Commit 3753297b authored by FORESTIER Fabien's avatar FORESTIER Fabien
Browse files

Only admins can see drafts

parent 06a45b5e
Pipeline #2367 passed with stages
in 30 seconds
import { Controller, Get, Body, Post, Param, Delete, Put, Query, Response, UploadedFile, HttpCode } from '@nestjs/common';
import { Controller, Get, Body, Post, Param, Delete, Put, Query, Response, UploadedFile, HttpCode, Req } from '@nestjs/common';
import { OrganizationsService } from './organizations.service';
import { ApiUseTags, ApiOperation, ApiResponse } from '@nestjs/swagger';
import { OrganizationDTO } from './organization.dto';
import { Organization } from './organization.entity';
import { LinkEntity } from '../links/link.entity';
import { Groups } from '../decorators/groups.decorators';
import { ConfigService } from '../configuration/config.service';
@ApiUseTags('organizations')
@Controller('organizations')
......@@ -12,13 +13,17 @@ export class OrganizationsController {
constructor(
private organizationsService: OrganizationsService,
private _configService: ConfigService,
) { }
@ApiOperation({ title: 'Get all organizations' })
@ApiResponse({ status: 200, description: 'Return all organizations.', type: Organization, isArray: true })
@Get()
async findAll(@Query() query, @Response() res): Promise<Organization[]> {
const { organizations, organizationsCount } = await this.organizationsService.findAll(query);
async findAll(@Query() query, @Response() res, @Req() req): Promise<Organization[]> {
const userGroups = req.headers[this._configService.config.groupHeader] ?
req.headers[this._configService.config.groupHeader].split(',').map(e => e.trim()) :
[];
const { organizations, organizationsCount } = await this.organizationsService.findAll(userGroups, query);
res.append('Content-range', organizationsCount);
res.send(organizations);
return;
......
......@@ -5,6 +5,7 @@ import { LinksService } from '../links/links.service';
import { OrganizationsRO, OrganizationDTO } from './organization.dto';
import { OrganizationRepository } from './organization.repository';
import * as uuidv4 from 'uuid/v4';
import { ConfigService } from '../configuration/config.service';
@Injectable()
export class OrganizationsService {
......@@ -15,11 +16,12 @@ export class OrganizationsService {
@InjectRepository(Organization)
private organizationRepository: OrganizationRepository,
private linksService: LinksService,
private _configService: ConfigService,
) {
this.logger = new Logger(OrganizationsService.name);
}
async findAll(query?): Promise<OrganizationsRO> {
async findAll(userGroups, query): Promise<OrganizationsRO> {
try {
this.logger.log('Entering function', `${OrganizationsService.name} - ${this.findAll.name}`);
......@@ -28,7 +30,14 @@ export class OrganizationsService {
.leftJoinAndSelect('organization.links', 'links');
const [key, value] = query.q ? query.q.split(':') : [null, null];
key && value ? qb.where(`organization.${key} = :value`, { value }) : null;
// Only admin can drafts
if (!userGroups || !userGroups.includes(this._configService.config.groupNames.admin)) {
qb.where(`organization.published = true`);
key && value ? qb.andWhere(`organization.${key} = :value`, { value }) : null;
} else {
key && value ? qb.where(`organization.${key} = :value`, { value }) : null;
}
// Sorting
if ('sort_by' in query) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment