: any) {
|
||||
const workspaceId = req.user?.workspaceId;
|
||||
const userId = req.user?.id;
|
||||
|
||||
if (!workspaceId || !userId) {
|
||||
throw new UnauthorizedException("Authentication required");
|
||||
}
|
||||
|
||||
return this.ideasService.remove(id, workspaceId, userId);
|
||||
@RequirePermission(Permission.WORKSPACE_ADMIN)
|
||||
async remove(
|
||||
@Param("id") id: string,
|
||||
@Workspace() workspaceId: string,
|
||||
@CurrentUser() user: any
|
||||
) {
|
||||
return this.ideasService.remove(id, workspaceId, user.id);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user