mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases 2 Wiki Activity

fix(api): add WorkspaceGuard to controllers and fix route ordering

Browse Source
This commit is contained in:
Jason Woltje
2026-01-29 20:15:33 -06:00
parent 9977d9bcf4
commit 48abdbba8b
8 changed files with 216 additions and 541 deletions
Download Patch File Download Diff File Expand all files Collapse all files

93
apps/api/src/projects/projects.controller.ts
View File

@@ -8,97 +8,62 @@ import {
Param,
Query,
UseGuards,
Request,
UnauthorizedException,
} from "@nestjs/common";
import { ProjectsService } from "./projects.service";
import { CreateProjectDto, UpdateProjectDto, QueryProjectsDto } from "./dto";
import { AuthGuard } from "../auth/guards/auth.guard";
import { WorkspaceGuard, PermissionGuard } from "../common/guards";
import { Workspace, Permission, RequirePermission } from "../common/decorators";
import { CurrentUser } from "../auth/decorators/current-user.decorator";
/**
* Controller for project endpoints
* All endpoints require authentication
*/
@Controller("projects")
@UseGuards(AuthGuard)
@UseGuards(AuthGuard, WorkspaceGuard, PermissionGuard)
export class ProjectsController {
constructor(private readonly projectsService: ProjectsService) {}
/**
* POST /api/projects
* Create a new project
*/
@Post()
async create(@Body() createProjectDto: CreateProjectDto, @Request() req: any) {
const workspaceId = req.user?.workspaceId;
const userId = req.user?.id;
if (!workspaceId || !userId) {
throw new UnauthorizedException("Authentication required");
}
return this.projectsService.create(workspaceId, userId, createProjectDto);
@RequirePermission(Permission.WORKSPACE_MEMBER)
async create(
@Body() createProjectDto: CreateProjectDto,
@Workspace() workspaceId: string,
@CurrentUser() user: any
) {
return this.projectsService.create(workspaceId, user.id, createProjectDto);
}
/**
* GET /api/projects
* Get paginated projects with optional filters
*/
@Get()
async findAll(@Query() query: QueryProjectsDto, @Request() req: any) {
const workspaceId = req.user?.workspaceId;
if (!workspaceId) {
throw new UnauthorizedException("Authentication required");
}
@RequirePermission(Permission.WORKSPACE_ANY)
async findAll(
@Query() query: QueryProjectsDto,
@Workspace() workspaceId: string
) {
return this.projectsService.findAll({ ...query, workspaceId });
}
/**
* GET /api/projects/:id
* Get a single project by ID
*/
@Get(":id")
async findOne(@Param("id") id: string, @Request() req: any) {
const workspaceId = req.user?.workspaceId;
if (!workspaceId) {
throw new UnauthorizedException("Authentication required");
}
@RequirePermission(Permission.WORKSPACE_ANY)
async findOne(@Param("id") id: string, @Workspace() workspaceId: string) {
return this.projectsService.findOne(id, workspaceId);
}
/**
* PATCH /api/projects/:id
* Update a project
*/
@Patch(":id")
@RequirePermission(Permission.WORKSPACE_MEMBER)
async update(
@Param("id") id: string,
@Body() updateProjectDto: UpdateProjectDto,
@Request() req: any
@Workspace() workspaceId: string,
@CurrentUser() user: any
) {
const workspaceId = req.user?.workspaceId;
const userId = req.user?.id;
if (!workspaceId || !userId) {
throw new UnauthorizedException("Authentication required");
}
return this.projectsService.update(id, workspaceId, userId, updateProjectDto);
return this.projectsService.update(id, workspaceId, user.id, updateProjectDto);
}
/**
* DELETE /api/projects/:id
* Delete a project
*/
@Delete(":id")
async remove(@Param("id") id: string, @Request() req: any) {
const workspaceId = req.user?.workspaceId;
const userId = req.user?.id;
if (!workspaceId || !userId) {
throw new UnauthorizedException("Authentication required");
}
return this.projectsService.remove(id, workspaceId, userId);
@RequirePermission(Permission.WORKSPACE_ADMIN)
async remove(
@Param("id") id: string,
@Workspace() workspaceId: string,
@CurrentUser() user: any
) {
return this.projectsService.remove(id, workspaceId, user.id);
}
}