finished admin api

bcgov · Oct 1, 2023 · ab97e4f · ab97e4f
1 parent b8b674e
commit ab97e4f
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 12 deletions.
diff --git a/notify-bc-lb/src/controllers/administrator.controller.ts b/notify-bc-lb/src/controllers/administrator.controller.ts
@@ -282,6 +282,7 @@ export class AdministratorController extends BaseController {
     return this.administratorRepository.find(filter, undefined);
   }
 
+  // start: ported
   @get('/administrators/{id}', {
     responses: {
       '200': {
@@ -311,7 +312,6 @@ export class AdministratorController extends BaseController {
     );
   }
 
-  // start: ported
   @patch('/administrators/{id}', {
     responses: {
       '204': {
@@ -368,7 +368,6 @@ export class AdministratorController extends BaseController {
       undefined,
     );
   }
-  // end: ported
 
   @del('/administrators/{id}', {
     responses: {
@@ -394,4 +393,5 @@ export class AdministratorController extends BaseController {
     await this.userCredentialRepository.deleteAll({userId: id}, undefined);
     await this.administratorRepository.deleteById(id, undefined);
   }
+  // end: ported
 }
diff --git a/src/api/administrators/administrators.controller.ts b/src/api/administrators/administrators.controller.ts
@@ -295,6 +295,30 @@ export class AdministratorsController {
     return this.administratorsService.update(id, updateAdministratorDto, req);
   }
 
+  @Get(':id')
+  findOne(@Param('id') id: string, @Req() req): Promise<Administrator> {
+    if (
+      req.user.authnStrategy === AuthnStrategy.AccessToken &&
+      req.user.securityId !== id
+    ) {
+      throw new HttpException(undefined, HttpStatus.FORBIDDEN);
+    }
+    return this.administratorsService.findOne(id);
+  }
+
+  @Delete(':id')
+  async remove(@Param('id') id: string, @Req() req) {
+    if (
+      req.user.authnStrategy === AuthnStrategy.AccessToken &&
+      req.user.securityId !== id
+    ) {
+      throw new HttpException(undefined, HttpStatus.FORBIDDEN);
+    }
+    await this.accessTokenService.removeAll({ userId: id });
+    await this.userCredentialService.removeAll({ userId: id });
+    this.administratorsService.remove(id);
+  }
+
   @Post()
   @Roles(Role.SuperAdmin)
   create(@Body() createAdministratorDto: CreateAdministratorDto, @Req() req) {
@@ -305,14 +329,4 @@ export class AdministratorsController {
   findAll() {
     return this.administratorsService.findAll();
   }
-
-  @Get(':id')
-  findOne(@Param('id') id: string) {
-    return this.administratorsService.findOne(id);
-  }
-
-  @Delete(':id')
-  remove(@Param('id') id: string) {
-    return this.administratorsService.remove(id);
-  }
 }