QT/bigcapital
1
0
Fork 0
mirror of https://github.com/bigcapitalhq/bigcapital.git synced 2026-02-17 13:20:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(server): premissions guard for read and write endpoints

Browse Source
This commit is contained in:
Ahmed Bouhuolia
2026-02-15 22:55:10 +02:00
parent af80afcf59
commit 2d39e38578
31 changed files with 423 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
packages/server/src/modules/TaxRates/TaxRate.controller.ts
View File

@@ -6,6 +6,7 @@ import {
Param,
Post,
Put,
UseGuards,
} from '@nestjs/common';
import { TaxRatesApplication } from './TaxRate.application';
import {
@@ -18,15 +19,22 @@ import {
import { CreateTaxRateDto, EditTaxRateDto } from './dtos/TaxRate.dto';
import { TaxRateResponseDto } from './dtos/TaxRateResponse.dto';
import { ApiCommonHeaders } from '@/common/decorators/ApiCommonHeaders';
import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
import { PermissionGuard } from '@/modules/Roles/Permission.guard';
import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
import { AbilitySubject } from '@/modules/Roles/Roles.types';
import { TaxRateAction } from './TaxRates.types';
@Controller('tax-rates')
@ApiTags('Tax Rates')
@ApiExtraModels(TaxRateResponseDto)
@ApiCommonHeaders()
@UseGuards(AuthorizationGuard, PermissionGuard)
export class TaxRatesController {
constructor(private readonly taxRatesApplication: TaxRatesApplication) { }
@Post()
@RequirePermission(TaxRateAction.CREATE, AbilitySubject.TaxRate)
@ApiOperation({ summary: 'Create a new tax rate.' })
@ApiResponse({
status: 201,
@@ -38,6 +46,7 @@ export class TaxRatesController {
}
@Put(':id')
@RequirePermission(TaxRateAction.EDIT, AbilitySubject.TaxRate)
@ApiOperation({ summary: 'Edit the given tax rate.' })
@ApiResponse({
status: 200,
@@ -54,6 +63,7 @@ export class TaxRatesController {
}
@Delete(':id')
@RequirePermission(TaxRateAction.DELETE, AbilitySubject.TaxRate)
@ApiOperation({ summary: 'Delete the given tax rate.' })
@ApiResponse({
status: 200,
@@ -67,6 +77,7 @@ export class TaxRatesController {
}
@Get(':id')
@RequirePermission(TaxRateAction.VIEW, AbilitySubject.TaxRate)
@ApiOperation({ summary: 'Retrieves the tax rate details.' })
@ApiResponse({
status: 200,
@@ -80,6 +91,7 @@ export class TaxRatesController {
}
@Get()
@RequirePermission(TaxRateAction.VIEW, AbilitySubject.TaxRate)
@ApiOperation({ summary: 'Retrieves the tax rates.' })
@ApiResponse({
status: 200,
@@ -101,6 +113,7 @@ export class TaxRatesController {
}
@Put(':id/activate')
@RequirePermission(TaxRateAction.EDIT, AbilitySubject.TaxRate)
@ApiOperation({ summary: 'Activate the given tax rate.' })
@ApiResponse({
status: 200,
@@ -114,6 +127,7 @@ export class TaxRatesController {
}
@Put(':id/inactivate')
@RequirePermission(TaxRateAction.EDIT, AbilitySubject.TaxRate)
@ApiOperation({ summary: 'Inactivate the given tax rate.' })
@ApiResponse({
status: 200,