feat(api): users controller

Author: akdasa

modules/libs/domain/permissions/index.ts

@@ -15,6 +15,11 @@ export const PermissionKeys = [
   'schools:read',
   'schools:update',
   'schools:delete',
+
+  // Users
+  'users:read',
+  'users:update',
+  'users:delete',
 ] as const;
 
 export type PermissionKey = typeof PermissionKeys[number];

modules/libs/protocol/index.ts

@@ -5,3 +5,4 @@ export * from './routes'
 export * from './roles'
 export * from './userRoles'
 export * from './organizations'
+export * from './users'

modules/libs/protocol/routes.ts

@@ -27,6 +27,10 @@ export const Routes = (baseUrl: string = '') => ({
       delete: (id: string) => `${baseUrl}/edu/roles/${id}`,
     },
     user: (userId: string) => ({
+      get: () => `${baseUrl}/edu/users/${userId}`,
+      find: () => `${baseUrl}/edu/users`,
+      update: () => `${baseUrl}/edu/users/${userId}`,
+      delete: () => `${baseUrl}/edu/users/${userId}`,
       roles: {
         all: () => `${baseUrl}/edu/users/${userId}/roles`,
         create: () => `${baseUrl}/edu/users/${userId}/roles`,

modules/libs/protocol/users.ts

@@ -0,0 +1,48 @@
+import * as crud from './crud'
+
+/* -------------------------------------------------------------------------- */
+/*                                   Models                                   */
+/* -------------------------------------------------------------------------- */
+
+export type UserSummary = {
+  id: string;
+  name: string;
+}
+
+export type UserDetailsRole = {
+  id: string;
+  name?: string;
+}
+
+export type UserDetails = UserSummary & {
+  email: string;
+  phone?: string;
+  roles: UserDetailsRole[];
+}
+
+/* -------------------------------------------------------------------------- */
+/*                                    Read                                    */
+/* -------------------------------------------------------------------------- */
+
+export type GetUserResponse =
+  crud.GetItemResponse<UserDetails>;
+
+export type GetUsersResponse =
+  crud.GetItemsListResponse<UserSummary>;
+
+/* -------------------------------------------------------------------------- */
+/*                                   Update                                   */
+/* -------------------------------------------------------------------------- */
+
+export type UpdateUserRequest =
+  crud.UpdateItemRequest<Omit<UserDetails, 'id'>>;
+
+export type UpdateUserResponse =
+  crud.UpdateItemResponse<UserDetails>;
+
+/* -------------------------------------------------------------------------- */
+/*                                   Delete                                   */
+/* -------------------------------------------------------------------------- */
+
+export type DeleteUserResponse =
+  crud.DeleteItemResponse;

modules/services/api/src/auth/utils/user-permissions.util.ts

@@ -10,26 +10,30 @@ export class UserPermissions {
    * on the provided organization and school. Throws an error
    * if user does not have permission.
    * @param permissions Required permissions to check
-   * @param organizationId Organization id to check
-   * @param schoolId School id to check
+   * @param scope Scope (or scopes) to check permissions for
    */
   public check(
     permissions: domain.PermissionKey[],
-    scope?: { organizationId: string; schoolId?: string },
+    scope?:
+      | { organizationId: string; schoolId?: string }
+      | { organizationId: string; schoolId?: string }[],
   ) {
-    const scopes = this.getScopes(permissions);
-    if (!scopes.length) {
+    // get user and resource scopes
+    const resourceScopes = Array.isArray(scope) ? scope : [scope];
+    const userScopes = this.getScopes(permissions);
+    if (!userScopes.length) {
       throw new ForbiddenException('User does not have permission');
     }
 
     if (!scope) {
       return;
     }
 
-    const permitted = scopes.some(
-      (s) =>
-        s.organizationId == scope?.organizationId &&
-        s.schoolId == scope?.schoolId,
+    const permitted = userScopes.some((us) =>
+      resourceScopes.some(
+        (rs) =>
+          us.organizationId == rs.organizationId && us.schoolId == rs.schoolId,
+      ),
     );
 
     if (!permitted) {

modules/services/api/src/edu/controllers/index.ts

@@ -1,3 +1,4 @@
 export * from './organizations/organizations.controller';
 export * from './roles/roles.controller';
 export * from './users/userRoles.controller';
+export * from './users/users.controller';

modules/services/api/src/edu/controllers/users/specs/context.ts

@@ -0,0 +1,180 @@
+import { faker } from '@faker-js/faker';
+import { INestApplication } from '@nestjs/common';
+import {
+  OrganizationsService,
+  RolesService,
+  SchoolsService,
+  UsersService,
+} from '@vidya/api/edu/services';
+import { Organization, Role, School, User } from '@vidya/entities';
+
+export type Context = {
+  one: {
+    org: Organization;
+    roles: {
+      orgAdmin: Role;
+    };
+    schoolOne: {
+      school: School;
+      roles: {
+        schoolOneAdmin: Role;
+      };
+    };
+    schoolTwo: {
+      school: School;
+      roles: {
+        schoolTwoAdmin: Role;
+      };
+    };
+    users: {
+      orgAdmin: User;
+      schoolOneAdmin: User;
+      schoolTwoAdmin: User;
+    };
+  };
+  two: {
+    org: Organization;
+    roles: {
+      orgAdmin: Role;
+    };
+    users: {
+      orgAdmin: User;
+    };
+  };
+};
+
+export const createContext = async (
+  app: INestApplication,
+): Promise<Context> => {
+  const orgsService = app.get(OrganizationsService);
+  const rolesService = app.get(RolesService);
+  const schoolsService = app.get(SchoolsService);
+  const usersService = app.get(UsersService);
+
+  /* -------------------------------------------------------------------------- */
+  /*                                Organizations                               */
+  /* -------------------------------------------------------------------------- */
+
+  const orgOne = await orgsService.create({
+    name: 'Org One',
+  });
+
+  const orgTwo = await orgsService.create({
+    name: 'Org Two',
+  });
+
+  /* -------------------------------------------------------------------------- */
+  /*                                   Schools                                  */
+  /* -------------------------------------------------------------------------- */
+
+  const schoolOne = await schoolsService.create({
+    name: 'School Two',
+    organizationId: orgOne.id,
+  });
+
+  const schoolTwo = await schoolsService.create({
+    name: 'School Two',
+    organizationId: orgOne.id,
+  });
+
+  /* -------------------------------------------------------------------------- */
+  /*                                    Roles                                   */
+  /* -------------------------------------------------------------------------- */
+
+  const orgAdmin = await rolesService.create({
+    name: 'Org Admin',
+    description: 'Organization Admin',
+    organizationId: orgOne.id,
+    permissions: ['users:read'],
+  });
+
+  const schoolOneAdmin = await rolesService.create({
+    name: 'School One Admin',
+    description: 'School One Admin',
+    organizationId: orgOne.id,
+    schoolId: schoolOne.id,
+    permissions: ['users:read'],
+  });
+
+  const schoolTwoAdmin = await rolesService.create({
+    name: 'School Two Admin',
+    description: 'School Two Admin',
+    organizationId: orgOne.id,
+    schoolId: schoolTwo.id,
+    permissions: ['users:read'],
+  });
+
+  const orgTwoAdmin = await rolesService.create({
+    name: 'Org Two Admin',
+    description: 'Organization Two Admin',
+    organizationId: orgTwo.id,
+    permissions: ['users:read'],
+  });
+
+  /* -------------------------------------------------------------------------- */
+  /*                                    Users                                   */
+  /* -------------------------------------------------------------------------- */
+
+  const orgAdminUser = await usersService.create({
+    name: 'Org Admin',
+    email: faker.internet.email(),
+    roles: [orgAdmin],
+  });
+
+  const schoolOneAdminUser = await usersService.create({
+    name: 'School One Admin',
+    email: faker.internet.email(),
+    roles: [schoolOneAdmin],
+  });
+
+  const schoolTwoAdminUser = await usersService.create({
+    name: 'School Two Admin',
+    email: faker.internet.email(),
+    roles: [schoolTwoAdmin],
+  });
+
+  const orgTwoAdminUser = await usersService.create({
+    name: 'Org Two Admin',
+    email: faker.internet.email(),
+    roles: [orgTwoAdmin],
+  });
+
+  /* -------------------------------------------------------------------------- */
+  /*                                   Return                                   */
+  /* -------------------------------------------------------------------------- */
+
+  return {
+    one: {
+      org: orgOne,
+      roles: {
+        orgAdmin: orgAdmin,
+      },
+      schoolOne: {
+        school: schoolOne,
+        roles: {
+          schoolOneAdmin: schoolOneAdmin,
+        },
+      },
+      schoolTwo: {
+        school: schoolTwo,
+        roles: {
+          schoolTwoAdmin: schoolTwoAdmin,
+        },
+      },
+      users: {
+        orgAdmin: orgAdminUser,
+        schoolOneAdmin: schoolOneAdminUser,
+        schoolTwoAdmin: schoolTwoAdminUser,
+      },
+    },
+    two: {
+      org: orgTwo,
+      roles: {
+        orgAdmin: orgTwoAdmin,
+      },
+      users: {
+        orgAdmin: orgTwoAdminUser,
+      },
+    },
+  };
+};