npm - @boarteam/boar-pack-users-backend - Versions diffs - 6.6.0 → 6.7.0 - Mend

@boarteam/boar-pack-users-backend 6.6.0 → 6.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/package.json +2 -2
package/src/audit-logs/audit-logs.controller.ts +37 -2
package/src/casl/casl-ability.factory.ts +1 -1

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@boarteam/boar-pack-users-backend",
-  "version": "6.6.0",
+  "version": "6.7.0",
   "description": "NestJS Users module including permissions system, authentication strategies etc",
   "main": "src/index",
   "files": [
@@ -64,5 +64,5 @@
     "yalc:push": "yalc push",
     "gen-types": "SWAGGER=true JWT_SECRET=swagger nest start"
   },
-  "gitHead": "0c74a3f6b2b7e986124cac71a55467b9b8c25b63"
+  "gitHead": "a701f41e1d4c51394193a5bb7877e037cb8fab89"
 }

package/src/audit-logs/audit-logs.controller.ts CHANGED Viewed

@@ -1,10 +1,13 @@
-import { Controller } from '@nestjs/common';
+import { Controller, Req, UnauthorizedException } from '@nestjs/common';
 import { ApiTags } from '@nestjs/swagger';
-import { Crud, CrudController } from '@dataui/crud';
+import { Crud, CrudController, CrudRequest, Override, ParsedRequest } from '@dataui/crud';
 import { CheckPolicies } from "@boarteam/boar-pack-users-backend";
 import { AuditLogsService } from './audit-logs.service';
 import { AuditLog } from './entities/audit-log.entity';
 import { ViewAuditLogsPolicy } from "./policies/view-audit-logs.policy";
+import { Action, CaslAbilityFactory, Subjects } from "../casl";
+import { Request } from "express";
+import { TUser } from "../users";
 @Crud({
   model: {
@@ -35,5 +38,37 @@ import { ViewAuditLogsPolicy } from "./policies/view-audit-logs.policy";
 export class AuditLogsController implements CrudController<AuditLog>{
   constructor(
     readonly service: AuditLogsService,
+    private readonly caslAbilityFactory: CaslAbilityFactory,
   ) {}
+  get base(): CrudController<AuditLog> {
+    return this;
+  }
+  @Override('getManyBase')
+  async getMany(
+    @Req() request: Request,
+    @ParsedRequest() req: CrudRequest<TUser>,
+  ) {
+    const user = request.user;
+    if (!user) {
+      throw new UnauthorizedException();
+    }
+    const ability = await this.caslAbilityFactory.createForUser(user);
+    if (ability.cannot(Action.Manage, 'all')) {
+      const tablesNames = this.service.repo.manager.connection.entityMetadatas
+        .filter(meta => meta.target instanceof Function && ability.can(Action.Manage, meta.target as Subjects))
+        .map(meta => meta.tableName);
+      req.parsed.search = {
+        $and: [
+          req.parsed.search,
+          { tableName: { $in: tablesNames } },
+        ],
+      }
+    }
+    return this.base.getManyBase!(req);
+  }
 }

package/src/casl/casl-ability.factory.ts CHANGED Viewed

@@ -31,7 +31,7 @@ export type TTextSubjects = 'all';
 export type TSubjectsNames =
   | keyof TSubjects
   | TTextSubjects;
-type Subjects =
+export type Subjects =
   | InferSubjects<TSubjects[keyof TSubjects]>
   | TTextSubjects;