diff --git a/src/orientation/orientation.controller.ts b/src/orientation/orientation.controller.ts
index ef707e1fda6629ed9c24fa102b8c82f905ee6381..19113b58920a34c47f67e1cba488262ef995aeff 100644
--- a/src/orientation/orientation.controller.ts
+++ b/src/orientation/orientation.controller.ts
@@ -1,4 +1,4 @@
-import { Body, Controller, Get, Logger, Post, Request, UseGuards } from '@nestjs/common';
+import { Body, Controller, Get, Logger, Post, Query, Request, UseGuards } from '@nestjs/common';
import { ApiOperation, ApiResponse, ApiTags } from '@nestjs/swagger';
import { OrientationDto } from './dto/orientation.dto';
import { IOrientation } from './interfaces/orientation.interface';
@@ -19,9 +19,9 @@ export class OrientationController {
@ApiOperation({ summary: 'Get user orientations' })
@ApiResponse({ status: 200, description: 'Return user orientations with populated details.' })
@ApiResponse({ status: 500, description: 'Internal server error.' })
- public async find(@Request() req): Promise<any> {
- this.logger.debug('find for user ' + req.user._id);
- return this.orientationService.find(req.user._id);
+ public async find(@Request() req, @Query('structureId') structureId?: string): Promise<any> {
+ this.logger.debug(`find for user=${req.user._id}, structureId=${structureId}`);
+ return this.orientationService.find(req.user._id, structureId);
}
@Get('admin')
diff --git a/src/orientation/orientation.service.ts b/src/orientation/orientation.service.ts
index 2d4ca714d1531977d775733049aede08708554d4..91c1cd683e3011130a1a7683863ecbb64ab48834 100644
--- a/src/orientation/orientation.service.ts
+++ b/src/orientation/orientation.service.ts
@@ -1,6 +1,6 @@
import { HttpException, HttpStatus, Injectable, Logger } from '@nestjs/common';
import { InjectModel } from '@nestjs/mongoose';
-import mongoose, { Model } from 'mongoose';
+import mongoose, { Model, Types } from 'mongoose';
import { CustomStructureDto, OrientationDto } from './dto/orientation.dto';
import { IOrientation } from './interfaces/orientation.interface';
import { Orientation, OrientationDocument } from './orientation.schema';
@@ -39,6 +39,11 @@ export class OrientationService {
}
public async find(userId: string, structureId: string = null): Promise<FindOrientationDto> {
+ const user = await this.userService.findById(userId, true);
+ if (structureId && user.structuresLink.indexOf(new Types.ObjectId(structureId)) == -1) {
+ throw new HttpException('User does not have access to this structure', HttpStatus.FORBIDDEN);
+ }
+
try {
const historyStatus = ['completed', 'uncompleted', 'expired'];
let myOrientationsFilters;
@@ -47,18 +52,20 @@ export class OrientationService {
// Filter by structureId if specified
if (structureId) {
this.logger.debug(`find for structureId=${structureId}`);
- myOrientationsFilters = { orientator: userId, structureOrientator: { $in: structureId } };
+ myOrientationsFilters = { orientator: userId, structureOrientator: structureId };
todoOrientationsFilters = { structureChoice: { $in: structureId } };
} else {
// Else filter by structures of the connected user
this.logger.debug(`find for userId=${userId}`);
- const user = await this.userService.findById(userId, true);
const structureIds = user.structuresLink.map((id) => id.toString());
myOrientationsFilters = { orientator: userId };
todoOrientationsFilters = { structureChoice: { $in: structureIds } };
}
+ this.logger.debug(`myOrientationsFilters=${JSON.stringify(myOrientationsFilters)}`);
+ this.logger.debug(`todoOrientationsFilters=${JSON.stringify(todoOrientationsFilters)}`);
+
return {
myOrientations: {
inProgress: await this.findWithFilters({ ...myOrientationsFilters, status: { $nin: historyStatus } }),
@@ -76,7 +83,6 @@ export class OrientationService {
}
private async findWithFilters(filters: any): Promise<IOrientation[]> {
- this.logger.debug(`findWithFilters=${JSON.stringify(filters)}`);
const orientations = await this.OrientationModel.find(filters)
.populate('structureChoice', 'structureName')
.populate('socialWorker', 'name surname')