ghostfolio/apps/api/src/app/order/order.controller.ts

import { UserService } from '@ghostfolio/api/app/user/user.service';
import { nullifyValuesInObjects } from '@ghostfolio/api/helper/object.helper';
import { ImpersonationService } from '@ghostfolio/api/services/impersonation.service';
import { hasPermission, permissions } from '@ghostfolio/common/permissions';
import type { RequestWithUser } from '@ghostfolio/common/types';
import {
  Body,
  Controller,
  Delete,
  Get,
  Headers,
  HttpException,
  Inject,
  Param,
  Post,
  Put,
  UseGuards
} from '@nestjs/common';
import { REQUEST } from '@nestjs/core';
import { AuthGuard } from '@nestjs/passport';
import { Order as OrderModel } from '@prisma/client';
import { parseISO } from 'date-fns';
import { StatusCodes, getReasonPhrase } from 'http-status-codes';

import { CreateOrderDto } from './create-order.dto';
import { Activities } from './interfaces/activities.interface';
import { OrderService } from './order.service';
import { UpdateOrderDto } from './update-order.dto';

@Controller('order')
export class OrderController {
  public constructor(
    private readonly impersonationService: ImpersonationService,
    private readonly orderService: OrderService,
    @Inject(REQUEST) private readonly request: RequestWithUser,
    private readonly userService: UserService
  ) {}

  @Delete(':id')
  @UseGuards(AuthGuard('jwt'))
  public async deleteOrder(@Param('id') id: string): Promise<OrderModel> {
    if (
      !hasPermission(this.request.user.permissions, permissions.deleteOrder)
    ) {
      throw new HttpException(
        getReasonPhrase(StatusCodes.FORBIDDEN),
        StatusCodes.FORBIDDEN
      );
    }

    return this.orderService.deleteOrder({
      id_userId: {
        id,
        userId: this.request.user.id
      }
    });
  }

  @Get()
  @UseGuards(AuthGuard('jwt'))
  public async getAllOrders(
    @Headers('impersonation-id') impersonationId
  ): Promise<Activities> {
    const impersonationUserId =
      await this.impersonationService.validateImpersonationId(
        impersonationId,
        this.request.user.id
      );
    const userCurrency = this.request.user.Settings.currency;

    let activities = await this.orderService.getOrders({
      userCurrency,
      includeDrafts: true,
      userId: impersonationUserId || this.request.user.id
    });

    if (
      impersonationUserId ||
      this.userService.isRestrictedView(this.request.user)
    ) {
      activities = nullifyValuesInObjects(activities, [
        'fee',
        'feeInBaseCurrency',
        'quantity',
        'unitPrice',
        'value',
        'valueInBaseCurrency'
      ]);
    }

    return { activities };
  }

  @Get(':id')
  @UseGuards(AuthGuard('jwt'))
  public async getOrderById(@Param('id') id: string): Promise<OrderModel> {
    return this.orderService.order({
      id_userId: {
        id,
        userId: this.request.user.id
      }
    });
  }

  @Post()
  @UseGuards(AuthGuard('jwt'))
  public async createOrder(@Body() data: CreateOrderDto): Promise<OrderModel> {
    if (
      !hasPermission(this.request.user.permissions, permissions.createOrder)
    ) {
      throw new HttpException(
        getReasonPhrase(StatusCodes.FORBIDDEN),
        StatusCodes.FORBIDDEN
      );
    }

    const date = parseISO(data.date);

    const accountId = data.accountId;
    delete data.accountId;

    return this.orderService.createOrder({
      ...data,
      date,
      Account: {
        connect: {
          id_userId: { id: accountId, userId: this.request.user.id }
        }
      },
      SymbolProfile: {
        connectOrCreate: {
          create: {
            dataSource: data.dataSource,
            symbol: data.symbol
          },
          where: {
            dataSource_symbol: {
              dataSource: data.dataSource,
              symbol: data.symbol
            }
          }
        }
      },
      User: { connect: { id: this.request.user.id } }
    });
  }

  @Put(':id')
  @UseGuards(AuthGuard('jwt'))
  public async update(@Param('id') id: string, @Body() data: UpdateOrderDto) {
    if (
      !hasPermission(this.request.user.permissions, permissions.updateOrder)
    ) {
      throw new HttpException(
        getReasonPhrase(StatusCodes.FORBIDDEN),
        StatusCodes.FORBIDDEN
      );
    }

    const originalOrder = await this.orderService.order({
      id_userId: {
        id,
        userId: this.request.user.id
      }
    });

    if (!originalOrder) {
      throw new HttpException(
        getReasonPhrase(StatusCodes.FORBIDDEN),
        StatusCodes.FORBIDDEN
      );
    }

    const date = parseISO(data.date);

    const accountId = data.accountId;
    delete data.accountId;

    return this.orderService.updateOrder({
      data: {
        ...data,
        date,
        Account: {
          connect: {
            id_userId: { id: accountId, userId: this.request.user.id }
          }
        },
        User: { connect: { id: this.request.user.id } }
      },
      where: {
        id_userId: {
          id,
          userId: this.request.user.id
        }
      }
    });
  }
}
Feature/add restricted view (#295) * Add restricted view * Update changelog 2021-08-16 21:40:29 +02:00			`import { UserService } from '@ghostfolio/api/app/user/user.service';`
Feature/improve imports with paths in tsconfig (#32) * Improve imports 2021-04-21 20:27:39 +02:00			`import { nullifyValuesInObjects } from '@ghostfolio/api/helper/object.helper';`
			`import { ImpersonationService } from '@ghostfolio/api/services/impersonation.service';`
Feature/read only mode (#520) * Setup read only mode and update permissions dynamically * Update changelog 2021-12-07 20:24:15 +01:00			`import { hasPermission, permissions } from '@ghostfolio/common/permissions';`
Use 'import type' to import types, eliminate webpack warnings (#358) 2021-09-11 09:27:22 +02:00			`import type { RequestWithUser } from '@ghostfolio/common/types';`
Initial commit 2021-04-13 21:53:58 +02:00			`import {`
			`Body,`
			`Controller,`
			`Delete,`
			`Get,`
			`Headers,`
			`HttpException,`
			`Inject,`
			`Param,`
			`Post,`
			`Put,`
			`UseGuards`
			`} from '@nestjs/common';`
			`import { REQUEST } from '@nestjs/core';`
			`import { AuthGuard } from '@nestjs/passport';`
			`import { Order as OrderModel } from '@prisma/client';`
			`import { parseISO } from 'date-fns';`
			`import { StatusCodes, getReasonPhrase } from 'http-status-codes';`

			`import { CreateOrderDto } from './create-order.dto';`
Feature/add summary row to activities table (#645) * Add summary row to activities table * Update changelog 2022-01-23 11:39:30 +01:00			`import { Activities } from './interfaces/activities.interface';`
Initial commit 2021-04-13 21:53:58 +02:00			`import { OrderService } from './order.service';`
			`import { UpdateOrderDto } from './update-order.dto';`

			`@Controller('order')`
			`export class OrderController {`
			`public constructor(`
			`private readonly impersonationService: ImpersonationService,`
			`private readonly orderService: OrderService,`
Feature/add restricted view (#295) * Add restricted view * Update changelog 2021-08-16 21:40:29 +02:00			`@Inject(REQUEST) private readonly request: RequestWithUser,`
			`private readonly userService: UserService`
Initial commit 2021-04-13 21:53:58 +02:00			`) {}`

			`@Delete(':id')`
			`@UseGuards(AuthGuard('jwt'))`
			`public async deleteOrder(@Param('id') id: string): Promise<OrderModel> {`
			`if (`
Feature/read only mode (#520) * Setup read only mode and update permissions dynamically * Update changelog 2021-12-07 20:24:15 +01:00			`!hasPermission(this.request.user.permissions, permissions.deleteOrder)`
Initial commit 2021-04-13 21:53:58 +02:00			`) {`
			`throw new HttpException(`
			`getReasonPhrase(StatusCodes.FORBIDDEN),`
			`StatusCodes.FORBIDDEN`
			`);`
			`}`

Feature/improve support for draft transactions (#265) * Improve support for draft transactions * Update changelog 2021-08-07 20:52:55 +02:00			`return this.orderService.deleteOrder({`
			`id_userId: {`
			`id,`
			`userId: this.request.user.id`
			`}`
			`});`
Initial commit 2021-04-13 21:53:58 +02:00			`}`

			`@Get()`
			`@UseGuards(AuthGuard('jwt'))`
			`public async getAllOrders(`
			`@Headers('impersonation-id') impersonationId`
Feature/add summary row to activities table (#645) * Add summary row to activities table * Update changelog 2022-01-23 11:39:30 +01:00			`): Promise<Activities> {`
Drafts for orders (#187) * Render the future with a dashed border * Update changelog 2021-07-03 11:32:03 +02:00			`const impersonationUserId =`
			`await this.impersonationService.validateImpersonationId(`
			`impersonationId,`
			`this.request.user.id`
			`);`
Feature/add summary row to activities table (#645) * Add summary row to activities table * Update changelog 2022-01-23 11:39:30 +01:00			`const userCurrency = this.request.user.Settings.currency;`
Initial commit 2021-04-13 21:53:58 +02:00
Feature/add summary row to activities table (#645) * Add summary row to activities table * Update changelog 2022-01-23 11:39:30 +01:00			`let activities = await this.orderService.getOrders({`
			`userCurrency,`
Feature/add transactions to position detail dialog (#591) * Add transactions to position detail dialog * Update changelog 2021-12-28 17:45:04 +01:00			`includeDrafts: true,`
			`userId: impersonationUserId \|\| this.request.user.id`
Initial commit 2021-04-13 21:53:58 +02:00			`});`

Feature/add restricted view (#295) * Add restricted view * Update changelog 2021-08-16 21:40:29 +02:00			`if (`
			`impersonationUserId \|\|`
			`this.userService.isRestrictedView(this.request.user)`
			`) {`
Feature/add summary row to activities table (#645) * Add summary row to activities table * Update changelog 2022-01-23 11:39:30 +01:00			`activities = nullifyValuesInObjects(activities, [`
Feature/add transactions to position detail dialog (#591) * Add transactions to position detail dialog * Update changelog 2021-12-28 17:45:04 +01:00			`'fee',`
Feature/add summary row to activities table (#645) * Add summary row to activities table * Update changelog 2022-01-23 11:39:30 +01:00			`'feeInBaseCurrency',`
Feature/add transactions to position detail dialog (#591) * Add transactions to position detail dialog * Update changelog 2021-12-28 17:45:04 +01:00			`'quantity',`
			`'unitPrice',`
Feature/add summary row to activities table (#645) * Add summary row to activities table * Update changelog 2022-01-23 11:39:30 +01:00			`'value',`
			`'valueInBaseCurrency'`
Feature/add transactions to position detail dialog (#591) * Add transactions to position detail dialog * Update changelog 2021-12-28 17:45:04 +01:00			`]);`
Initial commit 2021-04-13 21:53:58 +02:00			`}`

Feature/add summary row to activities table (#645) * Add summary row to activities table * Update changelog 2022-01-23 11:39:30 +01:00			`return { activities };`
Initial commit 2021-04-13 21:53:58 +02:00			`}`

			`@Get(':id')`
			`@UseGuards(AuthGuard('jwt'))`
			`public async getOrderById(@Param('id') id: string): Promise<OrderModel> {`
			`return this.orderService.order({`
			`id_userId: {`
			`id,`
			`userId: this.request.user.id`
			`}`
			`});`
			`}`

			`@Post()`
			`@UseGuards(AuthGuard('jwt'))`
			`public async createOrder(@Body() data: CreateOrderDto): Promise<OrderModel> {`
			`if (`
Feature/read only mode (#520) * Setup read only mode and update permissions dynamically * Update changelog 2021-12-07 20:24:15 +01:00			`!hasPermission(this.request.user.permissions, permissions.createOrder)`
Initial commit 2021-04-13 21:53:58 +02:00			`) {`
			`throw new HttpException(`
			`getReasonPhrase(StatusCodes.FORBIDDEN),`
			`StatusCodes.FORBIDDEN`
			`);`
			`}`

			`const date = parseISO(data.date);`

Prepare for multi accounts support: store account for new transactions (#46) 2021-04-25 21:22:35 +02:00			`const accountId = data.accountId;`
			`delete data.accountId;`

Feature/improve support for draft transactions (#265) * Improve support for draft transactions * Update changelog 2021-08-07 20:52:55 +02:00			`return this.orderService.createOrder({`
			`...data,`
Bugfix/fix missing symbol profile data connection in import (#630) * Fix missing symbol profile data connection in import * Update changelog 2022-01-16 15:31:56 +01:00			`date,`
Feature/improve support for draft transactions (#265) * Improve support for draft transactions * Update changelog 2021-08-07 20:52:55 +02:00			`Account: {`
			`connect: {`
			`id_userId: { id: accountId, userId: this.request.user.id }`
			`}`
			`},`
			`SymbolProfile: {`
			`connectOrCreate: {`
Bugfix/fix missing symbol profile data connection in import (#630) * Fix missing symbol profile data connection in import * Update changelog 2022-01-16 15:31:56 +01:00			`create: {`
			`dataSource: data.dataSource,`
			`symbol: data.symbol`
			`},`
Feature/improve support for draft transactions (#265) * Improve support for draft transactions * Update changelog 2021-08-07 20:52:55 +02:00			`where: {`
			`dataSource_symbol: {`
Feature/connect or create logic for symbol profile (#153) * Add connectOrCreate logic * Extend seed * Update changelog 2021-06-09 20:35:02 +02:00			`dataSource: data.dataSource,`
			`symbol: data.symbol`
			`}`
			`}`
Feature/improve support for draft transactions (#265) * Improve support for draft transactions * Update changelog 2021-08-07 20:52:55 +02:00			`}`
Feature/eliminate platform from order (#63) * Eliminate platform from order * Update changelog 2021-05-03 21:19:56 +02:00			`},`
Feature/improve support for draft transactions (#265) * Improve support for draft transactions * Update changelog 2021-08-07 20:52:55 +02:00			`User: { connect: { id: this.request.user.id } }`
			`});`
Initial commit 2021-04-13 21:53:58 +02:00			`}`

			`@Put(':id')`
			`@UseGuards(AuthGuard('jwt'))`
			`public async update(@Param('id') id: string, @Body() data: UpdateOrderDto) {`
			`if (`
Feature/read only mode (#520) * Setup read only mode and update permissions dynamically * Update changelog 2021-12-07 20:24:15 +01:00			`!hasPermission(this.request.user.permissions, permissions.updateOrder)`
Initial commit 2021-04-13 21:53:58 +02:00			`) {`
			`throw new HttpException(`
			`getReasonPhrase(StatusCodes.FORBIDDEN),`
			`StatusCodes.FORBIDDEN`
			`);`
			`}`

			`const originalOrder = await this.orderService.order({`
			`id_userId: {`
			`id,`
			`userId: this.request.user.id`
			`}`
			`});`

Feature/create and update accounts (#60) * Allow to create and update accounts * Activate account selector in transaction dialog * Refactor analytics and report from platforms to accounts 2021-05-02 21:18:52 +02:00			`if (!originalOrder) {`
			`throw new HttpException(`
			`getReasonPhrase(StatusCodes.FORBIDDEN),`
			`StatusCodes.FORBIDDEN`
			`);`
			`}`

Initial commit 2021-04-13 21:53:58 +02:00			`const date = parseISO(data.date);`

Prepare for multi accounts support: store account for new transactions (#46) 2021-04-25 21:22:35 +02:00			`const accountId = data.accountId;`
			`delete data.accountId;`

Feature/improve support for draft transactions (#265) * Improve support for draft transactions * Update changelog 2021-08-07 20:52:55 +02:00			`return this.orderService.updateOrder({`
			`data: {`
			`...data,`
			`date,`
			`Account: {`
			`connect: {`
			`id_userId: { id: accountId, userId: this.request.user.id }`
Feature/eliminate platform from order (#63) * Eliminate platform from order * Update changelog 2021-05-03 21:19:56 +02:00			`}`
Feature/improve support for draft transactions (#265) * Improve support for draft transactions * Update changelog 2021-08-07 20:52:55 +02:00			`},`
			`User: { connect: { id: this.request.user.id } }`
Feature/eliminate platform from order (#63) * Eliminate platform from order * Update changelog 2021-05-03 21:19:56 +02:00			`},`
Feature/improve support for draft transactions (#265) * Improve support for draft transactions * Update changelog 2021-08-07 20:52:55 +02:00			`where: {`
			`id_userId: {`
			`id,`
			`userId: this.request.user.id`
			`}`
			`}`
			`});`
Initial commit 2021-04-13 21:53:58 +02:00			`}`
			`}`