Skip to content

Commit

Permalink
feat(tickets): apply permissions checks at ticket update
Browse files Browse the repository at this point in the history
  • Loading branch information
@getlarge
getlarge committed Dec 15, 2023
1 parent b94891b commit 32ffd97
Show file tree
Hide file tree
Showing 4 changed files with 166 additions and 108 deletions.
2 changes: 1 addition & 1 deletion apps/tickets/openapi.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -174,7 +174,7 @@
"tickets"
]
},
"put": {
"patch": {
"operationId": "TicketsController_updateById",
"summary": "Update a ticket - Scope : tickets:update_one",
"description": "Update a ticket by id",
Expand Down
41 changes: 30 additions & 11 deletions apps/tickets/src/app/tickets/tickets.controller.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@ import {
Get,
HttpStatus,
Param,
Patch,
Post,
Put,
Query,
UseGuards,
UsePipes,
Expand All @@ -25,12 +25,17 @@ import {
ApiNestedQuery,
ApiPaginatedDto,
CurrentUser,
PermissionCheck,
} from '@ticketing/microservices/shared/decorators';
import { OryAuthGuard } from '@ticketing/microservices/shared/guards';
import {
OryAuthGuard,
OryPermissionGuard,
} from '@ticketing/microservices/shared/guards';
import {
PaginatedDto,
PaginateDto,
PaginateQuery,
PermissionNamespaces,
} from '@ticketing/microservices/shared/models';
import {
ParseObjectId,
Expand All @@ -39,6 +44,8 @@ import {
import { Actions, Resources } from '@ticketing/shared/constants';
import { requestValidationErrorFactory } from '@ticketing/shared/errors';
import { User } from '@ticketing/shared/models';
import { FastifyRequest } from 'fastify/types/request';
import { get } from 'lodash-es';

import {
CreateTicket,
Expand All @@ -63,7 +70,7 @@ export class TicketsController {
exceptionFactory: requestValidationErrorFactory,
transformOptions: { enableImplicitConversion: true },
forbidUnknownValues: true,
})
}),
)
@ApiBearerAuth(SecurityRequirements.Bearer)
@ApiCookieAuth(SecurityRequirements.Session)
Expand All @@ -80,7 +87,7 @@ export class TicketsController {
@Post('')
create(
@Body() ticket: CreateTicket,
@CurrentUser() currentUser: User
@CurrentUser() currentUser: User,
): Promise<Ticket> {
return this.ticketsService.create(ticket, currentUser);
}
Expand All @@ -91,7 +98,7 @@ export class TicketsController {
transform: true,
transformOptions: { enableImplicitConversion: true },
// forbidUnknownValues: true, //! FIX issue with query parsing process
})
}),
)
@ApiOperation({
description: 'Filter tickets',
Expand All @@ -101,7 +108,7 @@ export class TicketsController {
@ApiPaginatedDto(TicketDto, 'Tickets found')
@Get('')
find(
@Query(ParseQuery) paginate: PaginateQuery
@Query(ParseQuery) paginate: PaginateQuery,
): Promise<PaginatedDto<Ticket>> {
return this.ticketsService.find(paginate);
}
Expand All @@ -120,14 +127,27 @@ export class TicketsController {
return this.ticketsService.findById(id);
}

@UseGuards(OryAuthGuard)
@PermissionCheck(
({ currentUserId, resourceId }) =>
`${PermissionNamespaces[Resources.TICKETS]}:${resourceId}#owners@${
PermissionNamespaces[Resources.USERS]
}:${currentUserId}`,
(ctx) => {
const req = ctx.switchToHttp().getRequest<FastifyRequest>();
return {
currentUserId: get(req, 'user.id'),
resourceId: get(req, 'params.id'),
};
},
)
@UseGuards(OryAuthGuard, OryPermissionGuard)
@UsePipes(
new ValidationPipe({
transform: true,
exceptionFactory: requestValidationErrorFactory,
transformOptions: { enableImplicitConversion: true },
forbidUnknownValues: true,
})
}),
)
@ApiBearerAuth(SecurityRequirements.Bearer)
@ApiCookieAuth(SecurityRequirements.Session)
Expand All @@ -141,12 +161,11 @@ export class TicketsController {
description: 'Ticket updated',
type: TicketDto,
})
@Put(':id')
@Patch(':id')
updateById(
@Param('id', ParseObjectId) id: string,
@Body() ticket: UpdateTicket,
@CurrentUser() user: User
): Promise<Ticket> {
return this.ticketsService.updateById(id, ticket, user);
return this.ticketsService.updateById(id, ticket);
}
}
32 changes: 16 additions & 16 deletions libs/ng/open-api/src/lib/generated/auth/services/users.service.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ export class UsersService extends BaseService {
const rb = new RequestBuilder(
this.rootUrl,
UsersService.UsersControllerOnSignUpPath,
'post'
'post',
);
if (params) {
rb.body(params.body, 'application/json');
Expand All @@ -54,13 +54,13 @@ export class UsersService extends BaseService {
rb.build({
responseType: 'json',
accept: 'application/json',
})
}),
)
.pipe(
filter((r: any) => r instanceof HttpResponse),
map((r: HttpResponse<any>) => {
return r as StrictHttpResponse<OnOrySignUpDto>;
})
}),
);
}

Expand All @@ -78,7 +78,7 @@ export class UsersService extends BaseService {
body: OnOrySignUpDto;
}): Observable<OnOrySignUpDto> {
return this.usersControllerOnSignUp$Response(params).pipe(
map((r: StrictHttpResponse<OnOrySignUpDto>) => r.body as OnOrySignUpDto)
map((r: StrictHttpResponse<OnOrySignUpDto>) => r.body as OnOrySignUpDto),
);
}

Expand All @@ -103,7 +103,7 @@ export class UsersService extends BaseService {
const rb = new RequestBuilder(
this.rootUrl,
UsersService.UsersControllerOnSignInPath,
'post'
'post',
);
if (params) {
rb.body(params.body, 'application/json');
Expand All @@ -114,13 +114,13 @@ export class UsersService extends BaseService {
rb.build({
responseType: 'json',
accept: 'application/json',
})
}),
)
.pipe(
filter((r: any) => r instanceof HttpResponse),
map((r: HttpResponse<any>) => {
return r as StrictHttpResponse<OnOrySignInDto>;
})
}),
);
}

Expand All @@ -138,7 +138,7 @@ export class UsersService extends BaseService {
body: OnOrySignInDto;
}): Observable<OnOrySignInDto> {
return this.usersControllerOnSignIn$Response(params).pipe(
map((r: StrictHttpResponse<OnOrySignInDto>) => r.body as OnOrySignInDto)
map((r: StrictHttpResponse<OnOrySignInDto>) => r.body as OnOrySignInDto),
);
}

Expand All @@ -163,7 +163,7 @@ export class UsersService extends BaseService {
const rb = new RequestBuilder(
this.rootUrl,
UsersService.UsersControllerSignUpPath,
'post'
'post',
);
if (params) {
rb.body(params.body, 'application/json');
Expand All @@ -174,13 +174,13 @@ export class UsersService extends BaseService {
rb.build({
responseType: 'json',
accept: 'application/json',
})
}),
)
.pipe(
filter((r: any) => r instanceof HttpResponse),
map((r: HttpResponse<any>) => {
return r as StrictHttpResponse<UserDto>;
})
}),
);
}

Expand All @@ -198,7 +198,7 @@ export class UsersService extends BaseService {
body: UserCredentialsDto;
}): Observable<UserDto> {
return this.usersControllerSignUp$Response(params).pipe(
map((r: StrictHttpResponse<UserDto>) => r.body as UserDto)
map((r: StrictHttpResponse<UserDto>) => r.body as UserDto),
);
}

Expand All @@ -223,7 +223,7 @@ export class UsersService extends BaseService {
const rb = new RequestBuilder(
this.rootUrl,
UsersService.UsersControllerGetCurrentUserPath,
'get'
'get',
);
if (params) {
}
Expand All @@ -233,13 +233,13 @@ export class UsersService extends BaseService {
rb.build({
responseType: 'json',
accept: 'application/json',
})
}),
)
.pipe(
filter((r: any) => r instanceof HttpResponse),
map((r: HttpResponse<any>) => {
return r as StrictHttpResponse<UserDto>;
})
}),
);
}

Expand All @@ -255,7 +255,7 @@ export class UsersService extends BaseService {
*/
usersControllerGetCurrentUser(params?: {}): Observable<UserDto> {
return this.usersControllerGetCurrentUser$Response(params).pipe(
map((r: StrictHttpResponse<UserDto>) => r.body as UserDto)
map((r: StrictHttpResponse<UserDto>) => r.body as UserDto),
);
}
}
Loading

0 comments on commit 32ffd97

Please sign in to comment.