fix(api): add WorkspaceGuard to controllers and fix route ordering
This commit is contained in:
Jason Woltje
@@ -7,122 +7,75 @@ import {
|
||||
Body,
|
||||
Param,
|
||||
UseGuards,
|
||||
Request,
|
||||
UnauthorizedException,
|
||||
} from "@nestjs/common";
|
||||
import { LayoutsService } from "./layouts.service";
|
||||
import { CreateLayoutDto, UpdateLayoutDto } from "./dto";
|
||||
import { AuthGuard } from "../auth/guards/auth.guard";
|
||||
import { WorkspaceGuard, PermissionGuard } from "../common/guards";
|
||||
import { Workspace, Permission, RequirePermission } from "../common/decorators";
|
||||
import { CurrentUser } from "../auth/decorators/current-user.decorator";
|
||||
|
||||
/**
|
||||
* Controller for user layout endpoints
|
||||
* All endpoints require authentication
|
||||
*/
|
||||
@Controller("layouts")
|
||||
@UseGuards(AuthGuard)
|
||||
@UseGuards(AuthGuard, WorkspaceGuard, PermissionGuard)
|
||||
export class LayoutsController {
|
||||
constructor(private readonly layoutsService: LayoutsService) {}
|
||||
|
||||
/**
|
||||
* GET /api/layouts
|
||||
* Get all layouts for the authenticated user
|
||||
*/
|
||||
@Get()
|
||||
async findAll(@Request() req: any) {
|
||||
const workspaceId = req.user?.workspaceId;
|
||||
const userId = req.user?.id;
|
||||
|
||||
if (!workspaceId || !userId) {
|
||||
throw new UnauthorizedException("Authentication required");
|
||||
}
|
||||
|
||||
return this.layoutsService.findAll(workspaceId, userId);
|
||||
@RequirePermission(Permission.WORKSPACE_ANY)
|
||||
async findAll(
|
||||
@Workspace() workspaceId: string,
|
||||
@CurrentUser() user: any
|
||||
) {
|
||||
return this.layoutsService.findAll(workspaceId, user.id);
|
||||
}
|
||||
|
||||
/**
|
||||
* GET /api/layouts/:id
|
||||
* Get a single layout by ID
|
||||
*/
|
||||
@Get(":id")
|
||||
async findOne(@Param("id") id: string, @Request() req: any) {
|
||||
const workspaceId = req.user?.workspaceId;
|
||||
const userId = req.user?.id;
|
||||
|
||||
if (!workspaceId || !userId) {
|
||||
throw new UnauthorizedException("Authentication required");
|
||||
}
|
||||
|
||||
return this.layoutsService.findOne(id, workspaceId, userId);
|
||||
}
|
||||
|
||||
/**
|
||||
* GET /api/layouts/default
|
||||
* Get the default layout for the authenticated user
|
||||
* Falls back to the most recently created layout if no default exists
|
||||
*/
|
||||
@Get("default")
|
||||
async findDefault(@Request() req: any) {
|
||||
const workspaceId = req.user?.workspaceId;
|
||||
const userId = req.user?.id;
|
||||
|
||||
if (!workspaceId || !userId) {
|
||||
throw new UnauthorizedException("Authentication required");
|
||||
}
|
||||
|
||||
return this.layoutsService.findDefault(workspaceId, userId);
|
||||
@RequirePermission(Permission.WORKSPACE_ANY)
|
||||
async findDefault(
|
||||
@Workspace() workspaceId: string,
|
||||
@CurrentUser() user: any
|
||||
) {
|
||||
return this.layoutsService.findDefault(workspaceId, user.id);
|
||||
}
|
||||
|
||||
@Get(":id")
|
||||
@RequirePermission(Permission.WORKSPACE_ANY)
|
||||
async findOne(
|
||||
@Param("id") id: string,
|
||||
@Workspace() workspaceId: string,
|
||||
@CurrentUser() user: any
|
||||
) {
|
||||
return this.layoutsService.findOne(id, workspaceId, user.id);
|
||||
}
|
||||
|
||||
/**
|
||||
* POST /api/layouts
|
||||
* Create a new layout
|
||||
* If isDefault is true, any existing default layout will be unset
|
||||
*/
|
||||
@Post()
|
||||
async create(@Body() createLayoutDto: CreateLayoutDto, @Request() req: any) {
|
||||
const workspaceId = req.user?.workspaceId;
|
||||
const userId = req.user?.id;
|
||||
|
||||
if (!workspaceId || !userId) {
|
||||
throw new UnauthorizedException("Authentication required");
|
||||
}
|
||||
|
||||
return this.layoutsService.create(workspaceId, userId, createLayoutDto);
|
||||
@RequirePermission(Permission.WORKSPACE_MEMBER)
|
||||
async create(
|
||||
@Body() createLayoutDto: CreateLayoutDto,
|
||||
@Workspace() workspaceId: string,
|
||||
@CurrentUser() user: any
|
||||
) {
|
||||
return this.layoutsService.create(workspaceId, user.id, createLayoutDto);
|
||||
}
|
||||
|
||||
/**
|
||||
* PATCH /api/layouts/:id
|
||||
* Update a layout
|
||||
* If isDefault is set to true, any existing default layout will be unset
|
||||
*/
|
||||
@Patch(":id")
|
||||
@RequirePermission(Permission.WORKSPACE_MEMBER)
|
||||
async update(
|
||||
@Param("id") id: string,
|
||||
@Body() updateLayoutDto: UpdateLayoutDto,
|
||||
@Request() req: any
|
||||
@Workspace() workspaceId: string,
|
||||
@CurrentUser() user: any
|
||||
) {
|
||||
const workspaceId = req.user?.workspaceId;
|
||||
const userId = req.user?.id;
|
||||
|
||||
if (!workspaceId || !userId) {
|
||||
throw new UnauthorizedException("Authentication required");
|
||||
}
|
||||
|
||||
return this.layoutsService.update(id, workspaceId, userId, updateLayoutDto);
|
||||
return this.layoutsService.update(id, workspaceId, user.id, updateLayoutDto);
|
||||
}
|
||||
|
||||
/**
|
||||
* DELETE /api/layouts/:id
|
||||
* Delete a layout
|
||||
*/
|
||||
@Delete(":id")
|
||||
async remove(@Param("id") id: string, @Request() req: any) {
|
||||
const workspaceId = req.user?.workspaceId;
|
||||
const userId = req.user?.id;
|
||||
|
||||
if (!workspaceId || !userId) {
|
||||
throw new UnauthorizedException("Authentication required");
|
||||
}
|
||||
|
||||
return this.layoutsService.remove(id, workspaceId, userId);
|
||||
@RequirePermission(Permission.WORKSPACE_MEMBER)
|
||||
async remove(
|
||||
@Param("id") id: string,
|
||||
@Workspace() workspaceId: string,
|
||||
@CurrentUser() user: any
|
||||
) {
|
||||
return this.layoutsService.remove(id, workspaceId, user.id);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user