From 45d0882276d49b98a602fa56383eaf623ce0989f Mon Sep 17 00:00:00 2001
From: Etienne Loupias <eloupias@grandlyon.com>
Date: Thu, 13 Mar 2025 10:22:59 +0100
Subject: [PATCH] filtre structure

---
 src/orientation/orientation.controller.ts |  8 ++++----
 src/orientation/orientation.service.ts    | 14 ++++++++++----
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/src/orientation/orientation.controller.ts b/src/orientation/orientation.controller.ts
index ef707e1fd..19113b589 100644
--- a/src/orientation/orientation.controller.ts
+++ b/src/orientation/orientation.controller.ts
@@ -1,4 +1,4 @@
-import { Body, Controller, Get, Logger, Post, Request, UseGuards } from '@nestjs/common';
+import { Body, Controller, Get, Logger, Post, Query, Request, UseGuards } from '@nestjs/common';
 import { ApiOperation, ApiResponse, ApiTags } from '@nestjs/swagger';
 import { OrientationDto } from './dto/orientation.dto';
 import { IOrientation } from './interfaces/orientation.interface';
@@ -19,9 +19,9 @@ export class OrientationController {
   @ApiOperation({ summary: 'Get user orientations' })
   @ApiResponse({ status: 200, description: 'Return user orientations with populated details.' })
   @ApiResponse({ status: 500, description: 'Internal server error.' })
-  public async find(@Request() req): Promise<any> {
-    this.logger.debug('find for user ' + req.user._id);
-    return this.orientationService.find(req.user._id);
+  public async find(@Request() req, @Query('structureId') structureId?: string): Promise<any> {
+    this.logger.debug(`find for user=${req.user._id}, structureId=${structureId}`);
+    return this.orientationService.find(req.user._id, structureId);
   }
 
   @Get('admin')
diff --git a/src/orientation/orientation.service.ts b/src/orientation/orientation.service.ts
index 2d4ca714d..91c1cd683 100644
--- a/src/orientation/orientation.service.ts
+++ b/src/orientation/orientation.service.ts
@@ -1,6 +1,6 @@
 import { HttpException, HttpStatus, Injectable, Logger } from '@nestjs/common';
 import { InjectModel } from '@nestjs/mongoose';
-import mongoose, { Model } from 'mongoose';
+import mongoose, { Model, Types } from 'mongoose';
 import { CustomStructureDto, OrientationDto } from './dto/orientation.dto';
 import { IOrientation } from './interfaces/orientation.interface';
 import { Orientation, OrientationDocument } from './orientation.schema';
@@ -39,6 +39,11 @@ export class OrientationService {
   }
 
   public async find(userId: string, structureId: string = null): Promise<FindOrientationDto> {
+    const user = await this.userService.findById(userId, true);
+    if (structureId && user.structuresLink.indexOf(new Types.ObjectId(structureId)) == -1) {
+      throw new HttpException('User does not have access to this structure', HttpStatus.FORBIDDEN);
+    }
+
     try {
       const historyStatus = ['completed', 'uncompleted', 'expired'];
       let myOrientationsFilters;
@@ -47,18 +52,20 @@ export class OrientationService {
       // Filter by structureId if specified
       if (structureId) {
         this.logger.debug(`find for structureId=${structureId}`);
-        myOrientationsFilters = { orientator: userId, structureOrientator: { $in: structureId } };
+        myOrientationsFilters = { orientator: userId, structureOrientator: structureId };
         todoOrientationsFilters = { structureChoice: { $in: structureId } };
       } else {
         // Else filter by structures of the connected user
         this.logger.debug(`find for userId=${userId}`);
-        const user = await this.userService.findById(userId, true);
         const structureIds = user.structuresLink.map((id) => id.toString());
 
         myOrientationsFilters = { orientator: userId };
         todoOrientationsFilters = { structureChoice: { $in: structureIds } };
       }
 
+      this.logger.debug(`myOrientationsFilters=${JSON.stringify(myOrientationsFilters)}`);
+      this.logger.debug(`todoOrientationsFilters=${JSON.stringify(todoOrientationsFilters)}`);
+
       return {
         myOrientations: {
           inProgress: await this.findWithFilters({ ...myOrientationsFilters, status: { $nin: historyStatus } }),
@@ -76,7 +83,6 @@ export class OrientationService {
   }
 
   private async findWithFilters(filters: any): Promise<IOrientation[]> {
-    this.logger.debug(`findWithFilters=${JSON.stringify(filters)}`);
     const orientations = await this.OrientationModel.find(filters)
       .populate('structureChoice', 'structureName')
       .populate('socialWorker', 'name surname')
-- 
GitLab