@flusys/nestjs-form-builder 1.0.0-beta → 1.0.0

package/fesm/services/form-result.service.js

@@ -36,27 +36,68 @@ import { FormBuilderDataSourceProvider } from './form-builder-datasource.provide
 import { validateUserPermissions } from '../utils/permission.utils';
 import { calculateComputedFields } from '../utils/computed-field.utils';
 export class FormResultService extends RequestScopedApiService {
-    /**
-   * Resolve entity class for this service
-   * @returns FormResult (same entity regardless of company feature)
-   */ resolveEntity() {
+    resolveEntity() {
         return FormResult;
     }
-    /**
-   * Get DataSource provider for this service
-   * @returns FormBuilderDataSourceProvider instance
-   */ getDataSourceProvider() {
+    getDataSourceProvider() {
         return this.dataSourceProvider;
     }
-    /**
-   * Initialize form repository for form lookups
-   */ async ensureFormRepositoryInitialized() {
+    async ensureFormRepositoryInitialized() {
         if (!this.formRepository) {
             const enableCompanyFeature = this.formBuilderConfig.isCompanyFeatureEnabled();
             const formEntity = enableCompanyFeature ? FormWithCompany : Form;
             this.formRepository = await this.dataSourceProvider.getRepository(formEntity);
         }
     }
+    async getActiveForm(formId) {
+        await this.ensureFormRepositoryInitialized();
+        const form = await this.formRepository.findOne({
+            where: {
+                id: formId,
+                isActive: true,
+                deletedAt: IsNull()
+            }
+        });
+        if (!form) {
+            throw new NotFoundException('Form not found or inactive');
+        }
+        return form;
+    }
+    applyCompanyFilterToQuery(query, user) {
+        if (this.formBuilderConfig.isCompanyFeatureEnabled() && user?.companyId) {
+            query.innerJoin('form', 'f', 'f.id = form_result.formId').andWhere('f.company_id = :companyId', {
+                companyId: user.companyId
+            });
+        }
+    }
+    async validateSubmissionAccess(form, user, isPublic) {
+        if (isPublic) {
+            if (form.accessType !== FormAccessType.PUBLIC) {
+                throw new UnauthorizedException('This form is not available for public submission');
+            }
+            return;
+        }
+        if (form.accessType === FormAccessType.PUBLIC) return;
+        if (!user) {
+            throw new UnauthorizedException('Authentication required to submit this form');
+        }
+        if (form.accessType === FormAccessType.ACTION_GROUP && form.actionGroups?.length) {
+            const hasPermission = await validateUserPermissions(user, form.actionGroups, this.cacheManager, this.formBuilderConfig.isCompanyFeatureEnabled(), this.logger, 'submitting form', form.id);
+            if (!hasPermission) {
+                throw new ForbiddenException('You do not have permission to submit this form');
+            }
+        } else if (form.accessType !== FormAccessType.AUTHENTICATED) {
+            throw new BadRequestException('Invalid form access type');
+        }
+    }
+    buildUserDraftWhere(formId, userId) {
+        return {
+            formId,
+            submittedById: userId,
+            isDraft: true,
+            deletedAt: IsNull()
+        };
+    }
     // Query Customization
     async getSelectQuery(query, _user, select) {
         if (!select || !select.length) {
@@ -81,22 +122,28 @@ export class FormResultService extends RequestScopedApiService {
             isRaw: false
         };
     }
-    /**
-   * Override: Extra query manipulation - Auto-filter by user's company via Form
-   */ async getExtraManipulateQuery(query, filterDto, user) {
+    async getExtraManipulateQuery(query, filterDto, user) {
         const result = await super.getExtraManipulateQuery(query, filterDto, user);
-        // If company feature enabled and user has companyId, filter via Form's company
-        const enableCompanyFeature = this.formBuilderConfig.isCompanyFeatureEnabled();
-        if (enableCompanyFeature && user?.companyId) {
-            query.innerJoin('form', 'f', 'f.id = form_result.formId').andWhere('f.company_id = :companyId', {
-                companyId: user.companyId
-            });
-        }
+        this.applyCompanyFilterToQuery(query, user);
         return result;
     }
-    /**
-   * Override: Convert entity to response DTO
-   */ convertEntityToResponseDto(entity, _isRaw) {
+    applyComputedFields(data, form, isDraft) {
+        if (isDraft) {
+            return data;
+        }
+        const schema = form.schema;
+        const settings = schema?.settings;
+        const computedFields = settings?.computedFields;
+        if (!computedFields || computedFields.length === 0) {
+            return data;
+        }
+        const computedValues = calculateComputedFields(data, computedFields);
+        return {
+            ...data,
+            _computed: computedValues
+        };
+    }
+    convertEntityToResponseDto(entity, _isRaw) {
         return {
             id: entity.id,
             formId: entity.formId,
@@ -116,137 +163,55 @@ export class FormResultService extends RequestScopedApiService {
         };
     }
     // Form Submission
-    /**
-   * Submit a form (authenticated or public)
-   */ async submitForm(dto, user, isPublic = false) {
+    async submitForm(dto, user, isPublic = false) {
         await this.ensureRepositoryInitialized();
-        await this.ensureFormRepositoryInitialized();
-        // Get the form
-        const form = await this.formRepository.findOne({
-            where: {
-                id: dto.formId,
-                isActive: true,
-                deletedAt: IsNull()
-            }
-        });
-        if (!form) {
-            throw new NotFoundException('Form not found or inactive');
-        }
-        // Validate access
-        if (isPublic) {
-            if (form.accessType !== FormAccessType.PUBLIC) {
-                throw new UnauthorizedException('This form is not available for public submission');
-            }
-        } else {
-            // For non-public submissions
-            switch(form.accessType){
-                case FormAccessType.PUBLIC:
-                    break;
-                case FormAccessType.AUTHENTICATED:
-                    if (!user) {
-                        throw new UnauthorizedException('Authentication required to submit this form');
-                    }
-                    break;
-                case FormAccessType.ACTION_GROUP:
-                    if (!user) {
-                        throw new UnauthorizedException('Authentication required to submit this form');
-                    }
-                    // Validate user has at least one of the required permissions
-                    if (form.actionGroups?.length) {
-                        const hasPermission = await validateUserPermissions(user, form.actionGroups, this.cacheManager, this.formBuilderConfig.isCompanyFeatureEnabled(), this.logger, 'submitting form', form.id);
-                        if (!hasPermission) {
-                            throw new ForbiddenException('You do not have permission to submit this form');
-                        }
-                    }
-                    break;
-                default:
-                    throw new BadRequestException('Invalid form access type');
-            }
-        }
+        const form = await this.getActiveForm(dto.formId);
+        await this.validateSubmissionAccess(form, user, isPublic);
         const isDraft = dto.isDraft ?? false;
-        // For authenticated users with drafts
+        // Handle existing draft for authenticated users
         if (user?.id) {
-            // Check for existing draft
             const existingDraft = await this.repository.findOne({
-                where: {
-                    formId: dto.formId,
-                    submittedById: user.id,
-                    isDraft: true,
-                    deletedAt: IsNull()
-                }
+                where: this.buildUserDraftWhere(dto.formId, user.id)
             });
             if (existingDraft) {
                 if (isDraft) {
-                    // Update existing draft instead of creating new one
-                    existingDraft.data = dto.data;
-                    existingDraft.schemaVersionSnapshot = form.schema;
-                    existingDraft.schemaVersion = form.schemaVersion;
-                    existingDraft.submittedAt = new Date();
-                    existingDraft.metadata = dto.metadata ?? existingDraft.metadata;
+                    Object.assign(existingDraft, {
+                        data: dto.data,
+                        schemaVersionSnapshot: form.schema,
+                        schemaVersion: form.schemaVersion,
+                        submittedAt: new Date(),
+                        metadata: dto.metadata ?? existingDraft.metadata
+                    });
                     const saved = await this.repository.save(existingDraft);
                     return this.convertEntityToResponseDto(saved, false);
-                } else {
-                    // Final submission: delete existing draft first
-                    await this.repository.softRemove(existingDraft);
                 }
+                await this.repository.softRemove(existingDraft);
             }
         }
-        // Calculate computed fields if this is a final submission (not draft)
-        let finalData = dto.data;
-        if (!isDraft) {
-            const schema = form.schema;
-            const settings = schema?.settings;
-            const computedFields = settings?.computedFields;
-            if (computedFields && computedFields.length > 0) {
-                const computedValues = calculateComputedFields(dto.data, computedFields);
-                // Merge computed values with submitted data (computed fields use their key as the property name)
-                finalData = {
-                    ...dto.data,
-                    _computed: computedValues
-                };
-            }
-        }
-        // Create the result with schema snapshot
-        const resultData = {
+        const saved = await this.repository.save({
             formId: dto.formId,
             schemaVersionSnapshot: form.schema,
             schemaVersion: form.schemaVersion,
-            data: finalData,
+            data: this.applyComputedFields(dto.data, form, isDraft),
             submittedById: user?.id ?? null,
             submittedAt: new Date(),
             isDraft,
             metadata: dto.metadata ?? null
-        };
-        const saved = await this.repository.save(resultData);
+        });
         return this.convertEntityToResponseDto(saved, false);
     }
-    /**
-   * Get user's draft for a specific form
-   * Returns the most recent draft if exists, null otherwise
-   */ async getMyDraft(formId, user) {
+    async getMyDraft(formId, user) {
         await this.ensureRepositoryInitialized();
         const draft = await this.repository.findOne({
-            where: {
-                formId,
-                submittedById: user.id,
-                isDraft: true,
-                deletedAt: IsNull()
-            },
+            where: this.buildUserDraftWhere(formId, user.id),
             order: {
                 updatedAt: 'DESC'
             }
         });
-        if (!draft) {
-            return null;
-        }
-        return this.convertEntityToResponseDto(draft, false);
+        return draft ? this.convertEntityToResponseDto(draft, false) : null;
     }
-    /**
-   * Update existing draft or convert to submission
-   */ async updateDraft(draftId, dto, user) {
+    async updateDraft(draftId, dto, user) {
         await this.ensureRepositoryInitialized();
-        await this.ensureFormRepositoryInitialized();
-        // Find the draft
         const draft = await this.repository.findOne({
             where: {
                 id: draftId,
@@ -257,74 +222,35 @@ export class FormResultService extends RequestScopedApiService {
         if (!draft) {
             throw new NotFoundException('Draft not found');
         }
-        // Get form for fresh schema snapshot (in case form was updated)
-        const form = await this.formRepository.findOne({
-            where: {
-                id: dto.formId,
-                isActive: true,
-                deletedAt: IsNull()
-            }
-        });
-        if (!form) {
-            throw new NotFoundException('Form not found or inactive');
-        }
+        const form = await this.getActiveForm(dto.formId);
         const isDraft = dto.isDraft ?? false;
-        // Calculate computed fields if this is a final submission (not draft)
-        let finalData = dto.data;
-        if (!isDraft) {
-            const schema = form.schema;
-            const settings = schema?.settings;
-            const computedFields = settings?.computedFields;
-            if (computedFields && computedFields.length > 0) {
-                const computedValues = calculateComputedFields(dto.data, computedFields);
-                finalData = {
-                    ...dto.data,
-                    _computed: computedValues
-                };
-            }
-        }
-        // Update the draft
-        draft.data = finalData;
-        draft.schemaVersionSnapshot = form.schema;
-        draft.schemaVersion = form.schemaVersion;
-        draft.submittedAt = new Date();
-        draft.isDraft = isDraft;
-        draft.metadata = dto.metadata ?? draft.metadata;
+        Object.assign(draft, {
+            data: this.applyComputedFields(dto.data, form, isDraft),
+            schemaVersionSnapshot: form.schema,
+            schemaVersion: form.schemaVersion,
+            submittedAt: new Date(),
+            isDraft,
+            metadata: dto.metadata ?? draft.metadata
+        });
         const saved = await this.repository.save(draft);
         return this.convertEntityToResponseDto(saved, false);
     }
-    /**
-   * Get results for a specific form
-   */ async getByFormId(formId, user, pagination) {
+    async getByFormId(formId, user, pagination) {
         await this.ensureRepositoryInitialized();
-        const query = this.repository.createQueryBuilder(this.entityName);
-        query.where('form_result.formId = :formId', {
+        const query = this.repository.createQueryBuilder(this.entityName).where('form_result.formId = :formId', {
             formId
-        });
-        query.andWhere('form_result.deletedAt IS NULL');
-        // Apply company filter via Form if enabled
-        const enableCompanyFeature = this.formBuilderConfig.isCompanyFeatureEnabled();
-        if (enableCompanyFeature && user?.companyId) {
-            query.innerJoin('form', 'f', 'f.id = form_result.formId').andWhere('f.company_id = :companyId', {
-                companyId: user.companyId
-            });
-        }
-        // Pagination
+        }).andWhere('form_result.deletedAt IS NULL');
+        this.applyCompanyFilterToQuery(query, user);
         const page = pagination?.page ?? 0;
         const pageSize = pagination?.pageSize ?? 10;
-        query.skip(page * pageSize).take(pageSize);
-        query.orderBy('form_result.submittedAt', 'DESC');
+        query.skip(page * pageSize).take(pageSize).orderBy('form_result.submittedAt', 'DESC');
         const [entities, total] = await query.getManyAndCount();
-        const data = entities.map((e)=>this.convertEntityToResponseDto(e, false));
         return {
-            data,
+            data: entities.map((e)=>this.convertEntityToResponseDto(e, false)),
             total
         };
     }
-    /**
-   * Check if user has already submitted this form (non-draft)
-   * Used for single response mode
-   */ async hasUserSubmitted(formId, user) {
+    async hasUserSubmitted(formId, user) {
         await this.ensureRepositoryInitialized();
         const count = await this.repository.count({
             where: {

package/fesm/services/form.service.js

@@ -27,6 +27,7 @@ function _ts_param(paramIndex, decorator) {
 }
 import { RequestScopedApiService, HybridCache } from '@flusys/nestjs-shared/classes';
 import { UtilsService } from '@flusys/nestjs-shared/modules';
+import { applyCompanyFilter } from '@flusys/nestjs-shared/utils';
 import { BadRequestException, ForbiddenException, Inject, Injectable, NotFoundException, Scope, UnauthorizedException } from '@nestjs/common';
 import { IsNull } from 'typeorm';
 import { FormBuilderConfigService } from './form-builder-config.service';
@@ -35,17 +36,11 @@ import { FormAccessType } from '../enums/form-access-type.enum';
 import { FormBuilderDataSourceProvider } from './form-builder-datasource.provider';
 import { validateUserPermissions } from '../utils/permission.utils';
 export class FormService extends RequestScopedApiService {
-    /**
-   * Resolve entity class for this service
-   * @returns Form or FormWithCompany based on configuration
-   */ resolveEntity() {
+    resolveEntity() {
         const enableCompanyFeature = this.formBuilderConfig.isCompanyFeatureEnabled();
         return enableCompanyFeature ? FormWithCompany : Form;
     }
-    /**
-   * Get DataSource provider for this service
-   * @returns FormBuilderDataSourceProvider instance
-   */ getDataSourceProvider() {
+    getDataSourceProvider() {
         return this.dataSourceProvider;
     }
     // Entity Conversion
@@ -84,7 +79,7 @@ export class FormService extends RequestScopedApiService {
                     form.companyId = dto.companyId;
                 }
                 // If companyId is not in form at all, set from user
-                if (!('companyId' in form) || form.companyId === undefined) {
+                if (form.companyId === undefined) {
                     form.companyId = user?.companyId ?? null;
                 }
             } else {
@@ -122,22 +117,18 @@ export class FormService extends RequestScopedApiService {
             isRaw: false
         };
     }
-    /**
-   * Override: Extra query manipulation - Auto-filter by user's company
-   */ async getExtraManipulateQuery(query, filterDto, user) {
+    async getExtraManipulateQuery(query, filterDto, user) {
         const result = await super.getExtraManipulateQuery(query, filterDto, user);
-        // If company feature enabled and user has companyId, filter by user's company
-        const enableCompanyFeature = this.formBuilderConfig.isCompanyFeatureEnabled();
-        if (enableCompanyFeature && user?.companyId) {
-            query.andWhere('form.companyId = :companyId', {
-                companyId: user.companyId
-            });
-        }
+        // Apply company filter using shared utility
+        applyCompanyFilter(query, {
+            isCompanyFeatureEnabled: this.formBuilderConfig.isCompanyFeatureEnabled(),
+            entityAlias: 'form'
+        }, user);
         return result;
     }
-    /**
-   * Override: Convert entity to response DTO
-   */ convertEntityToResponseDto(entity, _isRaw) {
+    convertEntityToResponseDto(entity, _isRaw) {
+        // Type guard for company-enabled entity
+        const entityWithCompany = entity;
         return {
             id: entity.id,
             name: entity.name,
@@ -148,7 +139,7 @@ export class FormService extends RequestScopedApiService {
             accessType: entity.accessType,
             actionGroups: entity.actionGroups,
             isActive: entity.isActive,
-            companyId: ('companyId' in entity ? entity.companyId : null) ?? null,
+            companyId: entityWithCompany.companyId ?? null,
             metadata: entity.metadata,
             createdAt: entity.createdAt,
             updatedAt: entity.updatedAt,
@@ -158,33 +149,37 @@ export class FormService extends RequestScopedApiService {
             deletedById: entity.deletedById
         };
     }
-    // Public Form Access
-    /**
-   * Get form for public submission (no auth)
-   */ async getPublicForm(formId) {
+    toPublicForm(form) {
+        return {
+            id: form.id,
+            name: form.name,
+            description: form.description,
+            schema: form.schema,
+            schemaVersion: form.schemaVersion
+        };
+    }
+    async findPublicActiveForm(where) {
         await this.ensureRepositoryInitialized();
-        const form = await this.repository.findOne({
+        return this.repository.findOne({
             where: {
-                id: formId,
+                ...where,
                 accessType: FormAccessType.PUBLIC,
                 isActive: true,
                 deletedAt: IsNull()
             }
         });
+    }
+    // Public Form Access
+    async getPublicForm(formId) {
+        const form = await this.findPublicActiveForm({
+            id: formId
+        });
         if (!form) {
             throw new NotFoundException('Form not found or not available for public access');
         }
-        return {
-            id: form.id,
-            name: form.name,
-            description: form.description,
-            schema: form.schema,
-            schemaVersion: form.schemaVersion
-        };
+        return this.toPublicForm(form);
     }
-    /**
-   * Get form for submission with access validation
-   */ async getFormForSubmission(formId, user) {
+    async getFormForSubmission(formId, user) {
         await this.ensureRepositoryInitialized();
         const form = await this.repository.findOne({
             where: {
@@ -197,27 +192,19 @@ export class FormService extends RequestScopedApiService {
             throw new NotFoundException('Form not found or inactive');
         }
         // Access validation based on accessType
-        switch(form.accessType){
-            case FormAccessType.PUBLIC:
-                return form; // Anyone can access
-            case FormAccessType.AUTHENTICATED:
-                if (!user) {
-                    throw new UnauthorizedException('Authentication required to submit this form');
-                }
-                return form;
-            case FormAccessType.ACTION_GROUP:
-                if (!user) {
-                    throw new UnauthorizedException('Authentication required to submit this form');
-                }
-                // Permission check is handled by the controller/guard
-                return form;
-            default:
-                throw new BadRequestException('Invalid access type');
+        if (form.accessType === FormAccessType.PUBLIC) {
+            return form; // Anyone can access
+        }
+        // All non-public forms require authentication
+        if (!user) {
+            throw new UnauthorizedException('Authentication required to submit this form');
+        }
+        if (form.accessType === FormAccessType.AUTHENTICATED || form.accessType === FormAccessType.ACTION_GROUP) {
+            return form; // Permission check for ACTION_GROUP is handled by the controller/guard
         }
+        throw new BadRequestException('Invalid access type');
     }
-    /**
-   * Get form by slug
-   */ async getBySlug(slug) {
+    async getBySlug(slug) {
         await this.ensureRepositoryInitialized();
         const form = await this.repository.findOne({
             where: {
@@ -228,9 +215,15 @@ export class FormService extends RequestScopedApiService {
         return form ? this.convertEntityToResponseDto(form, false) : null;
     }
     /**
-   * Get form access info (public endpoint)
-   * Returns basic form info including access requirements
-   */ async getFormAccessInfo(formId) {
+   * Get public form by slug (no authentication required)
+   * Returns null if form doesn't exist, is not public, or is inactive
+   */ async getPublicFormBySlug(slug) {
+        const form = await this.findPublicActiveForm({
+            slug
+        });
+        return form ? this.toPublicForm(form) : null;
+    }
+    async getFormAccessInfo(formId) {
         await this.ensureRepositoryInitialized();
         const form = await this.repository.findOne({
             where: {
@@ -258,10 +251,7 @@ export class FormService extends RequestScopedApiService {
             isActive: form.isActive
         };
     }
-    /**
-   * Get form for authenticated submission
-   * Returns full form for users who are logged in
-   */ async getAuthenticatedForm(formId, user) {
+    async getAuthenticatedForm(formId, user) {
         const form = await this.getFormForSubmission(formId, user);
         // For action_group access, check permissions from cache
         if (form.accessType === FormAccessType.ACTION_GROUP && form.actionGroups?.length) {
@@ -270,13 +260,7 @@ export class FormService extends RequestScopedApiService {
                 throw new ForbiddenException('You do not have permission to access this form');
             }
         }
-        return {
-            id: form.id,
-            name: form.name,
-            description: form.description,
-            schema: form.schema,
-            schemaVersion: form.schemaVersion
-        };
+        return this.toPublicForm(form);
     }
     constructor(cacheManager, utilsService, formBuilderConfig, dataSourceProvider){
         super('form', null, cacheManager, utilsService, FormService.name, true), _define_property(this, "cacheManager", void 0), _define_property(this, "utilsService", void 0), _define_property(this, "formBuilderConfig", void 0), _define_property(this, "dataSourceProvider", void 0), this.cacheManager = cacheManager, this.utilsService = utilsService, this.formBuilderConfig = formBuilderConfig, this.dataSourceProvider = dataSourceProvider;