ported NotificationAccessInterceptor

bcgov · Oct 25, 2023 · d0101ce · d0101ce
1 parent 9ca738d
commit d0101ce
Show file tree

Hide file tree

Showing 4 changed files with 86 additions and 8 deletions.
diff --git a/notify-bc-lb/src/interceptors/notification-access.interceptor.ts b/notify-bc-lb/src/interceptors/notification-access.interceptor.ts
@@ -12,6 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+// file ported
 import {
   injectable,
   Interceptor,

diff --git a/src/api/notifications/notifications.controller.ts b/src/api/notifications/notifications.controller.ts
@@ -130,7 +130,7 @@ export class NotificationsController extends BaseController {
       if (!currUser) {
         throw new HttpException(undefined, HttpStatus.FORBIDDEN);
       }
-      const instance = await this.notificationsService.findOne({
+      const instance = await this.notificationsService.findOne(this.req, {
         where: { id },
       });
       if (instance?.channel !== 'inApp') {
@@ -187,15 +187,20 @@ export class NotificationsController extends BaseController {
     @JsonQuery('filter')
     filter: Omit<FilterDto<Notification>, 'where'>,
   ): Promise<Notification | null> {
-    return this.notificationsService.findOne({ ...filter, where: { id } });
+    return this.notificationsService.findOne(this.req, {
+      ...filter,
+      where: { id },
+    });
   }
 
   @Delete(':id')
   @ApiNoContentResponse({ description: 'Notification DELETE success' })
   @ApiForbiddenResponse({ description: 'Forbidden' })
   @HttpCode(204)
   async deleteById(@Param('id') id: string): Promise<void> {
-    const data = await this.notificationsService.findOne({ where: { id } });
+    const data = await this.notificationsService.findOne(this.req, {
+      where: { id },
+    });
     if (!data) throw new HttpException(undefined, HttpStatus.NOT_FOUND);
     data.state = 'deleted';
     await this.updateById(id, data);
@@ -225,7 +230,7 @@ export class NotificationsController extends BaseController {
     @JsonQuery('filter')
     filter: FilterDto<Notification>,
   ): Promise<Notification[]> {
-    const res = await this.notificationsService.findAll(filter);
+    const res = await this.notificationsService.findAll(this.req, filter);
     if (res.length === 0) {
       return res;
     }
@@ -272,7 +277,7 @@ export class NotificationsController extends BaseController {
         this.chunkRequestAborted = true;
       });
     }
-    const notification = await this.notificationsService.findOne({
+    const notification = await this.notificationsService.findOne(this.req, {
       where: { id },
     });
     if (!notification) throw new HttpException(undefined, HttpStatus.NOT_FOUND);

diff --git a/src/api/notifications/notifications.service.ts b/src/api/notifications/notifications.service.ts
@@ -1,7 +1,11 @@
-import { Injectable } from '@nestjs/common';
+import { HttpException, HttpStatus, Injectable } from '@nestjs/common';
 import { InjectModel } from '@nestjs/mongoose';
-import { Model } from 'mongoose';
+import { Request } from 'express';
+import { FilterQuery, Model } from 'mongoose';
+import { Role } from 'src/auth/constants';
+import { UserProfile } from 'src/auth/dto/user-profile.dto';
 import { BaseService } from '../common/base.service';
+import { FilterDto } from '../common/dto/filter.dto';
 import { Notification } from './entities/notification.entity';
 
 @Injectable()
@@ -12,4 +16,64 @@ export class NotificationsService extends BaseService<Notification> {
   ) {
     super(model);
   }
+
+  accessInterceptor(
+    req: Request & { user: UserProfile },
+    where: FilterQuery<Notification>,
+  ): FilterQuery<Notification> {
+    if ([Role.Admin, Role.SuperAdmin].includes(req.user?.role)) return where;
+    if (req.user?.role !== Role.AuthenticatedUser)
+      throw new HttpException(undefined, HttpStatus.FORBIDDEN);
+
+    return {
+      $and: [
+        where || {},
+        { channel: 'inApp' },
+        {
+          $or: [
+            { isBroadcast: true },
+            {
+              $or: [
+                { userChannelId: req.user.securityId },
+                { userId: req.user.securityId },
+              ],
+            },
+          ],
+        },
+      ],
+    };
+  }
+
+  findAll(
+    req: Request & { user: UserProfile },
+    filter: FilterDto<Notification> = {},
+  ) {
+    filter.where = this.accessInterceptor(req, filter.where);
+    return super.findAll(filter);
+  }
+
+  async findOne(
+    req: Request & { user: UserProfile },
+    filter: FilterDto<Notification> = {},
+  ): Promise<Notification> {
+    filter.where = this.accessInterceptor(req, filter.where);
+    return super.findOne(filter);
+  }
+
+  updateAll(
+    updateDto,
+    where: FilterQuery<Notification> | null,
+    req: Request & { user: UserProfile },
+  ) {
+    where = this.accessInterceptor(req, where);
+    return super.updateAll(updateDto, where, req);
+  }
+
+  async removeAll(
+    req: Request & { user: UserProfile },
+    where?: FilterQuery<Notification>,
+  ) {
+    where = this.accessInterceptor(req, where);
+    return super.removeAll(where);
+  }
 }
diff --git a/src/api/subscriptions/subscriptions.service.ts b/src/api/subscriptions/subscriptions.service.ts
@@ -28,7 +28,15 @@ export class SubscriptionsService extends BaseService<Subscription> {
   ): FilterQuery<Subscription> {
     if (req.user?.role !== Role.AuthenticatedUser) return where;
     return {
-      $and: [where || {}, { userId: req.user.securityId }],
+      $and: [
+        where || {},
+        { userId: req.user.securityId },
+        {
+          state: {
+            $ne: 'deleted',
+          },
+        },
+      ],
     };
   }