Implemented SubscriptionAccessInterceptor using service rather than p…

…ipe.

src/api/subscriptions/subscriptions.controller.ts

@@ -48,9 +48,7 @@ import { CreateSubscriptionDto } from './dto/create-subscription.dto';
 import { UpdateSubscriptionDto } from './dto/update-subscription.dto';
 import { Subscription } from './entities/subscription.entity';
 import { SubscriptionAfterRemoteInterceptor } from './subscription-after-remote.interceptor';
-import { SubscriptionsQueryTransformPipe } from './subscriptions-query-transform.pipe';
 import { SubscriptionsService } from './subscriptions.service';
-// todo: apply SubscriptionsQueryTransformPipe for find, findOne, updateAll, deleteAll
 
 @Controller('subscriptions')
 @ApiTags('subscription')
@@ -72,10 +70,10 @@ export class SubscriptionsController extends BaseController {
   @Roles(Role.SuperAdmin, Role.Admin, Role.AuthenticatedUser)
   async count(
     @Req() req,
-    @JsonQuery('where', SubscriptionsQueryTransformPipe)
+    @JsonQuery('where')
     where?: FilterQuery<Subscription>,
   ) {
-    return this.subscriptionsService.count(where);
+    return this.subscriptionsService.count(req, where);
   }
 
   @Roles(Role.SuperAdmin, Role.Admin, Role.AuthenticatedUser)
@@ -148,7 +146,7 @@ export class SubscriptionsController extends BaseController {
       const phoneNumberRegex = new RegExp(phoneNumberArr.join('-?'));
       where.userChannelId = phoneNumberRegex;
     }
-    const subscription = await this.subscriptionsService.findOne({
+    const subscription = await this.subscriptionsService.findOne(req, {
       where,
     });
     if (!subscription) {
@@ -182,7 +180,9 @@ export class SubscriptionsController extends BaseController {
     @Query('unsubscriptionCode')
     unsubscriptionCode?: string,
   ): Promise<void> {
-    const instance = await this.subscriptionsService.findOne({ where: { id } });
+    const instance = await this.subscriptionsService.findOne(req, {
+      where: { id },
+    });
     if (!instance) throw new HttpException(undefined, HttpStatus.NOT_FOUND);
     const mergedSubscriptionConfig = await this.getMergedConfig(
       'subscription',
@@ -321,7 +321,7 @@ export class SubscriptionsController extends BaseController {
     @Query('replace')
     replace?: boolean,
   ): Promise<void> {
-    let instance = (await this.subscriptionsService.findOne({
+    let instance = (await this.subscriptionsService.findOne(req, {
       where: { id },
     })) as Subscription;
     if (!instance) throw new HttpException(undefined, HttpStatus.NOT_FOUND);
@@ -409,7 +409,7 @@ export class SubscriptionsController extends BaseController {
         },
         req,
       );
-      instance = (await this.subscriptionsService.findOne({
+      instance = (await this.subscriptionsService.findOne(req, {
         where: { id },
       })) as Subscription;
     } catch (err) {
@@ -447,7 +447,9 @@ export class SubscriptionsController extends BaseController {
     @Param('id') id: string,
     @Body() subscription: UpdateSubscriptionDto,
   ): Promise<Subscription> {
-    const instance = await this.subscriptionsService.findOne({ where: { id } });
+    const instance = await this.subscriptionsService.findOne(req, {
+      where: { id },
+    });
     if (!instance) throw new HttpException(undefined, HttpStatus.NOT_FOUND);
     const filteredData = merge({}, instance);
     if (
@@ -516,7 +518,7 @@ export class SubscriptionsController extends BaseController {
     @Query('additionalServices', ParseArrayPipe)
     additionalServices?: string[],
   ): Promise<void> {
-    let instance = await this.subscriptionsService.findOne({
+    let instance = await this.subscriptionsService.findOne(req, {
       where: { id },
     });
     if (!instance) throw new HttpException(undefined, HttpStatus.NOT_FOUND);
@@ -624,7 +626,7 @@ export class SubscriptionsController extends BaseController {
           },
           undefined,
         );
-        instance = (await this.subscriptionsService.findOne({
+        instance = (await this.subscriptionsService.findOne(req, {
           where: { id },
         })) as Subscription;
         if (!instance) throw new HttpException(undefined, HttpStatus.NOT_FOUND);
@@ -642,7 +644,7 @@ export class SubscriptionsController extends BaseController {
       }
       const getAdditionalServiceIds = async (): Promise<AdditionalServices> => {
         if (additionalServices.length > 1) {
-          const res = await this.subscriptionsService.findAll({
+          const res = await this.subscriptionsService.findAll(req, {
             fields: { id: true, serviceName: true },
             where: {
               serviceName: {
@@ -659,7 +661,7 @@ export class SubscriptionsController extends BaseController {
         }
         if (additionalServices.length === 1) {
           if (additionalServices[0] !== '_all') {
-            const res = await this.subscriptionsService.findAll({
+            const res = await this.subscriptionsService.findAll(req, {
               fields: { id: true, serviceName: true },
               where: {
                 serviceName: additionalServices[0],
@@ -673,7 +675,7 @@ export class SubscriptionsController extends BaseController {
             };
           }
           // get all subscribed services
-          const res = await this.subscriptionsService.findAll({
+          const res = await this.subscriptionsService.findAll(req, {
             fields: { id: true, serviceName: true },
             where: {
               userChannelId: instance.userChannelId,
@@ -763,10 +765,11 @@ export class SubscriptionsController extends BaseController {
   })
   @ApiFilterJsonQuery()
   async find(
-    @JsonQuery('filter', SubscriptionsQueryTransformPipe)
+    @Req() req,
+    @JsonQuery('filter')
     filter: FilterDto<Subscription>,
   ): Promise<Subscription[]> {
-    return this.subscriptionsService.findAll(filter);
+    return this.subscriptionsService.findAll(req, filter);
   }
 
   private async handleConfirmationRequest(

src/api/subscriptions/subscriptions.service.ts

@@ -1,7 +1,12 @@
 import { Injectable } from '@nestjs/common';
 import { InjectModel } from '@nestjs/mongoose';
+import { Request } from 'express';
 import { FilterQuery, Model } from 'mongoose';
+import { Role } from 'src/auth/constants';
+import { UserProfile } from 'src/auth/dto/user-profile.dto';
 import { BaseService } from '../common/base.service';
+import { CountDto } from '../common/dto/count.dto';
+import { FilterDto } from '../common/dto/filter.dto';
 import { Subscription } from './entities/subscription.entity';
 
 @Injectable()
@@ -16,4 +21,55 @@ export class SubscriptionsService extends BaseService<Subscription> {
   distinct(field: string, filter?: FilterQuery<Subscription>) {
     return this.model.distinct(field, filter).exec();
   }
+
+  accessInterceptor(
+    req: Request & { user: UserProfile },
+    where: FilterQuery<Subscription>,
+  ): FilterQuery<Subscription> {
+    if (req.user?.role !== Role.AuthenticatedUser) return where;
+    return {
+      $and: [where || {}, { userId: req.user.securityId }],
+    };
+  }
+
+  async count(
+    req: Request & { user: UserProfile },
+    where?: FilterQuery<Subscription>,
+  ): Promise<CountDto> {
+    where = this.accessInterceptor(req, where);
+    return super.count(where);
+  }
+
+  findAll(
+    req: Request & { user: UserProfile },
+    filter: FilterDto<Subscription> = {},
+  ) {
+    filter.where = this.accessInterceptor(req, filter.where);
+    return super.findAll(filter);
+  }
+
+  async findOne(
+    req: Request & { user: UserProfile },
+    filter: FilterDto<Subscription> = {},
+  ): Promise<Subscription> {
+    filter.where = this.accessInterceptor(req, filter.where);
+    return super.findOne(filter);
+  }
+
+  updateAll(
+    updateDto,
+    where: FilterQuery<Subscription> | null,
+    req: Request & { user: UserProfile },
+  ) {
+    where = this.accessInterceptor(req, where);
+    return super.updateAll(updateDto, where, req);
+  }
+
+  async removeAll(
+    req: Request & { user: UserProfile },
+    where?: FilterQuery<Subscription>,
+  ) {
+    where = this.accessInterceptor(req, where);
+    return super.removeAll(where);
+  }
 }