mirror of
https://github.com/bigcapitalhq/bigcapital.git
synced 2026-02-17 13:20:31 +00:00
fix(server): premissions guard for read and write endpoints
This commit is contained in:
@@ -6,6 +6,7 @@ import {
|
||||
Param,
|
||||
Post,
|
||||
Put,
|
||||
UseGuards,
|
||||
} from '@nestjs/common';
|
||||
import { TaxRatesApplication } from './TaxRate.application';
|
||||
import {
|
||||
@@ -18,15 +19,22 @@ import {
|
||||
import { CreateTaxRateDto, EditTaxRateDto } from './dtos/TaxRate.dto';
|
||||
import { TaxRateResponseDto } from './dtos/TaxRateResponse.dto';
|
||||
import { ApiCommonHeaders } from '@/common/decorators/ApiCommonHeaders';
|
||||
import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
|
||||
import { PermissionGuard } from '@/modules/Roles/Permission.guard';
|
||||
import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
|
||||
import { AbilitySubject } from '@/modules/Roles/Roles.types';
|
||||
import { TaxRateAction } from './TaxRates.types';
|
||||
|
||||
@Controller('tax-rates')
|
||||
@ApiTags('Tax Rates')
|
||||
@ApiExtraModels(TaxRateResponseDto)
|
||||
@ApiCommonHeaders()
|
||||
@UseGuards(AuthorizationGuard, PermissionGuard)
|
||||
export class TaxRatesController {
|
||||
constructor(private readonly taxRatesApplication: TaxRatesApplication) { }
|
||||
|
||||
@Post()
|
||||
@RequirePermission(TaxRateAction.CREATE, AbilitySubject.TaxRate)
|
||||
@ApiOperation({ summary: 'Create a new tax rate.' })
|
||||
@ApiResponse({
|
||||
status: 201,
|
||||
@@ -38,6 +46,7 @@ export class TaxRatesController {
|
||||
}
|
||||
|
||||
@Put(':id')
|
||||
@RequirePermission(TaxRateAction.EDIT, AbilitySubject.TaxRate)
|
||||
@ApiOperation({ summary: 'Edit the given tax rate.' })
|
||||
@ApiResponse({
|
||||
status: 200,
|
||||
@@ -54,6 +63,7 @@ export class TaxRatesController {
|
||||
}
|
||||
|
||||
@Delete(':id')
|
||||
@RequirePermission(TaxRateAction.DELETE, AbilitySubject.TaxRate)
|
||||
@ApiOperation({ summary: 'Delete the given tax rate.' })
|
||||
@ApiResponse({
|
||||
status: 200,
|
||||
@@ -67,6 +77,7 @@ export class TaxRatesController {
|
||||
}
|
||||
|
||||
@Get(':id')
|
||||
@RequirePermission(TaxRateAction.VIEW, AbilitySubject.TaxRate)
|
||||
@ApiOperation({ summary: 'Retrieves the tax rate details.' })
|
||||
@ApiResponse({
|
||||
status: 200,
|
||||
@@ -80,6 +91,7 @@ export class TaxRatesController {
|
||||
}
|
||||
|
||||
@Get()
|
||||
@RequirePermission(TaxRateAction.VIEW, AbilitySubject.TaxRate)
|
||||
@ApiOperation({ summary: 'Retrieves the tax rates.' })
|
||||
@ApiResponse({
|
||||
status: 200,
|
||||
@@ -101,6 +113,7 @@ export class TaxRatesController {
|
||||
}
|
||||
|
||||
@Put(':id/activate')
|
||||
@RequirePermission(TaxRateAction.EDIT, AbilitySubject.TaxRate)
|
||||
@ApiOperation({ summary: 'Activate the given tax rate.' })
|
||||
@ApiResponse({
|
||||
status: 200,
|
||||
@@ -114,6 +127,7 @@ export class TaxRatesController {
|
||||
}
|
||||
|
||||
@Put(':id/inactivate')
|
||||
@RequirePermission(TaxRateAction.EDIT, AbilitySubject.TaxRate)
|
||||
@ApiOperation({ summary: 'Inactivate the given tax rate.' })
|
||||
@ApiResponse({
|
||||
status: 200,
|
||||
|
||||
Reference in New Issue
Block a user