WIP - admin users and roles

2025-12-30 09:06:42 +01:00
parent 3086f78d34
commit 3fbc019083
8 changed files with 986 additions and 1 deletions
--- a/backend/src/rbac/setup-roles.controller.ts
+++ b/backend/src/rbac/setup-roles.controller.ts
@@ -1,6 +1,10 @@
 import {
  Controller,
  Get,
+  Post,
+  Delete,
+  Param,
+  Body,
  UseGuards,
 } from '@nestjs/common';
 import { JwtAuthGuard } from '../auth/jwt-auth.guard';
@@ -20,4 +24,77 @@ export class SetupRolesController {
    
    return await Role.query(knex).select('*').orderBy('name', 'asc');
  }
+
+  @Get(':id')
+  async getRole(
+    @TenantId() tenantId: string,
+    @Param('id') id: string,
+  ) {
+    const resolvedTenantId = await this.tenantDbService.resolveTenantId(tenantId);
+    const knex = await this.tenantDbService.getTenantKnexById(resolvedTenantId);
+    
+    return await Role.query(knex).findById(id).withGraphFetched('users');
+  }
+
+  @Post()
+  async createRole(
+    @TenantId() tenantId: string,
+    @Body() data: { name: string; description?: string; guardName?: string },
+  ) {
+    const resolvedTenantId = await this.tenantDbService.resolveTenantId(tenantId);
+    const knex = await this.tenantDbService.getTenantKnexById(resolvedTenantId);
+    
+    const role = await Role.query(knex).insert({
+      name: data.name,
+      description: data.description,
+      guardName: data.guardName || 'tenant',
+    });
+    
+    return role;
+  }
+
+  @Post(':roleId/users')
+  async addUserToRole(
+    @TenantId() tenantId: string,
+    @Param('roleId') roleId: string,
+    @Body() data: { userId: string },
+  ) {
+    const resolvedTenantId = await this.tenantDbService.resolveTenantId(tenantId);
+    const knex = await this.tenantDbService.getTenantKnexById(resolvedTenantId);
+    
+    // Check if assignment already exists
+    const existing = await knex('user_roles')
+      .where({ userId: data.userId, roleId })
+      .first();
+    
+    if (existing) {
+      return { success: true, message: 'User already assigned' };
+    }
+    
+    await knex('user_roles').insert({
+      id: knex.raw('(UUID())'),
+      userId: data.userId,
+      roleId,
+      created_at: knex.fn.now(),
+      updated_at: knex.fn.now(),
+    });
+    
+    return { success: true };
+  }
+
+  @Delete(':roleId/users/:userId')
+  async removeUserFromRole(
+    @TenantId() tenantId: string,
+    @Param('roleId') roleId: string,
+    @Param('userId') userId: string,
+  ) {
+    const resolvedTenantId = await this.tenantDbService.resolveTenantId(tenantId);
+    const knex = await this.tenantDbService.getTenantKnexById(resolvedTenantId);
+    
+    await knex('user_roles')
+      .where({ userId, roleId })
+      .delete();
+    
+    return { success: true };
+  }
 }