From 07d12bc0dc4b850f4d87ac5e6f6c66022eb328fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Diego=20Iv=C3=A1n?= <80365304+Diego-lvan@users.noreply.github.com> Date: Wed, 19 Jun 2024 12:18:38 -0600 Subject: [PATCH 1/9] corrigiendo entidad Admin --- backend/src/admin/entities/admin.entity.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/backend/src/admin/entities/admin.entity.ts b/backend/src/admin/entities/admin.entity.ts index ec777819..e5f847db 100644 --- a/backend/src/admin/entities/admin.entity.ts +++ b/backend/src/admin/entities/admin.entity.ts @@ -9,8 +9,8 @@ export class Admin { email: string; @JoinColumn({ name: 'idTown' }) - @ManyToOne(() => Town, { nullable: true }) - idTown: number; + @ManyToOne(() => Town, (town) => town.townId, { nullable: true, eager: true }) + idTown: Town; @Column() name: string; -- GitLab From 520270b9812ad81b068cae1a18caaa8272148620 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Diego=20Iv=C3=A1n?= <80365304+Diego-lvan@users.noreply.github.com> Date: Wed, 19 Jun 2024 12:23:44 -0600 Subject: [PATCH 2/9] cambiando de carpeta auth source --- backend/src/admin/admin.module.ts | 4 +++- backend/src/admin/admin.service.ts | 9 +++++++-- backend/src/app.module.ts | 6 ++---- .../{auth.guard.ts => authAdmin.guard.ts} | 15 ++++++++++----- backend/src/auth/admin/authAdmin.module.ts | 9 ++++++--- ...uthAdminservice.ts => authAdmin.service.ts} | 12 +++++++++++- .../src/auth/admin/interface/customAdminReq.ts | 6 ++++++ backend/src/shared/service/auth.module.ts | 11 ----------- backend/src/shared/service/auth.service.ts | 18 ------------------ 9 files changed, 45 insertions(+), 45 deletions(-) rename backend/src/auth/admin/{auth.guard.ts => authAdmin.guard.ts} (55%) rename backend/src/auth/admin/{authAdminservice.ts => authAdmin.service.ts} (81%) create mode 100644 backend/src/auth/admin/interface/customAdminReq.ts delete mode 100644 backend/src/shared/service/auth.module.ts delete mode 100644 backend/src/shared/service/auth.service.ts diff --git a/backend/src/admin/admin.module.ts b/backend/src/admin/admin.module.ts index 778d6c9f..15c3c09e 100644 --- a/backend/src/admin/admin.module.ts +++ b/backend/src/admin/admin.module.ts @@ -3,10 +3,12 @@ import { AdminService } from './admin.service'; import { AdminController } from './admin.controller'; import { TypeOrmModule } from '@nestjs/typeorm'; import { Admin } from './entities/admin.entity'; +import { Town } from 'src/town/entities/town.entity'; @Module({ controllers: [AdminController], providers: [AdminService], - imports: [TypeOrmModule.forFeature([Admin])], + imports: [TypeOrmModule.forFeature([Admin, Town])], + exports: [AdminService], }) export class AdminModule {} diff --git a/backend/src/admin/admin.service.ts b/backend/src/admin/admin.service.ts index 3ec4fcc2..ff36b7a5 100644 --- a/backend/src/admin/admin.service.ts +++ b/backend/src/admin/admin.service.ts @@ -3,12 +3,17 @@ import { CreateAdminDto } from './dto/create-admin.dto'; import { Admin } from './entities/admin.entity'; import { Repository } from 'typeorm'; import { InjectRepository } from '@nestjs/typeorm'; +import { Town } from 'src/town/entities/town.entity'; @Injectable() export class AdminService { - constructor(@InjectRepository(Admin) private adminRepository: Repository) {} + constructor( + @InjectRepository(Admin) private adminRepository: Repository, + @InjectRepository(Town) private townRepository: Repository, + ) {} async create(createAdminDto: CreateAdminDto) { - await this.adminRepository.insert(createAdminDto); + const town = await this.townRepository.findOneByOrFail({ townId: createAdminDto.idTown }); + await this.adminRepository.insert({ ...createAdminDto, idTown: town }); } async findOne(email: string): Promise { diff --git a/backend/src/app.module.ts b/backend/src/app.module.ts index a03fa800..719f3f5c 100644 --- a/backend/src/app.module.ts +++ b/backend/src/app.module.ts @@ -17,9 +17,8 @@ import { join } from 'path'; import { Town } from './town/entities/town.entity'; import { TownModule } from './town/town.module'; import { TownTraduction } from './town/entities/town-traduction.entity'; -import { AuthModule } from './shared/service/auth.module'; import { APP_GUARD } from '@nestjs/core'; -import { AuthGuard } from './auth/admin/auth.guard'; +import { AuthAdminGuard } from './auth/admin/authAdmin.guard'; import { PlaceModule } from './place/place.module'; import { Place } from './place/entities/place.entity'; import { PointOfInterestModule } from './pointOfInterest/PointOfInterest.module'; @@ -59,7 +58,6 @@ import { PlaceTraduction } from './place/entities/place-traduction.entity'; StateModule, DatabaseSeederModule, TownModule, - AuthModule, PlaceModule, ServeStaticModule.forRoot({ rootPath: join(__dirname, '..', 'static'), @@ -67,7 +65,7 @@ import { PlaceTraduction } from './place/entities/place-traduction.entity'; PointOfInterestModule, ], controllers: [AppController], - providers: [AppService, DatabaseSeederModule, { provide: APP_GUARD, useClass: AuthGuard }], + providers: [AppService, DatabaseSeederModule, { provide: APP_GUARD, useClass: AuthAdminGuard }], exports: [TypeOrmModule], }) export class AppModule {} diff --git a/backend/src/auth/admin/auth.guard.ts b/backend/src/auth/admin/authAdmin.guard.ts similarity index 55% rename from backend/src/auth/admin/auth.guard.ts rename to backend/src/auth/admin/authAdmin.guard.ts index 067114b2..29d9093b 100644 --- a/backend/src/auth/admin/auth.guard.ts +++ b/backend/src/auth/admin/authAdmin.guard.ts @@ -1,12 +1,14 @@ import { CanActivate, ExecutionContext, Injectable, UnauthorizedException } from '@nestjs/common'; import { Reflector } from '@nestjs/core'; -import { AuthService } from 'src/shared/service/auth.service'; import { Roles } from '../role.decorator'; +import { AuthAdminService } from './authAdmin.service'; +import { AdminService } from 'src/admin/admin.service'; @Injectable() -export class AuthGuard implements CanActivate { +export class AuthAdminGuard implements CanActivate { constructor( - private authService: AuthService, + private authAdminService: AuthAdminService, + private adminService: AdminService, private reflector: Reflector, ) {} async canActivate(context: ExecutionContext): Promise { @@ -16,8 +18,11 @@ export class AuthGuard implements CanActivate { let { authorization }: any = request.headers; if (!authorization) throw new UnauthorizedException('session expired! Please sign In'); authorization = authorization.split(' ')[1]; - const role = await this.authService.validateToken(authorization); - if (!requiredRole.includes(role)) throw new UnauthorizedException('Unauthorized access'); + const jwtPayload = await this.authAdminService.validateToken(authorization); + if (!requiredRole.includes(jwtPayload.role)) throw new UnauthorizedException('Unauthorized access'); + const admin = await this.adminService.findOne(jwtPayload.email); + console.log({ admin }); + request.admin = { ...admin }; return true; } } diff --git a/backend/src/auth/admin/authAdmin.module.ts b/backend/src/auth/admin/authAdmin.module.ts index 99ab369d..8714d7af 100644 --- a/backend/src/auth/admin/authAdmin.module.ts +++ b/backend/src/auth/admin/authAdmin.module.ts @@ -3,13 +3,16 @@ import { AuthAdminController } from './authAdmincontroller'; import { EncryptionService } from '../encryption/encryption.service'; import { TypeOrmModule } from '@nestjs/typeorm'; import { Admin } from 'src/admin/entities/admin.entity'; -import { AuthAdminService } from './authAdminservice'; +import { AuthAdminService } from './authAdmin.service'; import { AdminService } from 'src/admin/admin.service'; import { JwtService } from '@nestjs/jwt'; +import { AuthAdminGuard } from './authAdmin.guard'; +import { Town } from 'src/town/entities/town.entity'; @Module({ controllers: [AuthAdminController], - providers: [AuthAdminService, AdminService, JwtService, EncryptionService], - imports: [TypeOrmModule.forFeature([Admin])], + providers: [AuthAdminService, AdminService, JwtService, EncryptionService, AuthAdminGuard], + imports: [TypeOrmModule.forFeature([Admin, Town])], + exports: [AuthAdminService], }) export class AuthAdminModule {} diff --git a/backend/src/auth/admin/authAdminservice.ts b/backend/src/auth/admin/authAdmin.service.ts similarity index 81% rename from backend/src/auth/admin/authAdminservice.ts rename to backend/src/auth/admin/authAdmin.service.ts index f94aa66b..69e17602 100644 --- a/backend/src/auth/admin/authAdminservice.ts +++ b/backend/src/auth/admin/authAdmin.service.ts @@ -1,4 +1,4 @@ -import { HttpException, HttpStatus, Injectable } from '@nestjs/common'; +import { HttpException, HttpStatus, Injectable, UnauthorizedException } from '@nestjs/common'; import { AdminService } from 'src/admin/admin.service'; import { JwtService } from '@nestjs/jwt'; import { EncryptionService } from '../encryption/encryption.service'; @@ -8,6 +8,7 @@ import { JwtConstants } from 'src/constants/jwt.constants'; import { AdminSigninResDto } from './dto/admin-signin-res.dto'; import { Admin } from 'src/admin/entities/admin.entity'; import { ADMIN_ROLE } from 'src/shared/enum/admin-role.enum'; +import { PayloadJwtDto } from 'src/shared/dto/payload-jwt.dto'; @Injectable() export class AuthAdminService { @@ -48,4 +49,13 @@ export class AuthAdminService { }; return adminSigninResDto; } + + async validateToken(token: string): Promise { + try { + const payload: PayloadJwtDto = await this.jwtService.verify(token, { secret: JwtConstants.SECRET }); + return payload; + } catch (error) { + throw new UnauthorizedException('Invalid token'); + } + } } diff --git a/backend/src/auth/admin/interface/customAdminReq.ts b/backend/src/auth/admin/interface/customAdminReq.ts new file mode 100644 index 00000000..29a00989 --- /dev/null +++ b/backend/src/auth/admin/interface/customAdminReq.ts @@ -0,0 +1,6 @@ +import { Request } from 'express'; +import { Admin } from 'src/admin/entities/admin.entity'; + +export interface CustomAdminRequest extends Request { + admin?: Admin; +} diff --git a/backend/src/shared/service/auth.module.ts b/backend/src/shared/service/auth.module.ts deleted file mode 100644 index 02d7b024..00000000 --- a/backend/src/shared/service/auth.module.ts +++ /dev/null @@ -1,11 +0,0 @@ -import { Module } from '@nestjs/common'; -import { JwtService } from '@nestjs/jwt'; -import { AuthService } from './auth.service'; - -@Module({ - controllers: [], - providers: [JwtService, AuthService], - imports: [], - exports: [AuthService], -}) -export class AuthModule {} diff --git a/backend/src/shared/service/auth.service.ts b/backend/src/shared/service/auth.service.ts deleted file mode 100644 index 72d99288..00000000 --- a/backend/src/shared/service/auth.service.ts +++ /dev/null @@ -1,18 +0,0 @@ -import { Injectable, UnauthorizedException } from '@nestjs/common'; -import { JwtService } from '@nestjs/jwt'; -import { JwtConstants } from 'src/constants/jwt.constants'; -import { PayloadJwtDto } from 'src/shared/dto/payload-jwt.dto'; - -@Injectable() -export class AuthService { - constructor(private jwtService: JwtService) {} - - async validateToken(token: string): Promise { - try { - const payload: PayloadJwtDto = await this.jwtService.verify(token, { secret: JwtConstants.SECRET }); - return payload.role; - } catch (error) { - throw new UnauthorizedException('Invalid token'); - } - } -} -- GitLab From f00d399fbb14e43726b9f7fff01d6222c8f0bb0d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Diego=20Iv=C3=A1n?= <80365304+Diego-lvan@users.noreply.github.com> Date: Wed, 19 Jun 2024 12:23:56 -0600 Subject: [PATCH 3/9] agregando rol de user --- backend/src/shared/enum/admin-role.enum.ts | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/backend/src/shared/enum/admin-role.enum.ts b/backend/src/shared/enum/admin-role.enum.ts index e398a935..291f9b1a 100644 --- a/backend/src/shared/enum/admin-role.enum.ts +++ b/backend/src/shared/enum/admin-role.enum.ts @@ -3,5 +3,13 @@ export enum ADMIN_ROLE { SUPERADMIN = 'superadmin', } +export const USER_ROLE = 'user'; + +export enum ALL_ROLES { + SUPER_ADMIN = ADMIN_ROLE.SUPERADMIN, + ADMIN = ADMIN_ROLE.ADMIN, + USER = USER_ROLE, +} + export const ADMIN_ROLES = [ADMIN_ROLE.ADMIN, ADMIN_ROLE.SUPERADMIN]; export const SUPERADMIN_ROLES = [ADMIN_ROLE.SUPERADMIN]; -- GitLab From a4cc18817bef10fd760d0a0bc928b3713b7aa04d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Diego=20Iv=C3=A1n?= <80365304+Diego-lvan@users.noreply.github.com> Date: Wed, 19 Jun 2024 12:25:09 -0600 Subject: [PATCH 4/9] agregando role user a dto --- backend/src/auth/user/authUserservice.ts | 4 +++- backend/src/auth/user/dto/user-signin-res.dto.ts | 3 +++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/backend/src/auth/user/authUserservice.ts b/backend/src/auth/user/authUserservice.ts index 2e5c49a0..a3122c86 100644 --- a/backend/src/auth/user/authUserservice.ts +++ b/backend/src/auth/user/authUserservice.ts @@ -7,6 +7,7 @@ import { User } from 'src/user/entities/user.entity'; import { UserService } from 'src/user/user.service'; import { CreateUserDto } from 'src/user/dto/create-user.dto'; import { LoginUserDto } from './dto/login-user.dto'; +import { ALL_ROLES } from 'src/shared/enum/admin-role.enum'; @Injectable() export class AuthUserService { @@ -40,7 +41,7 @@ export class AuthUserService { throw new UnauthorizedException('Invalid credentials'); } const accessToken = await this.jwtService.sign( - { email: user.email, name: user.name, lastName: user.lastName }, + { email: user.email, name: user.name, lastName: user.lastName, role: ALL_ROLES.USER }, { secret: JwtConstants.SECRET }, ); const userSigninResDto: UserSigninResDto = { @@ -49,6 +50,7 @@ export class AuthUserService { name: user.name, lastName: user.lastName, token: accessToken, + role: ALL_ROLES.USER, }; return userSigninResDto; } diff --git a/backend/src/auth/user/dto/user-signin-res.dto.ts b/backend/src/auth/user/dto/user-signin-res.dto.ts index f703702a..632d3ee9 100644 --- a/backend/src/auth/user/dto/user-signin-res.dto.ts +++ b/backend/src/auth/user/dto/user-signin-res.dto.ts @@ -1,4 +1,5 @@ import { ApiProperty } from '@nestjs/swagger'; +import { ALL_ROLES } from 'src/shared/enum/admin-role.enum'; export class UserSigninResDto { @ApiProperty() @@ -11,4 +12,6 @@ export class UserSigninResDto { lastName: string; @ApiProperty() token: string; + @ApiProperty() + role: ALL_ROLES.USER; } -- GitLab From 1b735d111e784566d676aae85fc45dbffd29ba52 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Diego=20Iv=C3=A1n?= <80365304+Diego-lvan@users.noreply.github.com> Date: Wed, 19 Jun 2024 12:25:46 -0600 Subject: [PATCH 5/9] agregando idTown 1 a el Admin por defecto --- backend/src/database-seeder/database-seeder.service.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/backend/src/database-seeder/database-seeder.service.ts b/backend/src/database-seeder/database-seeder.service.ts index f5cec734..6e678340 100644 --- a/backend/src/database-seeder/database-seeder.service.ts +++ b/backend/src/database-seeder/database-seeder.service.ts @@ -7,7 +7,7 @@ import * as data from './states.json'; import { CreateAdminDto } from 'src/admin/dto/create-admin.dto'; import { ADMIN_ROLE } from 'src/shared/enum/admin-role.enum'; import { UserStatus } from 'src/shared/enum/user-status.enum'; -import { AuthAdminService } from 'src/auth/admin/authAdminservice'; +import { AuthAdminService } from 'src/auth/admin/authAdmin.service'; import { TownService } from 'src/town/town.service'; import { CreateTownDto } from 'src/town/dto/create-town.dto'; import { PointOfInterestService } from 'src/pointOfInterest/PointOfInterest.service'; @@ -43,7 +43,7 @@ export class DatabaseSeederService implements OnModuleInit { }; const createAdmin: CreateAdminDto = { email: 'admin@gmail.com', - idTown: null, + idTown: 1, password: '123', name: 'Admin', lastName: 'admin', -- GitLab From c22f715026dd25f17af77b26dc424ea3c0da948f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Diego=20Iv=C3=A1n?= <80365304+Diego-lvan@users.noreply.github.com> Date: Wed, 19 Jun 2024 12:26:03 -0600 Subject: [PATCH 6/9] renombrando path --- backend/src/database-seeder/database-seeder.module.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/src/database-seeder/database-seeder.module.ts b/backend/src/database-seeder/database-seeder.module.ts index 28c53db5..80f8867d 100644 --- a/backend/src/database-seeder/database-seeder.module.ts +++ b/backend/src/database-seeder/database-seeder.module.ts @@ -6,7 +6,7 @@ import { State } from 'src/state/entities/state.entity'; import { StateService } from 'src/state/state.service'; import { Town } from 'src/town/entities/town.entity'; import { Admin } from 'src/admin/entities/admin.entity'; -import { AuthAdminService } from 'src/auth/admin/authAdminservice'; +import { AuthAdminService } from 'src/auth/admin/authAdmin.service'; import { AdminService } from 'src/admin/admin.service'; import { JwtService } from '@nestjs/jwt'; import { EncryptionService } from 'src/auth/encryption/encryption.service'; -- GitLab From 4802f05d45b247b1c5653991b843527c5a17e237 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Diego=20Iv=C3=A1n?= <80365304+Diego-lvan@users.noreply.github.com> Date: Wed, 19 Jun 2024 12:26:42 -0600 Subject: [PATCH 7/9] agrengand validacion para que un admin solo pueda cambiar places de un town --- backend/src/place/place.controller.ts | 32 +++++++++++++++++++++++---- 1 file changed, 28 insertions(+), 4 deletions(-) diff --git a/backend/src/place/place.controller.ts b/backend/src/place/place.controller.ts index c221715c..e80d6dc3 100644 --- a/backend/src/place/place.controller.ts +++ b/backend/src/place/place.controller.ts @@ -1,4 +1,15 @@ -import { Controller, Get, Post, Body, Param, UseInterceptors, UploadedFile, Query } from '@nestjs/common'; +import { + Controller, + Get, + Post, + Body, + Param, + UseInterceptors, + UploadedFile, + Query, + UnauthorizedException, + Req, +} from '@nestjs/common'; import { PlaceService } from './place.service'; import { CreatePlaceDateTradDto } from './dto/create-place-date.dto'; import { ApiBearerAuth, ApiBody, ApiConsumes, ApiParam, ApiQuery, ApiTags } from '@nestjs/swagger'; @@ -7,6 +18,7 @@ import { ADMIN_ROLES } from 'src/shared/enum/admin-role.enum'; import { fileInterceptor } from 'src/shared/interceptors/file-save.interceptor'; import { FileValidationPipe } from 'src/shared/pipe/file-validation.pipe'; import { LANGUAGES } from 'src/shared/enum/languages.enum'; +import { CustomAdminRequest } from 'src/auth/admin/interface/customAdminReq'; @Controller('place') @ApiTags('Place') @@ -19,9 +31,21 @@ export class PlaceController { @ApiBearerAuth('jwt') @Post() @UseInterceptors(fileInterceptor('image', 'static/places/', ['.jpg', '.jpeg', '.png'])) - async create(@UploadedFile(new FileValidationPipe()) file, @Body() createPlaceDto: CreatePlaceDateTradDto) { - createPlaceDto.image = file; - return await this.placeService.create(createPlaceDto); + async create( + @UploadedFile(new FileValidationPipe()) file, + @Body() createPlaceDto: CreatePlaceDateTradDto, + @Req() req: CustomAdminRequest, + ) { + try { + console.log({ idTown: req.admin.idTown, createPlaceDto }); + if (req.admin.idTown.townId != createPlaceDto.idTown) { + throw new UnauthorizedException('This is not your assigned town'); + } + createPlaceDto.image = file; + return await this.placeService.create(createPlaceDto); + } catch (e) { + throw e; + } } @ApiQuery({ name: 'lang', type: String }) -- GitLab From 7c94ef9936587a5914f38be6f09feb27d30dd5fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Diego=20Iv=C3=A1n?= <80365304+Diego-lvan@users.noreply.github.com> Date: Wed, 19 Jun 2024 12:26:51 -0600 Subject: [PATCH 8/9] renombrando path --- backend/src/auth/admin/authAdmincontroller.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/src/auth/admin/authAdmincontroller.ts b/backend/src/auth/admin/authAdmincontroller.ts index ff6b3d09..6aeadfc9 100644 --- a/backend/src/auth/admin/authAdmincontroller.ts +++ b/backend/src/auth/admin/authAdmincontroller.ts @@ -1,5 +1,5 @@ import { Body, Controller, Post } from '@nestjs/common'; -import { AuthAdminService } from './authAdminservice'; +import { AuthAdminService } from './authAdmin.service'; import { CreateAdminDto } from 'src/admin/dto/create-admin.dto'; import { LoginAdminDto } from 'src/auth/admin/dto/login-admin.dto'; import { ApiBearerAuth, ApiBody, ApiCreatedResponse, ApiTags, ApiUnauthorizedResponse } from '@nestjs/swagger'; -- GitLab From 1638df675f278cc30088c5b2b1c9e7f3dd61ce74 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Diego=20Iv=C3=A1n?= <80365304+Diego-lvan@users.noreply.github.com> Date: Thu, 20 Jun 2024 20:49:03 -0600 Subject: [PATCH 9/9] agregando validacion de que el admin solo pueda actualizar su town asignado --- backend/src/auth/admin/authAdmin.guard.ts | 1 - backend/src/place/place.controller.ts | 5 ++--- backend/src/town/town.controller.ts | 25 +++++++++++++++++++---- 3 files changed, 23 insertions(+), 8 deletions(-) diff --git a/backend/src/auth/admin/authAdmin.guard.ts b/backend/src/auth/admin/authAdmin.guard.ts index 29d9093b..0eb5b671 100644 --- a/backend/src/auth/admin/authAdmin.guard.ts +++ b/backend/src/auth/admin/authAdmin.guard.ts @@ -21,7 +21,6 @@ export class AuthAdminGuard implements CanActivate { const jwtPayload = await this.authAdminService.validateToken(authorization); if (!requiredRole.includes(jwtPayload.role)) throw new UnauthorizedException('Unauthorized access'); const admin = await this.adminService.findOne(jwtPayload.email); - console.log({ admin }); request.admin = { ...admin }; return true; } diff --git a/backend/src/place/place.controller.ts b/backend/src/place/place.controller.ts index e80d6dc3..3a2eedb0 100644 --- a/backend/src/place/place.controller.ts +++ b/backend/src/place/place.controller.ts @@ -14,7 +14,7 @@ import { PlaceService } from './place.service'; import { CreatePlaceDateTradDto } from './dto/create-place-date.dto'; import { ApiBearerAuth, ApiBody, ApiConsumes, ApiParam, ApiQuery, ApiTags } from '@nestjs/swagger'; import { Roles } from 'src/auth/role.decorator'; -import { ADMIN_ROLES } from 'src/shared/enum/admin-role.enum'; +import { ALL_ROLES } from 'src/shared/enum/admin-role.enum'; import { fileInterceptor } from 'src/shared/interceptors/file-save.interceptor'; import { FileValidationPipe } from 'src/shared/pipe/file-validation.pipe'; import { LANGUAGES } from 'src/shared/enum/languages.enum'; @@ -27,7 +27,7 @@ export class PlaceController { @ApiBody({ type: CreatePlaceDateTradDto }) @ApiConsumes('multipart/form-data') - @Roles(ADMIN_ROLES) + @Roles([ALL_ROLES.ADMIN]) @ApiBearerAuth('jwt') @Post() @UseInterceptors(fileInterceptor('image', 'static/places/', ['.jpg', '.jpeg', '.png'])) @@ -37,7 +37,6 @@ export class PlaceController { @Req() req: CustomAdminRequest, ) { try { - console.log({ idTown: req.admin.idTown, createPlaceDto }); if (req.admin.idTown.townId != createPlaceDto.idTown) { throw new UnauthorizedException('This is not your assigned town'); } diff --git a/backend/src/town/town.controller.ts b/backend/src/town/town.controller.ts index 4e986796..79a81737 100644 --- a/backend/src/town/town.controller.ts +++ b/backend/src/town/town.controller.ts @@ -1,12 +1,25 @@ -import { Controller, Get, Post, Param, UseInterceptors, UploadedFile, Body, Query, Patch } from '@nestjs/common'; +import { + Controller, + Get, + Post, + Param, + UseInterceptors, + UploadedFile, + Body, + Query, + Patch, + Req, + UnauthorizedException, +} from '@nestjs/common'; import { TownService } from './town.service'; import { ApiBearerAuth, ApiBody, ApiConsumes, ApiParam, ApiQuery, ApiTags } from '@nestjs/swagger'; import { FileValidationPipe } from 'src/shared/pipe/file-validation.pipe'; import { fileInterceptor } from 'src/shared/interceptors/file-save.interceptor'; import { CreateTownDto } from './dto/create-town.dto'; import { Roles } from 'src/auth/role.decorator'; -import { SUPERADMIN_ROLES } from 'src/shared/enum/admin-role.enum'; +import { ALL_ROLES, SUPERADMIN_ROLES } from 'src/shared/enum/admin-role.enum'; import { CreateTownReqDto } from './dto/createTownReq.dto'; +import { CustomAdminRequest } from 'src/auth/admin/interface/customAdminReq'; @Controller() @ApiTags('Pueblos') export class TownController { @@ -46,7 +59,7 @@ export class TownController { } } - @Roles(SUPERADMIN_ROLES) + @Roles([ALL_ROLES.ADMIN]) @ApiBearerAuth('jwt') @ApiBody({ type: CreateTownReqDto }) @ApiConsumes('multipart/form-data') @@ -56,8 +69,12 @@ export class TownController { @Param('idTown') idTown: number, @UploadedFile(new FileValidationPipe()) file, @Body() createTownReqDto: CreateTownReqDto, + @Req() req: CustomAdminRequest, ) { try { + if (req.admin.idTown.townId != idTown) { + throw new UnauthorizedException('This is not your assigned town'); + } const updateTownDto: CreateTownDto = { name: createTownReqDto.name, imageName: file.filename, @@ -66,7 +83,7 @@ export class TownController { state: createTownReqDto.state, }; await this.townService.update(idTown, updateTownDto); - return { message: 'Town created successfully' }; + return { message: 'Town updated successfully' }; } catch (error) { throw error; } -- GitLab