Press n or j to go to the next uncovered block, b, p or k for the previous block.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 | import { Controller, Get, Post, Delete, Param, Body, Req, } from '@nestjs/common'; import { PermissionEvaluationService } from './permission.service'; import { ApiTags, ApiOperation, ApiResponse } from '@nestjs/swagger'; @Controller('api/v1/policies') @ApiTags('Permission') export class PermissionController { constructor( private readonly permissionService: PermissionEvaluationService, ) {} private getContext(req: any) { const tenantId = req.user?.tenantId || req.headers['x-tenant-id'] || 'SYSTEM'; const userId = req.user?.id || req.headers['x-user-id'] || 'system-user-id'; return { tenantId, userId }; } @Get() @ApiOperation({ summary: 'Get policies operation' }) @ApiResponse({ status: 200, description: 'Operation successful' }) async getPolicies(@Req() req: any) { const ctx = this.getContext(req); return this.permissionService.getPolicies(ctx.tenantId); } @Post() @ApiOperation({ summary: 'Create policy operation' }) @ApiResponse({ status: 201, description: 'Operation successful' }) async createPolicy(@Body() body: any, @Req() req: any) { const ctx = this.getContext(req); return this.permissionService.createPolicy({ ...body, tenantId: ctx.tenantId, }); } @Get('evaluation-logs') @ApiOperation({ summary: 'Get evaluation logs operation' }) @ApiResponse({ status: 200, description: 'Operation successful' }) async getEvaluationLogs(@Req() req: any) { const ctx = this.getContext(req); return this.permissionService.getEvaluationLogs(ctx.tenantId); } @Get(':id') @ApiOperation({ summary: 'Get policy operation' }) @ApiResponse({ status: 200, description: 'Operation successful' }) async getPolicy(@Param('id') id: string, @Req() req: any) { const ctx = this.getContext(req); return this.permissionService.getPolicy(id, ctx.tenantId); } @Delete(':id') @ApiOperation({ summary: 'Delete policy operation' }) @ApiResponse({ status: 200, description: 'Operation successful' }) async deletePolicy(@Param('id') id: string, @Req() req: any) { const ctx = this.getContext(req); return this.permissionService.deletePolicy(id, ctx.tenantId); } @Post('evaluate') @ApiOperation({ summary: 'Evaluate operation' }) @ApiResponse({ status: 201, description: 'Operation successful' }) async evaluate( @Body() body: { resource: string; action: string; context?: any }, @Req() req: any, ) { const ctx = this.getContext(req); return this.permissionService.evaluate({ tenantId: ctx.tenantId, userId: ctx.userId, resource: body.resource, action: body.action, context: body.context, }); } } |