mirror of
https://github.com/bigcapitalhq/bigcapital.git
synced 2026-02-18 22:00:31 +00:00
refactor: implement tenant database management and seeding utilities
This commit is contained in:
Ahmed Bouhuolia
13
packages/server-nest/src/modules/Roles/Roles.utils.ts
Normal file
13
packages/server-nest/src/modules/Roles/Roles.utils.ts
Normal file
@@ -0,0 +1,13 @@
|
||||
import { ServiceError } from '../Items/ServiceError';
|
||||
import { ERRORS } from './constants';
|
||||
import { Role } from './models/Role.model';
|
||||
|
||||
/**
|
||||
* Valdiates role is not predefined.
|
||||
* @param {IRole} role - Role object.
|
||||
*/
|
||||
export const validateRoleNotPredefined = (role: Role) => {
|
||||
if (role.predefined) {
|
||||
throw new ServiceError(ERRORS.ROLE_PREFINED);
|
||||
}
|
||||
};
|
||||
@@ -7,6 +7,7 @@ import { events } from '@/common/events/events';
|
||||
import { CreateRoleDto } from '../dtos/Role.dto';
|
||||
import { TenantModelProxy } from '@/modules/System/models/TenantBaseModel';
|
||||
import { Inject, Injectable } from '@nestjs/common';
|
||||
import { validateInvalidPermissions } from '../utils';
|
||||
|
||||
@Injectable()
|
||||
export class CreateRoleService {
|
||||
@@ -25,7 +26,7 @@ export class CreateRoleService {
|
||||
*/
|
||||
public async createRole(createRoleDTO: CreateRoleDto) {
|
||||
// Validates the invalid permissions.
|
||||
this.validateInvalidPermissions(createRoleDTO.permissions);
|
||||
validateInvalidPermissions(createRoleDTO.permissions);
|
||||
|
||||
// Transformes the permissions DTO.
|
||||
const permissions = createRoleDTO.permissions;
|
||||
|
||||
@@ -1,8 +1,5 @@
|
||||
|
||||
import { Knex } from 'knex';
|
||||
import {
|
||||
IRoleDeletedPayload,
|
||||
} from '../Roles.types';
|
||||
import { IRoleDeletedPayload } from '../Roles.types';
|
||||
import { TenantModelProxy } from '../../System/models/TenantBaseModel';
|
||||
import { Role } from '../models/Role.model';
|
||||
import { RolePermission } from '../models/RolePermission.model';
|
||||
@@ -10,30 +7,42 @@ import { EventEmitter2 } from '@nestjs/event-emitter';
|
||||
import { events } from '@/common/events/events';
|
||||
import { Inject, Injectable } from '@nestjs/common';
|
||||
import { UnitOfWork } from '@/modules/Tenancy/TenancyDB/UnitOfWork.service';
|
||||
import { validateRoleNotPredefined } from '../Roles.utils';
|
||||
import { TenantUser } from '@/modules/Tenancy/TenancyModels/models/TenantUser.model';
|
||||
import { ServiceError } from '@/modules/Items/ServiceError';
|
||||
import { ERRORS } from '../constants';
|
||||
|
||||
@Injectable()
|
||||
export class DeleteRoleService {
|
||||
|
||||
constructor(
|
||||
private readonly uow: UnitOfWork,
|
||||
private readonly eventPublisher: EventEmitter2,
|
||||
|
||||
@Inject(Role.name)
|
||||
private readonly roleModel: TenantModelProxy<typeof Role>,
|
||||
|
||||
@Inject(RolePermission.name)
|
||||
private readonly rolePermissionModel: TenantModelProxy<
|
||||
typeof RolePermission
|
||||
>,
|
||||
|
||||
@Inject(TenantUser.name)
|
||||
private readonly tenantUserModel: TenantModelProxy<typeof TenantUser>,
|
||||
) {}
|
||||
|
||||
|
||||
/**
|
||||
* Deletes the given role from the storage.
|
||||
* @param {number} roleId - Role id.
|
||||
*/
|
||||
public async deleteRole(roleId: number): Promise<void> {
|
||||
// Retrieve the given role or throw not found serice error.
|
||||
const oldRole = await this.getRoleOrThrowError(roleId);
|
||||
// Retrieve the given role or throw not found service error.
|
||||
const oldRole = await this.roleModel()
|
||||
.query()
|
||||
.findById(roleId)
|
||||
.throwIfNotFound();
|
||||
|
||||
// Validate role is not predefined.
|
||||
this.validateRoleNotPredefined(oldRole);
|
||||
validateRoleNotPredefined(oldRole);
|
||||
|
||||
// Validates the given role is not associated to any user.
|
||||
await this.validateRoleNotAssociatedToUser(roleId);
|
||||
@@ -57,5 +66,18 @@ export class DeleteRoleService {
|
||||
} as IRoleDeletedPayload);
|
||||
});
|
||||
}
|
||||
/**
|
||||
* Validates the given role is not associated to any tenant users.
|
||||
* @param {number} roleId
|
||||
*/
|
||||
private validateRoleNotAssociatedToUser = async (roleId: number) => {
|
||||
const userAssociatedRole = await this.tenantUserModel()
|
||||
.query()
|
||||
.where('roleId', roleId);
|
||||
|
||||
// Throw service error if the role has associated users.
|
||||
if (userAssociatedRole.length > 0) {
|
||||
throw new ServiceError(ERRORS.CANNT_DELETE_ROLE_ASSOCIATED_TO_USERS);
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
@@ -6,15 +6,14 @@ import { EditRoleDto } from '../dtos/Role.dto';
|
||||
import { Inject, Injectable } from '@nestjs/common';
|
||||
import { TenantModelProxy } from '@/modules/System/models/TenantBaseModel';
|
||||
import { Role } from '../models/Role.model';
|
||||
import { TransformerInjectable } from '@/modules/Transformer/TransformerInjectable.service';
|
||||
import { UnitOfWork } from '@/modules/Tenancy/TenancyDB/UnitOfWork.service';
|
||||
import { validateInvalidPermissions } from '../utils';
|
||||
|
||||
@Injectable()
|
||||
export class EditRoleService {
|
||||
constructor(
|
||||
private readonly uow: UnitOfWork,
|
||||
private readonly eventPublisher: EventEmitter2,
|
||||
private readonly transformer: TransformerInjectable,
|
||||
|
||||
@Inject(Role.name)
|
||||
private readonly roleModel: TenantModelProxy<typeof Role>,
|
||||
@@ -27,11 +26,10 @@ export class EditRoleService {
|
||||
*/
|
||||
public async editRole(roleId: number, editRoleDTO: EditRoleDto) {
|
||||
// Validates the invalid permissions.
|
||||
this.validateInvalidPermissions(editRoleDTO.permissions);
|
||||
validateInvalidPermissions(editRoleDTO.permissions);
|
||||
|
||||
// Retrieve the given role or throw not found serice error.
|
||||
const oldRole = await this.getRoleOrThrowError(roleId);
|
||||
|
||||
const oldRole = await this.roleModel().query().findById(roleId);
|
||||
const permissions = editRoleDTO.permissions;
|
||||
|
||||
// Updates the role on the storage.
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
import { ApiProperty } from '@nestjs/swagger';
|
||||
import { Type } from 'class-transformer';
|
||||
import {
|
||||
IsArray,
|
||||
@@ -12,33 +13,62 @@ import {
|
||||
export class CommandRolePermissionDto {
|
||||
@IsString()
|
||||
@IsNotEmpty()
|
||||
@ApiProperty({
|
||||
example: 'subject',
|
||||
description: 'The subject of the permission',
|
||||
})
|
||||
subject: string;
|
||||
|
||||
@IsString()
|
||||
@IsNotEmpty()
|
||||
@ApiProperty({
|
||||
example: 'read',
|
||||
description: 'The action of the permission',
|
||||
})
|
||||
ability: string;
|
||||
|
||||
@IsBoolean()
|
||||
@IsNotEmpty()
|
||||
@ApiProperty({
|
||||
example: true,
|
||||
description: 'The value of the permission',
|
||||
})
|
||||
value: boolean;
|
||||
|
||||
@IsNumber()
|
||||
@IsNotEmpty()
|
||||
@ApiProperty({
|
||||
example: 1,
|
||||
description: 'The permission ID',
|
||||
})
|
||||
permissionId: number;
|
||||
}
|
||||
|
||||
class CommandRoleDto {
|
||||
@IsString()
|
||||
@IsNotEmpty()
|
||||
@ApiProperty({
|
||||
example: 'admin',
|
||||
description: 'The name of the role',
|
||||
})
|
||||
roleName: string;
|
||||
|
||||
@IsString()
|
||||
@IsNotEmpty()
|
||||
@ApiProperty({
|
||||
example: 'Administrator',
|
||||
description: 'The description of the role',
|
||||
})
|
||||
roleDescription: string;
|
||||
|
||||
@IsArray()
|
||||
@ValidateNested({ each: true })
|
||||
@Type(() => CommandRolePermissionDto)
|
||||
@MinLength(1)
|
||||
@ApiProperty({
|
||||
type: [CommandRolePermissionDto],
|
||||
description: 'The permissions of the role',
|
||||
})
|
||||
permissions: Array<CommandRolePermissionDto>;
|
||||
}
|
||||
|
||||
|
||||
@@ -1,12 +1,12 @@
|
||||
import { Model, mixin } from 'objection';
|
||||
import { TenantBaseModel } from '@/modules/System/models/TenantBaseModel';
|
||||
import RolePermission from './RolePermission.model';
|
||||
|
||||
import { RolePermission } from './RolePermission.model';
|
||||
|
||||
export class Role extends TenantBaseModel {
|
||||
name: string;
|
||||
description: string;
|
||||
slug: string;
|
||||
predefined: boolean;
|
||||
permissions: Array<RolePermission>;
|
||||
|
||||
/**
|
||||
|
||||
@@ -3,13 +3,20 @@ import { RoleTransformer } from './RoleTransformer';
|
||||
import { Role } from '../models/Role.model';
|
||||
import { TransformerInjectable } from '../../Transformer/TransformerInjectable.service';
|
||||
import { ServiceError } from '../../Items/ServiceError';
|
||||
import { Injectable } from '@nestjs/common';
|
||||
import { Inject, Injectable } from '@nestjs/common';
|
||||
import { CommandRolePermissionDto } from '../dtos/Role.dto';
|
||||
import { ERRORS } from '../constants';
|
||||
import { getInvalidPermissions } from '../utils';
|
||||
import { TenantModelProxy } from '@/modules/System/models/TenantBaseModel';
|
||||
|
||||
@Injectable()
|
||||
export class GetRoleService {
|
||||
constructor(private readonly transformer: TransformerInjectable) {}
|
||||
constructor(
|
||||
private readonly transformer: TransformerInjectable,
|
||||
|
||||
@Inject(Role.name)
|
||||
private readonly roleModel: TenantModelProxy<typeof Role>,
|
||||
) {}
|
||||
|
||||
/**
|
||||
* Retrieve the given role metadata.
|
||||
@@ -17,11 +24,11 @@ export class GetRoleService {
|
||||
* @returns {Promise<IRole>}
|
||||
*/
|
||||
public async getRole(roleId: number): Promise<Role> {
|
||||
const role = await Role.query()
|
||||
const role = await this.roleModel()
|
||||
.query()
|
||||
.findById(roleId)
|
||||
.withGraphFetched('permissions');
|
||||
|
||||
this.throwRoleNotFound(role);
|
||||
.withGraphFetched('permissions')
|
||||
.throwIfNotFound();
|
||||
|
||||
return this.transformer.transform(role, new RoleTransformer());
|
||||
}
|
||||
|
||||
@@ -1,5 +1,9 @@
|
||||
import { keyBy } from 'lodash';
|
||||
import { ISubjectAbilitiesSchema } from './Roles.types';
|
||||
import { CommandRolePermissionDto } from './dtos/Role.dto';
|
||||
import { AbilitySchema } from './AbilitySchema';
|
||||
import { ServiceError } from '../Items/ServiceError';
|
||||
import { ERRORS } from './constants';
|
||||
|
||||
/**
|
||||
* Transformes ability schema to map.
|
||||
@@ -11,19 +15,19 @@ export function transformAbilitySchemaToMap(schema: ISubjectAbilitiesSchema[]) {
|
||||
abilities: keyBy(item.abilities, 'key'),
|
||||
extraAbilities: keyBy(item.extraAbilities, 'key'),
|
||||
})),
|
||||
'subject'
|
||||
'subject',
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve the invalid permissions from the given defined schema.
|
||||
* @param {ISubjectAbilitiesSchema[]} schema
|
||||
* @param permissions
|
||||
* @returns
|
||||
* @param {ISubjectAbilitiesSchema[]} schema
|
||||
* @param permissions
|
||||
* @returns
|
||||
*/
|
||||
export function getInvalidPermissions(
|
||||
schema: ISubjectAbilitiesSchema[],
|
||||
permissions
|
||||
permissions,
|
||||
) {
|
||||
const schemaMap = transformAbilitySchemaToMap(schema);
|
||||
|
||||
@@ -40,3 +44,19 @@ export function getInvalidPermissions(
|
||||
return false;
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* Validates the invalid given permissions.
|
||||
* @param {ICreateRolePermissionDTO[]} permissions -
|
||||
*/
|
||||
export const validateInvalidPermissions = (
|
||||
permissions: CommandRolePermissionDto[],
|
||||
) => {
|
||||
const invalidPerms = getInvalidPermissions(AbilitySchema, permissions);
|
||||
|
||||
if (invalidPerms.length > 0) {
|
||||
throw new ServiceError(ERRORS.INVALIDATE_PERMISSIONS, null, {
|
||||
invalidPermissions: invalidPerms,
|
||||
});
|
||||
}
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user