Merge pull request #77 from kelvinsb/feat/hide-contact-for-unauthorized

Somente exibir campo de Contato quando logado(staff ou user)

Author: filipepacheco

src/decorators/UserDecorator/user.decorator.ts

@@ -0,0 +1,8 @@
+import { createParamDecorator, ExecutionContext } from '@nestjs/common';
+
+export const UserDecorator = createParamDecorator(
+  (data: unknown, ctx: ExecutionContext) => {
+    const request = ctx.switchToHttp().getRequest();
+    return request?.user;
+  },
+);

src/guards/apply-user.guard.ts

@@ -0,0 +1,10 @@
+import { Injectable } from '@nestjs/common';
+import { AuthGuard } from '@nestjs/passport';
+
+@Injectable()
+export class ApplyUser extends AuthGuard('jwt') {
+  handleRequest(err: any, user: any) {
+    if (user) return user;
+    return null;
+  }
+}

src/guards/utils.ts

@@ -11,22 +11,34 @@ async function canActivate(context: ExecutionContext, allowed: AccessLevel[]) {
   if (request.user) {
     const { userId, sessionId } = request.user;
 
-    const session = await service.session.findUnique({
-      where: { id: sessionId, active: true, user: { id: userId } },
-      include: {
-        user: true,
-      },
-    });
-
-    if (
-      session &&
-      allowed.some((permission) => permission === session.user.accessLevel)
-    ) {
-      return true;
-    }
+    return isRightSessionRole(allowed, sessionId, userId);
   }
 
   return false;
 }
 
+async function isRightSessionRole(
+  allowed: AccessLevel[],
+  sessionId?: string,
+  userId?: string,
+) {
+  if (!sessionId) return false;
+  if (!userId) return false;
+
+  const session = await service.session.findUnique({
+    where: { id: sessionId, active: true, user: { id: userId } },
+    include: {
+      user: true,
+    },
+  });
+
+  if (
+    session &&
+    allowed.some((permission) => permission === session.user.accessLevel)
+  ) {
+    return true;
+  }
+  return false;
+}
+
 export { canActivate };

src/shelter/shelter.controller.ts

@@ -15,6 +15,8 @@ import { ApiTags } from '@nestjs/swagger';
 import { ShelterService } from './shelter.service';
 import { ServerResponse } from '../utils';
 import { StaffGuard } from '@/guards/staff.guard';
+import { ApplyUser } from '@/guards/apply-user.guard';
+import { UserDecorator } from '@/decorators/UserDecorator/user.decorator';
 
 @ApiTags('Abrigos')
 @Controller('shelters')
@@ -35,9 +37,12 @@ export class ShelterController {
   }
 
   @Get(':id')
-  async show(@Param('id') id: string) {
+  @UseGuards(ApplyUser)
+  async show(@UserDecorator() user: any, @Param('id') id: string) {
     try {
-      const data = await this.shelterService.show(id);
+      const isLogged =
+        Boolean(user) && Boolean(user?.sessionId) && Boolean(user?.userId);
+      const data = await this.shelterService.show(id, isLogged);
       return new ServerResponse(200, 'Successfully get shelter', data);
     } catch (err: any) {
       this.logger.error(`Failed to get shelter: ${err}`);

src/shelter/shelter.service.ts

@@ -60,7 +60,7 @@ export class ShelterService {
     });
   }
 
-  async show(id: string) {
+  async show(id: string, shouldShowContact: boolean) {
     const data = await this.prismaService.shelter.findFirst({
       where: {
         id,
@@ -72,7 +72,7 @@ export class ShelterService {
         pix: true,
         shelteredPeople: true,
         capacity: true,
-        contact: true,
+        contact: shouldShowContact,
         petFriendly: true,
         prioritySum: true,
         latitude: true,
@@ -137,7 +137,6 @@ export class ShelterService {
         pix: true,
         address: true,
         capacity: true,
-        contact: true,
         petFriendly: true,
         shelteredPeople: true,
         prioritySum: true,

src/shelter/types/search.types.ts

@@ -12,7 +12,9 @@ export interface IFilterFormProps {
   tags: ShelterTagInfo | null;
 }
 
-export type SearchShelterTagResponse = Shelter & {
+type AllowedShelterFields = Omit<Shelter, 'contact'>;
+
+export type SearchShelterTagResponse = AllowedShelterFields & {
   shelterSupplies: (ShelterSupply & { supply: Supply })[];
 };