ghostfolio/apps/api/src/app/order/order.controller.ts

import { nullifyValuesInObjects } from '@ghostfolio/api/helper/object.helper';
import { ImpersonationService } from '@ghostfolio/api/services/impersonation.service';
import {
  getPermissions,
  hasPermission,
  permissions
} from '@ghostfolio/common/permissions';
import { RequestWithUser } from '@ghostfolio/common/types';
import {
  Body,
  Controller,
  Delete,
  Get,
  Headers,
  HttpException,
  Inject,
  Param,
  Post,
  Put,
  UseGuards
} from '@nestjs/common';
import { REQUEST } from '@nestjs/core';
import { AuthGuard } from '@nestjs/passport';
import { Order as OrderModel } from '@prisma/client';
import { parseISO } from 'date-fns';
import { StatusCodes, getReasonPhrase } from 'http-status-codes';

import { CreateOrderDto } from './create-order.dto';
import { OrderService } from './order.service';
import { UpdateOrderDto } from './update-order.dto';

@Controller('order')
export class OrderController {
  public constructor(
    private readonly impersonationService: ImpersonationService,
    private readonly orderService: OrderService,
    @Inject(REQUEST) private readonly request: RequestWithUser
  ) {}

  @Delete(':id')
  @UseGuards(AuthGuard('jwt'))
  public async deleteOrder(@Param('id') id: string): Promise<OrderModel> {
    if (
      !hasPermission(
        getPermissions(this.request.user.role),
        permissions.deleteOrder
      )
    ) {
      throw new HttpException(
        getReasonPhrase(StatusCodes.FORBIDDEN),
        StatusCodes.FORBIDDEN
      );
    }

    return this.orderService.deleteOrder(
      {
        id_userId: {
          id,
          userId: this.request.user.id
        }
      },
      this.request.user.id
    );
  }

  @Get()
  @UseGuards(AuthGuard('jwt'))
  public async getAllOrders(
    @Headers('impersonation-id') impersonationId
  ): Promise<OrderModel[]> {
    const impersonationUserId =
      await this.impersonationService.validateImpersonationId(
        impersonationId,
        this.request.user.id
      );

    let orders = await this.orderService.orders({
      include: {
        Account: {
          include: {
            Platform: true
          }
        },
        SymbolProfile: {
          select: {
            name: true
          }
        }
      },
      orderBy: { date: 'desc' },
      where: { userId: impersonationUserId || this.request.user.id }
    });

    if (
      impersonationUserId &&
      !hasPermission(
        getPermissions(this.request.user.role),
        permissions.readForeignPortfolio
      )
    ) {
      orders = nullifyValuesInObjects(orders, ['fee', 'quantity', 'unitPrice']);
    }

    return orders;
  }

  @Get(':id')
  @UseGuards(AuthGuard('jwt'))
  public async getOrderById(@Param('id') id: string): Promise<OrderModel> {
    return this.orderService.order({
      id_userId: {
        id,
        userId: this.request.user.id
      }
    });
  }

  @Post()
  @UseGuards(AuthGuard('jwt'))
  public async createOrder(@Body() data: CreateOrderDto): Promise<OrderModel> {
    if (
      !hasPermission(
        getPermissions(this.request.user.role),
        permissions.createOrder
      )
    ) {
      throw new HttpException(
        getReasonPhrase(StatusCodes.FORBIDDEN),
        StatusCodes.FORBIDDEN
      );
    }

    const date = parseISO(data.date);

    const accountId = data.accountId;
    delete data.accountId;

    return this.orderService.createOrder(
      {
        ...data,
        Account: {
          connect: {
            id_userId: { id: accountId, userId: this.request.user.id }
          }
        },
        date,
        SymbolProfile: {
          connectOrCreate: {
            where: {
              dataSource_symbol: {
                dataSource: data.dataSource,
                symbol: data.symbol
              }
            },
            create: {
              dataSource: data.dataSource,
              symbol: data.symbol
            }
          }
        },
        User: { connect: { id: this.request.user.id } }
      },
      this.request.user.id
    );
  }

  @Put(':id')
  @UseGuards(AuthGuard('jwt'))
  public async update(@Param('id') id: string, @Body() data: UpdateOrderDto) {
    if (
      !hasPermission(
        getPermissions(this.request.user.role),
        permissions.updateOrder
      )
    ) {
      throw new HttpException(
        getReasonPhrase(StatusCodes.FORBIDDEN),
        StatusCodes.FORBIDDEN
      );
    }

    const originalOrder = await this.orderService.order({
      id_userId: {
        id,
        userId: this.request.user.id
      }
    });

    if (!originalOrder) {
      throw new HttpException(
        getReasonPhrase(StatusCodes.FORBIDDEN),
        StatusCodes.FORBIDDEN
      );
    }

    const date = parseISO(data.date);

    const accountId = data.accountId;
    delete data.accountId;

    return this.orderService.updateOrder(
      {
        data: {
          ...data,
          date,
          Account: {
            connect: {
              id_userId: { id: accountId, userId: this.request.user.id }
            }
          },
          User: { connect: { id: this.request.user.id } }
        },
        where: {
          id_userId: {
            id,
            userId: this.request.user.id
          }
        }
      },
      this.request.user.id
    );
  }
}
Feature/improve imports with paths in tsconfig (#32) * Improve imports 2021-04-21 20:27:39 +02:00			`import { nullifyValuesInObjects } from '@ghostfolio/api/helper/object.helper';`
			`import { ImpersonationService } from '@ghostfolio/api/services/impersonation.service';`
Feature/reorganize helper lib (#100) Reorganize helper lib (Move interfaces and types) * InfoItem * PortfolioItem * PortfolioOverview * PortfolioPerformance * Position * PortfolioPosition * PortfolioReport * PortfolioReportRule * User * UserSettings * DateRange * AdminData * AccessWithGranteeUser * OrderWithAccount * Granularity * UserWithSettings * RequestWithUser 2021-05-16 21:20:59 +02:00			`import {`
			`getPermissions,`
			`hasPermission,`
			`permissions`
Introduce @ghostfolio/common lib (#102) 2021-05-16 22:11:14 +02:00			`} from '@ghostfolio/common/permissions';`
			`import { RequestWithUser } from '@ghostfolio/common/types';`
Initial commit 2021-04-13 21:53:58 +02:00			`import {`
			`Body,`
			`Controller,`
			`Delete,`
			`Get,`
			`Headers,`
			`HttpException,`
			`Inject,`
			`Param,`
			`Post,`
			`Put,`
			`UseGuards`
			`} from '@nestjs/common';`
			`import { REQUEST } from '@nestjs/core';`
			`import { AuthGuard } from '@nestjs/passport';`
			`import { Order as OrderModel } from '@prisma/client';`
			`import { parseISO } from 'date-fns';`
			`import { StatusCodes, getReasonPhrase } from 'http-status-codes';`

			`import { CreateOrderDto } from './create-order.dto';`
			`import { OrderService } from './order.service';`
			`import { UpdateOrderDto } from './update-order.dto';`

			`@Controller('order')`
			`export class OrderController {`
			`public constructor(`
			`private readonly impersonationService: ImpersonationService,`
			`private readonly orderService: OrderService,`
			`@Inject(REQUEST) private readonly request: RequestWithUser`
			`) {}`

			`@Delete(':id')`
			`@UseGuards(AuthGuard('jwt'))`
			`public async deleteOrder(@Param('id') id: string): Promise<OrderModel> {`
			`if (`
			`!hasPermission(`
			`getPermissions(this.request.user.role),`
			`permissions.deleteOrder`
			`)`
			`) {`
			`throw new HttpException(`
			`getReasonPhrase(StatusCodes.FORBIDDEN),`
			`StatusCodes.FORBIDDEN`
			`);`
			`}`

			`return this.orderService.deleteOrder(`
			`{`
			`id_userId: {`
			`id,`
			`userId: this.request.user.id`
			`}`
			`},`
			`this.request.user.id`
			`);`
			`}`

			`@Get()`
			`@UseGuards(AuthGuard('jwt'))`
			`public async getAllOrders(`
			`@Headers('impersonation-id') impersonationId`
			`): Promise<OrderModel[]> {`
Drafts for orders (#187) * Render the future with a dashed border * Update changelog 2021-07-03 11:32:03 +02:00			`const impersonationUserId =`
			`await this.impersonationService.validateImpersonationId(`
			`impersonationId,`
			`this.request.user.id`
			`);`
Initial commit 2021-04-13 21:53:58 +02:00
			`let orders = await this.orderService.orders({`
			`include: {`
Feature/migration to accounts (#58) * Migrate transaction table * Add accounts page * Add account page logic 2021-05-01 12:30:52 +02:00			`Account: {`
			`include: {`
			`Platform: true`
			`}`
Feature/eliminate name from timeline position (#245) * Eliminate name from timeline position: Get the name from the symbolProfileService instead * Update changelog 2021-08-01 20:43:12 +02:00			`},`
			`SymbolProfile: {`
			`select: {`
			`name: true`
			`}`
Feature/migration to accounts (#58) * Migrate transaction table * Add accounts page * Add account page logic 2021-05-01 12:30:52 +02:00			`}`
Initial commit 2021-04-13 21:53:58 +02:00			`},`
			`orderBy: { date: 'desc' },`
			`where: { userId: impersonationUserId \|\| this.request.user.id }`
			`});`

			`if (`
			`impersonationUserId &&`
			`!hasPermission(`
			`getPermissions(this.request.user.role),`
			`permissions.readForeignPortfolio`
			`)`
			`) {`
			`orders = nullifyValuesInObjects(orders, ['fee', 'quantity', 'unitPrice']);`
			`}`

			`return orders;`
			`}`

			`@Get(':id')`
			`@UseGuards(AuthGuard('jwt'))`
			`public async getOrderById(@Param('id') id: string): Promise<OrderModel> {`
			`return this.orderService.order({`
			`id_userId: {`
			`id,`
			`userId: this.request.user.id`
			`}`
			`});`
			`}`

			`@Post()`
			`@UseGuards(AuthGuard('jwt'))`
			`public async createOrder(@Body() data: CreateOrderDto): Promise<OrderModel> {`
			`if (`
			`!hasPermission(`
			`getPermissions(this.request.user.role),`
			`permissions.createOrder`
			`)`
			`) {`
			`throw new HttpException(`
			`getReasonPhrase(StatusCodes.FORBIDDEN),`
			`StatusCodes.FORBIDDEN`
			`);`
			`}`

			`const date = parseISO(data.date);`

Prepare for multi accounts support: store account for new transactions (#46) 2021-04-25 21:22:35 +02:00			`const accountId = data.accountId;`
			`delete data.accountId;`

Feature/eliminate platform from order (#63) * Eliminate platform from order * Update changelog 2021-05-03 21:19:56 +02:00			`return this.orderService.createOrder(`
			`{`
			`...data,`
			`Account: {`
			`connect: {`
			`id_userId: { id: accountId, userId: this.request.user.id }`
			`}`
Initial commit 2021-04-13 21:53:58 +02:00			`},`
Feature/connect or create logic for symbol profile (#153) * Add connectOrCreate logic * Extend seed * Update changelog 2021-06-09 20:35:02 +02:00			`date,`
			`SymbolProfile: {`
			`connectOrCreate: {`
			`where: {`
			`dataSource_symbol: {`
			`dataSource: data.dataSource,`
			`symbol: data.symbol`
			`}`
			`},`
			`create: {`
			`dataSource: data.dataSource,`
			`symbol: data.symbol`
			`}`
			`}`
			`},`
Feature/eliminate platform from order (#63) * Eliminate platform from order * Update changelog 2021-05-03 21:19:56 +02:00			`User: { connect: { id: this.request.user.id } }`
			`},`
			`this.request.user.id`
			`);`
Initial commit 2021-04-13 21:53:58 +02:00			`}`

			`@Put(':id')`
			`@UseGuards(AuthGuard('jwt'))`
			`public async update(@Param('id') id: string, @Body() data: UpdateOrderDto) {`
			`if (`
			`!hasPermission(`
			`getPermissions(this.request.user.role),`
			`permissions.updateOrder`
			`)`
			`) {`
			`throw new HttpException(`
			`getReasonPhrase(StatusCodes.FORBIDDEN),`
			`StatusCodes.FORBIDDEN`
			`);`
			`}`

			`const originalOrder = await this.orderService.order({`
			`id_userId: {`
			`id,`
			`userId: this.request.user.id`
			`}`
			`});`

Feature/create and update accounts (#60) * Allow to create and update accounts * Activate account selector in transaction dialog * Refactor analytics and report from platforms to accounts 2021-05-02 21:18:52 +02:00			`if (!originalOrder) {`
			`throw new HttpException(`
			`getReasonPhrase(StatusCodes.FORBIDDEN),`
			`StatusCodes.FORBIDDEN`
			`);`
			`}`

Initial commit 2021-04-13 21:53:58 +02:00			`const date = parseISO(data.date);`

Prepare for multi accounts support: store account for new transactions (#46) 2021-04-25 21:22:35 +02:00			`const accountId = data.accountId;`
			`delete data.accountId;`

Feature/eliminate platform from order (#63) * Eliminate platform from order * Update changelog 2021-05-03 21:19:56 +02:00			`return this.orderService.updateOrder(`
			`{`
			`data: {`
			`...data,`
			`date,`
			`Account: {`
			`connect: {`
			`id_userId: { id: accountId, userId: this.request.user.id }`
Initial commit 2021-04-13 21:53:58 +02:00			`}`
			`},`
Feature/eliminate platform from order (#63) * Eliminate platform from order * Update changelog 2021-05-03 21:19:56 +02:00			`User: { connect: { id: this.request.user.id } }`
Initial commit 2021-04-13 21:53:58 +02:00			`},`
Feature/eliminate platform from order (#63) * Eliminate platform from order * Update changelog 2021-05-03 21:19:56 +02:00			`where: {`
			`id_userId: {`
			`id,`
			`userId: this.request.user.id`
			`}`
			`}`
			`},`
			`this.request.user.id`
			`);`
Initial commit 2021-04-13 21:53:58 +02:00			`}`
			`}`