Add record access strategy
This commit is contained in:
Francisco Gaona
@@ -2,6 +2,8 @@ import {
|
||||
Controller,
|
||||
Get,
|
||||
Post,
|
||||
Patch,
|
||||
Put,
|
||||
Param,
|
||||
Body,
|
||||
UseGuards,
|
||||
@@ -10,6 +12,7 @@ import { ObjectService } from './object.service';
|
||||
import { FieldMapperService } from './field-mapper.service';
|
||||
import { JwtAuthGuard } from '../auth/jwt-auth.guard';
|
||||
import { TenantId } from '../tenant/tenant.decorator';
|
||||
import { TenantDatabaseService } from '../tenant/tenant-database.service';
|
||||
|
||||
@Controller('setup/objects')
|
||||
@UseGuards(JwtAuthGuard)
|
||||
@@ -17,6 +20,7 @@ export class SetupObjectController {
|
||||
constructor(
|
||||
private objectService: ObjectService,
|
||||
private fieldMapperService: FieldMapperService,
|
||||
private tenantDbService: TenantDatabaseService,
|
||||
) {}
|
||||
|
||||
@Get()
|
||||
@@ -29,7 +33,8 @@ export class SetupObjectController {
|
||||
@TenantId() tenantId: string,
|
||||
@Param('objectApiName') objectApiName: string,
|
||||
) {
|
||||
return this.objectService.getObjectDefinition(tenantId, objectApiName);
|
||||
const objectDef = await this.objectService.getObjectDefinition(tenantId, objectApiName);
|
||||
return this.fieldMapperService.mapObjectDefinitionToDTO(objectDef);
|
||||
}
|
||||
|
||||
@Get(':objectApiName/ui-config')
|
||||
@@ -58,10 +63,64 @@ export class SetupObjectController {
|
||||
@Param('objectApiName') objectApiName: string,
|
||||
@Body() data: any,
|
||||
) {
|
||||
return this.objectService.createFieldDefinition(
|
||||
const field = await this.objectService.createFieldDefinition(
|
||||
tenantId,
|
||||
objectApiName,
|
||||
data,
|
||||
);
|
||||
// Map the created field to frontend format
|
||||
return this.fieldMapperService.mapFieldToDTO(field);
|
||||
}
|
||||
|
||||
@Patch(':objectApiName')
|
||||
async updateObjectDefinition(
|
||||
@TenantId() tenantId: string,
|
||||
@Param('objectApiName') objectApiName: string,
|
||||
@Body() data: any,
|
||||
) {
|
||||
return this.objectService.updateObjectDefinition(tenantId, objectApiName, data);
|
||||
}
|
||||
|
||||
@Get(':objectId/field-permissions')
|
||||
async getFieldPermissions(
|
||||
@TenantId() tenantId: string,
|
||||
@Param('objectId') objectId: string,
|
||||
) {
|
||||
return this.objectService.getFieldPermissions(tenantId, objectId);
|
||||
}
|
||||
|
||||
@Put(':objectId/field-permissions')
|
||||
async updateFieldPermission(
|
||||
@TenantId() tenantId: string,
|
||||
@Param('objectId') objectId: string,
|
||||
@Body() data: { roleId: string; fieldDefinitionId: string; canRead: boolean; canEdit: boolean },
|
||||
) {
|
||||
return this.objectService.updateFieldPermission(tenantId, data.roleId, data.fieldDefinitionId, data.canRead, data.canEdit);
|
||||
}
|
||||
|
||||
@Get(':objectApiName/permissions/:roleId')
|
||||
async getObjectPermissions(
|
||||
@TenantId() tenantId: string,
|
||||
@Param('objectApiName') objectApiName: string,
|
||||
@Param('roleId') roleId: string,
|
||||
) {
|
||||
return this.objectService.getObjectPermissions(tenantId, objectApiName, roleId);
|
||||
}
|
||||
|
||||
@Put(':objectApiName/permissions')
|
||||
async updateObjectPermissions(
|
||||
@TenantId() tenantId: string,
|
||||
@Param('objectApiName') objectApiName: string,
|
||||
@Body() data: {
|
||||
roleId: string;
|
||||
canCreate: boolean;
|
||||
canRead: boolean;
|
||||
canEdit: boolean;
|
||||
canDelete: boolean;
|
||||
canViewAll: boolean;
|
||||
canModifyAll: boolean;
|
||||
},
|
||||
) {
|
||||
return this.objectService.updateObjectPermissions(tenantId, objectApiName, data);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user