Merge branch 'master' of https://github.com/isis3710-uniandes/ISIS3710_202310_S1_E2_Back

Author: amolinam08

collections/Seguridad.postman_collection.json

@@ -0,0 +1,37 @@
+{
+"info": {
+"_postman_id": "4e1c5db9-7570-46ce-88d3-ff74c6f4f28e",
+"name": "Seguridad",
+"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
+"_exporter_id": "11708390"
+},
+"item": [
+{
+"name": "Obtener token",
+"request": {
+"method": "POST",
+"header": [],
+"body": {
+"mode": "raw",
+"raw": "{\r\n \"username\": \"lecturaNegocio\",\r\n \"password\": \"lecturaNegocio\"\r\n}",
+"options": {
+"raw": {
+"language": "json"
+}
+}
+},
+"url": {
+"raw": "{{baseUrl}}/users/login",
+"host": [
+"{{baseUrl}}"
+],
+"path": [
+"users",
+"login"
+]
+}
+},
+"response": []
+}
+]
+}

src/evento/evento.controller.ts

@@ -8,35 +8,48 @@ import {
  Param,
  Post,
  Put,
+ UseGuards,
  UseInterceptors,
 } from '@nestjs/common';
 import { plainToInstance } from 'class-transformer';
 import { BusinessErrorsInterceptor } from '../shared/interceptors/business-errors.interceptor';
 import { EventoDto } from './evento.dto';
 import { EventoEntity } from './evento.entity';
 import { EventoService } from './evento.service';
+import { HasRoles } from '../auth/has-roles.decorator';
+import { Role } from '../auth/role.enum';
+import { JwtAuthGuard } from 'src/auth/guards/jwt-auth.guard';
+import { RolesGuard } from 'src/auth/roles.guard';
 
 @Controller('eventos')
 @UseInterceptors(BusinessErrorsInterceptor)
 export class EventoController {
  constructor(private readonly eventoService: EventoService) {}
 
+ @HasRoles(Role.AdminEvento, Role.LecturaEvento)
+ @UseGuards(JwtAuthGuard, RolesGuard)
  @Get()
  async findAll() {
  return await this.eventoService.findAll();
  }
 
+ @HasRoles(Role.AdminEvento, Role.LecturaEvento)
+ @UseGuards(JwtAuthGuard, RolesGuard)
  @Get(':eventoId')
  async findOne(@Param('eventoId') eventoId: string) {
  return await this.eventoService.findOne(eventoId);
  }
 
+ @HasRoles(Role.AdminEvento, Role.EscrituraEvento)
+ @UseGuards(JwtAuthGuard, RolesGuard)
  @Post()
  async create(@Body() eventoDto: EventoDto) {
  const evento: EventoEntity = plainToInstance(EventoEntity, eventoDto);
  return await this.eventoService.create(evento);
  }
 
+ @HasRoles(Role.AdminEvento, Role.EscrituraEvento)
+ @UseGuards(JwtAuthGuard, RolesGuard)
  @Put(':eventoId')
  async update(
  @Param('eventoId') eventoId: string,
@@ -46,6 +59,8 @@ export class EventoController {
  return await this.eventoService.update(eventoId, evento);
  }
 
+ @HasRoles(Role.AdminEvento, Role.EliminarEvento)
+ @UseGuards(JwtAuthGuard, RolesGuard)
  @Delete(':eventoId')
  @HttpCode(204)
  async delete(@Param('eventoId') eventoId: string) {

src/review-producto/review-producto.controller.ts

@@ -8,19 +8,31 @@ import {
  Param,
  Post,
  Put,
+ UseGuards,
  UseInterceptors,
 } from '@nestjs/common';
 import { plainToInstance } from 'class-transformer';
 import { ReviewDto } from 'src/review/review.dto';
 import { ReviewEntity } from 'src/review/review.entity';
 import { BusinessErrorsInterceptor } from '../shared/interceptors/business-errors.interceptor';
 import { ReviewProductoService } from './review-producto.service';
+import { HasRoles } from '../auth/has-roles.decorator';
+import { Role } from '../auth/role.enum';
+import { JwtAuthGuard } from 'src/auth/guards/jwt-auth.guard';
+import { RolesGuard } from 'src/auth/roles.guard';
 
 @Controller('productos')
 @UseInterceptors(BusinessErrorsInterceptor)
 export class ReviewProductoController {
  constructor(private readonly reviewProductoService: ReviewProductoService) {}
 
+ @HasRoles(
+ Role.AdminReview,
+ Role.EscrituraReview,
+ Role.AdminProducto,
+ Role.EscrituraProducto,
+ )
+ @UseGuards(JwtAuthGuard, RolesGuard)
  @Post(':productoId/reviews/:reviewId')
  async addReviewProducto(
  @Param('productoId') productoId: string,
@@ -32,6 +44,13 @@ export class ReviewProductoController {
  );
  }
 
+ @HasRoles(
+ Role.AdminReview,
+ Role.LecturaReview,
+ Role.AdminProducto,
+ Role.LecturaProducto,
+ )
+ @UseGuards(JwtAuthGuard, RolesGuard)
  @Get(':productoId/reviews/:reviewId')
  async findReviewByProductoIdReviewId(
  @Param('productoId') productoId: string,
@@ -43,11 +62,25 @@ export class ReviewProductoController {
  );
  }
 
+ @HasRoles(
+ Role.AdminReview,
+ Role.LecturaReview,
+ Role.AdminProducto,
+ Role.LecturaProducto,
+ )
+ @UseGuards(JwtAuthGuard, RolesGuard)
  @Get(':productoId/reviews')
  async findReviewsByProductoId(@Param('productoId') productoId: string) {
  return await this.reviewProductoService.findReviewsByProductoId(productoId);
  }
 
+ @HasRoles(
+ Role.AdminReview,
+ Role.EscrituraReview,
+ Role.AdminProducto,
+ Role.EscrituraProducto,
+ )
+ @UseGuards(JwtAuthGuard, RolesGuard)
  @Put(':productoId/reviews')
  async associateReviewsProducto(
  @Body() reviewsDto: ReviewDto[],
@@ -60,6 +93,13 @@ export class ReviewProductoController {
  );
  }
 
+ @HasRoles(
+ Role.AdminReview,
+ Role.EliminarReview,
+ Role.AdminProducto,
+ Role.EliminarProducto,
+ )
+ @UseGuards(JwtAuthGuard, RolesGuard)
  @Delete(':productoId/reviews/:reviewId')
  @HttpCode(204)
  async deleteReviewProducto(

src/review-usuario/review-usuario.controller.ts

@@ -8,19 +8,31 @@ import {
  Param,
  Post,
  Put,
+ UseGuards,
  UseInterceptors,
 } from '@nestjs/common';
 import { plainToInstance } from 'class-transformer';
 import { ReviewDto } from 'src/review/review.dto';
 import { ReviewEntity } from 'src/review/review.entity';
 import { BusinessErrorsInterceptor } from '../shared/interceptors/business-errors.interceptor';
 import { ReviewUsuarioService } from './review-usuario.service';
+import { HasRoles } from '../auth/has-roles.decorator';
+import { Role } from '../auth/role.enum';
+import { JwtAuthGuard } from 'src/auth/guards/jwt-auth.guard';
+import { RolesGuard } from 'src/auth/roles.guard';
 
 @Controller('usuarios')
 @UseInterceptors(BusinessErrorsInterceptor)
 export class ReviewUsuarioController {
  constructor(private readonly reviewUsuarioService: ReviewUsuarioService) {}
 
+ @HasRoles(
+ Role.AdminReview,
+ Role.EscrituraReview,
+ Role.AdminUsuario,
+ Role.EscrituraUsuario,
+ )
+ @UseGuards(JwtAuthGuard, RolesGuard)
  @Post(':usuarioId/reviews/:reviewId')
  async addReviewUsuario(
  @Param('usuarioId') usuarioId: string,
@@ -32,6 +44,13 @@ export class ReviewUsuarioController {
  );
  }
 
+ @HasRoles(
+ Role.AdminReview,
+ Role.LecturaReview,
+ Role.AdminUsuario,
+ Role.LecturaUsuario,
+ )
+ @UseGuards(JwtAuthGuard, RolesGuard)
  @Get(':usuarioId/reviews/:reviewId')
  async findReviewByUsuarioIdReviewId(
  @Param('usuarioId') usuarioId: string,
@@ -43,11 +62,25 @@ export class ReviewUsuarioController {
  );
  }
 
+ @HasRoles(
+ Role.AdminReview,
+ Role.LecturaReview,
+ Role.AdminUsuario,
+ Role.LecturaUsuario,
+ )
+ @UseGuards(JwtAuthGuard, RolesGuard)
  @Get(':usuarioId/reviews')
  async findReviewsByUsuarioId(@Param('usuarioId') usuarioId: string) {
  return await this.reviewUsuarioService.findReviewsByUsuarioId(usuarioId);
  }
 
+ @HasRoles(
+ Role.AdminReview,
+ Role.EscrituraReview,
+ Role.AdminUsuario,
+ Role.EscrituraUsuario,
+ )
+ @UseGuards(JwtAuthGuard, RolesGuard)
  @Put(':usuarioId/reviews')
  async associateReviewsUsuario(
  @Body() reviewsDto: ReviewDto[],
@@ -60,6 +93,13 @@ export class ReviewUsuarioController {
  );
  }
 
+ @HasRoles(
+ Role.AdminReview,
+ Role.EliminarReview,
+ Role.AdminUsuario,
+ Role.EliminarUsuario,
+ )
+ @UseGuards(JwtAuthGuard, RolesGuard)
  @Delete(':usuarioId/reviews/:reviewId')
  @HttpCode(204)
  async deleteReviewUsuario(

src/review/review.controller.ts

@@ -8,35 +8,48 @@ import {
  Param,
  Post,
  Put,
+ UseGuards,
  UseInterceptors,
 } from '@nestjs/common';
 import { plainToInstance } from 'class-transformer';
 import { BusinessErrorsInterceptor } from '../shared/interceptors/business-errors.interceptor';
 import { ReviewDto } from './review.dto';
 import { ReviewEntity } from './review.entity';
 import { ReviewService } from './review.service';
+import { HasRoles } from '../auth/has-roles.decorator';
+import { Role } from '../auth/role.enum';
+import { JwtAuthGuard } from 'src/auth/guards/jwt-auth.guard';
+import { RolesGuard } from 'src/auth/roles.guard';
 
 @Controller('reviews')
 @UseInterceptors(BusinessErrorsInterceptor)
 export class ReviewController {
  constructor(private readonly reviewService: ReviewService) {}
 
+ @HasRoles(Role.AdminReview, Role.LecturaReview)
+ @UseGuards(JwtAuthGuard, RolesGuard)
  @Get()
  async findAll() {
  return await this.reviewService.findAll();
  }
 
+ @HasRoles(Role.AdminReview, Role.LecturaReview)
+ @UseGuards(JwtAuthGuard, RolesGuard)
  @Get(':reviewId')
  async findOne(@Param('reviewId') reviewId: string) {
  return await this.reviewService.findOne(reviewId);
  }
 
+ @HasRoles(Role.AdminReview, Role.EscrituraReview)
+ @UseGuards(JwtAuthGuard, RolesGuard)
  @Post()
  async create(@Body() reviewDto: ReviewDto) {
  const review: ReviewEntity = plainToInstance(ReviewEntity, reviewDto);
  return await this.reviewService.create(review);
  }
 
+ @HasRoles(Role.AdminReview, Role.EscrituraReview)
+ @UseGuards(JwtAuthGuard, RolesGuard)
  @Put(':reviewId')
  async update(
  @Param('reviewId') reviewId: string,
@@ -46,6 +59,8 @@ export class ReviewController {
  return await this.reviewService.update(reviewId, review);
  }
 
+ @HasRoles(Role.AdminReview, Role.EliminarReview)
+ @UseGuards(JwtAuthGuard, RolesGuard)
  @Delete(':reviewId')
  @HttpCode(204)
  async delete(@Param('reviewId') reviewId: string) {