QT/bigcapital
1
0
Fork 0
mirror of https://github.com/bigcapitalhq/bigcapital.git synced 2026-02-20 06:40:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(server): premissions guard for read and write endpoints

Browse Source
This commit is contained in:
Ahmed Bouhuolia
2026-02-15 22:55:10 +02:00
parent af80afcf59
commit 2d39e38578
31 changed files with 423 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
packages/server/src/modules/Settings/Settings.controller.ts
View File

@@ -1,16 +1,22 @@
import { ApiOperation, ApiTags } from '@nestjs/swagger';
import { Body, Controller, Get, Put } from '@nestjs/common';
import { Body, Controller, Get, Put, UseGuards } from '@nestjs/common';
import { SettingsApplicationService } from './SettingsApplication.service';
import { ISettingsDTO } from './Settings.types';
import { ISettingsDTO, PreferencesAction } from './Settings.types';
import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
import { PermissionGuard } from '@/modules/Roles/Permission.guard';
import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
import { AbilitySubject } from '@/modules/Roles/Roles.types';
@Controller('settings')
@ApiTags('Settings')
@UseGuards(AuthorizationGuard, PermissionGuard)
export class SettingsController {
constructor(
private readonly settingsApplicationService: SettingsApplicationService,
) {}
@Put()
@RequirePermission(PreferencesAction.Mutate, AbilitySubject.Preferences)
@ApiOperation({ summary: 'Save the given settings.' })
async saveSettings(@Body() settingsDTO: ISettingsDTO) {
return this.settingsApplicationService.saveSettings(settingsDTO);