All files / src/platform/permissions permission.controller.ts

0% Statements 0/28
0% Branches 0/10
0% Functions 0/8
0% Lines 0/26

Press n or j to go to the next uncovered block, b, p or k for the previous block.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87                                                                                                                                                                             
import {
  Controller,
  Get,
  Post,
  Delete,
  Param,
  Body,
  Req,
} from '@nestjs/common';
import { PermissionEvaluationService } from './permission.service';
import { ApiTags, ApiOperation, ApiResponse } from '@nestjs/swagger';
 
@Controller('api/v1/policies')
@ApiTags('Permission')
export class PermissionController {
  constructor(
    private readonly permissionService: PermissionEvaluationService,
  ) {}
 
  private getContext(req: any) {
    const tenantId =
      req.user?.tenantId || req.headers['x-tenant-id'] || 'SYSTEM';
    const userId = req.user?.id || req.headers['x-user-id'] || 'system-user-id';
    return { tenantId, userId };
  }
 
  @Get()
  @ApiOperation({ summary: 'Get policies operation' })
  @ApiResponse({ status: 200, description: 'Operation successful' })
  async getPolicies(@Req() req: any) {
    const ctx = this.getContext(req);
    return this.permissionService.getPolicies(ctx.tenantId);
  }
 
  @Post()
  @ApiOperation({ summary: 'Create policy operation' })
  @ApiResponse({ status: 201, description: 'Operation successful' })
  async createPolicy(@Body() body: any, @Req() req: any) {
    const ctx = this.getContext(req);
    return this.permissionService.createPolicy({
      ...body,
      tenantId: ctx.tenantId,
    });
  }
 
  @Get('evaluation-logs')
  @ApiOperation({ summary: 'Get evaluation logs operation' })
  @ApiResponse({ status: 200, description: 'Operation successful' })
  async getEvaluationLogs(@Req() req: any) {
    const ctx = this.getContext(req);
    return this.permissionService.getEvaluationLogs(ctx.tenantId);
  }
 
  @Get(':id')
  @ApiOperation({ summary: 'Get policy operation' })
  @ApiResponse({ status: 200, description: 'Operation successful' })
  async getPolicy(@Param('id') id: string, @Req() req: any) {
    const ctx = this.getContext(req);
    return this.permissionService.getPolicy(id, ctx.tenantId);
  }
 
  @Delete(':id')
  @ApiOperation({ summary: 'Delete policy operation' })
  @ApiResponse({ status: 200, description: 'Operation successful' })
  async deletePolicy(@Param('id') id: string, @Req() req: any) {
    const ctx = this.getContext(req);
    return this.permissionService.deletePolicy(id, ctx.tenantId);
  }
 
  @Post('evaluate')
  @ApiOperation({ summary: 'Evaluate operation' })
  @ApiResponse({ status: 201, description: 'Operation successful' })
  async evaluate(
    @Body() body: { resource: string; action: string; context?: any },
    @Req() req: any,
  ) {
    const ctx = this.getContext(req);
    return this.permissionService.evaluate({
      tenantId: ctx.tenantId,
      userId: ctx.userId,
      resource: body.resource,
      action: body.action,
      context: body.context,
    });
  }
}