feat(api): users controllers

akdasa · akdasa · commit 9c3ea4d3bfc2 · 2025-03-11T13:53:41.000Z
diff --git a/modules/libs/protocol/users.ts b/modules/libs/protocol/users.ts
@@ -43,10 +43,3 @@ export type UpdateUserRequest =
 
 export type UpdateUserResponse =
   crud.UpdateItemResponse<UserDetails>;
-
-/* -------------------------------------------------------------------------- */
-/*                                   Delete                                   */
-/* -------------------------------------------------------------------------- */
-
-export type DeleteUserResponse =
-  crud.DeleteItemResponse;
diff --git a/modules/services/api/src/edu/controllers/users/specs/context.ts b/modules/services/api/src/edu/controllers/users/specs/context.ts
@@ -55,14 +55,14 @@ export const createContext = async (
     name: 'Org Admin',
     description: 'Organization Admin',
     schoolId: one.id,
-    permissions: ['users:read'],
+    permissions: ['users:read', 'users:update', 'users:delete'],
   });
 
   const twoAdmin = await rolesService.create({
     name: 'Org Two Admin',
     description: 'Organization Two Admin',
     schoolId: two.id,
-    permissions: ['users:read'],
+    permissions: ['users:read', 'users:update', 'users:delete'],
   });
 
   /* -------------------------------------------------------------------------- */
diff --git a/modules/services/api/src/edu/controllers/users/specs/users.controller.test.get.spec.ts b/modules/services/api/src/edu/controllers/users/specs/users.controller.test.get.spec.ts
@@ -4,6 +4,7 @@ import { INestApplication } from '@nestjs/common';
 import { UserPermissions } from '@vidya/api/auth/utils';
 import { UsersController } from '@vidya/api/edu/controllers';
 import * as dto from '@vidya/api/edu/dto';
+import { UsersService } from '@vidya/api/edu/services';
 import { createTestingApp } from '@vidya/api/edu/shared';
 import { Role } from '@vidya/entities';
 import * as entities from '@vidya/entities';
@@ -42,33 +43,94 @@ describe('UsersController', () => {
     );
   }
 
+  describe('getOne', () => {
+    it('returns user by Id', async () => {
+      const res = await ctr.getOne(
+        ctx.one.users.oneAdmin.id,
+        getPermissions([ctx.one.roles.oneAdmin]),
+      );
+      expect(res).toEqual(
+        mapper.map(ctx.one.users.oneAdmin, entities.User, dto.GetUserResponse),
+      );
+    });
+
+    it('returns 404 if access is not permitted', async () => {
+      await expect(async () => {
+        await ctr.getOne(
+          ctx.one.users.oneAdmin.id,
+          getPermissions([ctx.two.roles.twoAdmin]),
+        );
+      }).rejects.toThrow(`User with id ${ctx.one.users.oneAdmin.id} not found`);
+    });
+
+    it('returns 403 for user without any permissions', async () => {
+      await expect(async () => {
+        await ctr.getOne(ctx.one.users.oneAdmin.id, new UserPermissions([]));
+      }).rejects.toThrow(`User does not have permission`);
+    });
+  });
+
   /* -------------------------------------------------------------------------- */
   /*                                   Get Many                                 */
   /* -------------------------------------------------------------------------- */
 
   describe('getMany', () => {
-    it('user can see all users in school', async () => {
+    it('returns all users in permitted school', async () => {
       const res = await ctr.getMany(
         new dto.GetUsersQuery(),
         getPermissions([ctx.one.roles.oneAdmin]),
       );
       expectUsers(res, [ctx.one.users.oneAdmin]);
     });
 
-    it('user can see all users in multiple schools', async () => {
+    it('returns all users in multiple permitted schools', async () => {
       const res = await ctr.getMany(
         new dto.GetUsersQuery(),
         getPermissions([ctx.one.roles.oneAdmin, ctx.two.roles.twoAdmin]),
       );
       expectUsers(res, [ctx.one.users.oneAdmin, ctx.two.users.twoAdmin]);
     });
 
-    it('should filter by schoolId', async () => {
+    it('filters by schoolId', async () => {
       const res = await ctr.getMany(
         new dto.GetUsersQuery({ schoolId: ctx.one.school.id }),
         getPermissions([ctx.one.roles.oneAdmin, ctx.two.roles.twoAdmin]),
       );
       expectUsers(res, [ctx.one.users.oneAdmin]);
     });
   });
+
+  /* -------------------------------------------------------------------------- */
+  /*                                 Update One                                 */
+  /* -------------------------------------------------------------------------- */
+
+  describe('updateOne', () => {
+    it('updates user by Id', async () => {
+      const res = await ctr.updateOne(
+        new dto.UpdateUserRequest({ name: 'Updated Name' }),
+        ctx.one.users.oneAdmin.id,
+        getPermissions([ctx.one.roles.oneAdmin]),
+      );
+
+      expect(res).toEqual(
+        mapper.map(
+          await app
+            .get(UsersService)
+            .findOneBy({ id: ctx.one.users.oneAdmin.id }),
+          entities.User,
+          dto.UpdateUserResponse,
+        ),
+      );
+    });
+
+    it('throws if user do not have permission', async () => {
+      await expect(async () => {
+        await ctr.updateOne(
+          new dto.UpdateUserRequest({ name: 'Updated Name' }),
+          ctx.one.users.oneAdmin.id,
+          getPermissions([ctx.two.roles.twoAdmin]),
+        );
+      }).rejects.toThrow(`User does not have permission`);
+    });
+  });
 });
diff --git a/modules/services/api/src/edu/controllers/users/users.controller.ts b/modules/services/api/src/edu/controllers/users/users.controller.ts
@@ -25,7 +25,6 @@ const Crud = CrudDecorators({
   getOneResponseDto: dto.GetUserResponse,
   getManyResponseDto: dto.GetUsersResponse,
   updateOneResponseDto: dto.UpdateUserResponse,
-  deleteOneResponseDto: dto.DeleteUserResponse,
 });
 
 @Controller()
@@ -104,18 +103,4 @@ export class UsersController {
     const user = await this.usersService.updateOneBy({ id }, request);
     return this.mapper.map(user, entities.User, dto.UpdateUserResponse);
   }
-
-  /* -------------------------------------------------------------------------- */
-  /*                          DELETE /edu/users/:id                             */
-  /* -------------------------------------------------------------------------- */
-
-  @Crud.DeleteOne(Routes().edu.user(':id').delete())
-  async deleteOne(
-    @Param('id', new ParseUUIDPipe(), UserExistsPipe) id: string,
-    @UserWithPermissions() userPermissions: UserPermissions,
-  ): Promise<dto.DeleteUserResponse> {
-    // userPermissions.check(['users:delete'], { userId: id });
-    await this.usersService.deleteOneBy({ id });
-    return new dto.DeleteUserResponse({ success: true });
-  }
 }
diff --git a/modules/services/api/src/edu/dto/users.dto.ts b/modules/services/api/src/edu/dto/users.dto.ts
@@ -82,6 +82,12 @@ export class GetUsersResponse implements protocol.GetUsersResponse {
 /* -------------------------------------------------------------------------- */
 
 export class UpdateUserRequest implements protocol.UpdateUserRequest {
+  constructor(options?: { name?: string; email?: string; phone?: string }) {
+    this.name = options?.name;
+    this.email = options?.email;
+    this.phone = options?.phone;
+  }
+
   @ApiPropertyOptional({ example: 'User' })
   @IsString()
   @IsOptional()
@@ -106,15 +112,3 @@ export class UpdateUserRequest implements protocol.UpdateUserRequest {
 export class UpdateUserResponse
   extends UserDetails
   implements protocol.UpdateUserResponse {}
-
-/* -------------------------------------------------------------------------- */
-/*                                   Delete                                   */
-/* -------------------------------------------------------------------------- */
-
-export class DeleteUserResponse {
-  constructor(options?: { success: boolean }) {
-    this.success = options.success;
-  }
-  @ApiProperty({ example: 'success' })
-  success: boolean;
-}
diff --git a/modules/services/api/src/edu/mappers/users.mapper.ts b/modules/services/api/src/edu/mappers/users.mapper.ts
@@ -22,6 +22,21 @@ export class UsersMappingProfile extends AutomapperProfile {
         forMember((d) => d.name, mapFrom((s) => s.name)),
       );
 
+      createMap(
+        mapper, entities.User, dto.GetUserResponse,
+        forMember((d) => d.id,   mapFrom((s) => s.id)),
+        forMember((d) => d.name, mapFrom((s) => s.name)),
+        forMember((d) => d.email, mapFrom((s) => s.email)),
+        forMember((d) => d.phone, mapFrom((s) => s.phone))
+      );
+
+      createMap(
+        mapper, entities.User, dto.UpdateUserResponse,
+        forMember((d) => d.id,   mapFrom((s) => s.id)),
+        forMember((d) => d.name, mapFrom((s) => s.name)),
+        forMember((d) => d.email, mapFrom((s) => s.email)),
+        forMember((d) => d.phone, mapFrom((s) => s.phone))
+      );
     };
   }
 }
diff --git a/modules/services/api/src/edu/services/users.service.ts b/modules/services/api/src/edu/services/users.service.ts
@@ -12,9 +12,9 @@ export class UsersService extends ScopedEntitiesService<User, Scope> {
   constructor(@InjectRepository(User) repository: Repository<User>) {
     super(repository, (query, scope) => {
       // TODO add support for query.where as array
-      const {
-        roles: { schoolId },
-      } = query?.where ?? ({} as any);
+      const q = query?.where as any;
+      const userId = q?.id;
+      const schoolId = q?.roles?.schoolId;
 
       // Get all user scopes and filter whem by query params if provided
       const userScopes = scope.permissions
@@ -25,6 +25,7 @@ export class UsersService extends ScopedEntitiesService<User, Scope> {
       const scopedQuery = {
         where: [
           ...userScopes.map((s) => ({
+            id: userId,
             roles: {
               schoolId: s.schoolId,
             },
