Merge branch 'feat/admin-editStructure' into 'dev'

Feat/admin edit structure See merge request web-et-numerique/pamn_plateforme-des-acteurs-de-la-mediation-numerique/pamn_server!19

Merge branch 'feat/admin-editStructure' into 'dev'
33fd1eea · Hugo SUBTIL · 0750a980 · cfd276f3 · 33fd1eea · 33fd1eea
Commit 33fd1eea authored 4 years ago by Hugo SUBTIL
--- a/src/structures/structures.controller.ts
+++ b/src/structures/structures.controller.ts
-import { Body, Controller, Get, Param, ParseIntPipe, Post, Put, Query } from '@nestjs/common';
+import { Body, Controller, Get, Param, ParseIntPipe, Post, Put, Query, UseGuards } from '@nestjs/common';
+import { JwtAuthGuard } from '../auth/guards/jwt-auth.guard';
+import { Roles } from '../users/decorators/roles.decorator';
+import { IsStructureOwnerGuard } from '../users/guards/isStructureOwner.guard';
 import { User } from '../users/schemas/user.schema';
 import { UsersService } from '../users/users.service';
 import { CreateStructureDto } from './dto/create-structure.dto';
@@ -22,7 +25,8 @@ export class StructuresController {
  }

  @Put(':id')
-  //TODO: protect, only structure owner can edit it
+  @UseGuards(JwtAuthGuard, IsStructureOwnerGuard)
+  @Roles('admin')
  public async update(@Param('id') id: string, @Body() body: structureDto): Promise<Structure> {
    return this.structureService.update(id, body);
  }

--- a/src/users/guards/isStructureOwner.guard.ts
+++ b/src/users/guards/isStructureOwner.guard.ts
+import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { User } from '../schemas/user.schema';
+import { RolesGuard } from './roles.guard';
+
+@Injectable()
+export class IsStructureOwnerGuard extends RolesGuard implements CanActivate {
+  constructor(protected readonly reflector: Reflector) {
+    super(reflector);
+  }
+
+  canActivate(context: ExecutionContext): boolean {
+    const req = context.switchToHttp().getRequest();
+    const user: User = req.user;
+    const idStructure = req.params.id;
+    if (user.structuresLink.includes(idStructure)) {
+      return true;
+    }
+    return super.canActivate(context);
+  }
+}
--- a/src/users/guards/roles.guard.ts
+++ b/src/users/guards/roles.guard.ts
@@ -4,7 +4,7 @@ import { UserRole } from '../enum/user-role.enum';

 @Injectable()
 export class RolesGuard implements CanActivate {
-  constructor(private reflector: Reflector) {}
+  constructor(protected reflector: Reflector) {}

  canActivate(context: ExecutionContext): boolean {
    const roles = this.reflector.get<string[]>('roles', context.getHandler());