#2820 Grant private access (#2822)

* Grant private access * Update changelog
2024-01-06 10:27:21 +01:00
parent 6a048cee85
commit 62f85293e2
10 changed files with 99 additions and 36 deletions
--- a/apps/api/src/app/access/access.controller.ts
+++ b/apps/api/src/app/access/access.controller.ts
@@ -1,5 +1,6 @@
 import { HasPermission } from '@ghostfolio/api/decorators/has-permission.decorator';
 import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';
+import { ConfigurationService } from '@ghostfolio/api/services/configuration/configuration.service';
 import { Access } from '@ghostfolio/common/interfaces';
 import { permissions } from '@ghostfolio/common/permissions';
 import type { RequestWithUser } from '@ghostfolio/common/types';
@@ -26,6 +27,7 @@ import { CreateAccessDto } from './create-access.dto';
 export class AccessController {
  public constructor(
    private readonly accessService: AccessService,
+    private readonly configurationService: ConfigurationService,
    @Inject(REQUEST) private readonly request: RequestWithUser
  ) {}

@@ -65,13 +67,30 @@ export class AccessController {
  public async createAccess(
    @Body() data: CreateAccessDto
  ): Promise<AccessModel> {
-    return this.accessService.createAccess({
-      alias: data.alias || undefined,
-      GranteeUser: data.granteeUserId
-        ? { connect: { id: data.granteeUserId } }
-        : undefined,
-      User: { connect: { id: this.request.user.id } }
-    });
+    if (
+      this.configurationService.get('ENABLE_FEATURE_SUBSCRIPTION') &&
+      this.request.user.subscription.type === 'Basic'
+    ) {
+      throw new HttpException(
+        getReasonPhrase(StatusCodes.FORBIDDEN),
+        StatusCodes.FORBIDDEN
+      );
+    }
+
+    try {
+      return await this.accessService.createAccess({
+        alias: data.alias || undefined,
+        GranteeUser: data.granteeUserId
+          ? { connect: { id: data.granteeUserId } }
+          : undefined,
+        User: { connect: { id: this.request.user.id } }
+      });
+    } catch {
+      throw new HttpException(
+        getReasonPhrase(StatusCodes.BAD_REQUEST),
+        StatusCodes.BAD_REQUEST
+      );
+    }
  }

  @Delete(':id')
--- a/apps/api/src/app/access/access.module.ts
+++ b/apps/api/src/app/access/access.module.ts
@@ -1,3 +1,4 @@
+import { ConfigurationModule } from '@ghostfolio/api/services/configuration/configuration.module';
 import { PrismaModule } from '@ghostfolio/api/services/prisma/prisma.module';
 import { Module } from '@nestjs/common';

@@ -7,7 +8,7 @@ import { AccessService } from './access.service';
@Module({
  controllers: [AccessController],
  exports: [AccessService],
-  imports: [PrismaModule],
+  imports: [ConfigurationModule, PrismaModule],
  providers: [AccessService]
 })
 export class AccessModule {}
--- a/apps/api/src/app/access/create-access.dto.ts
+++ b/apps/api/src/app/access/create-access.dto.ts
@@ -1,4 +1,4 @@
-import { IsOptional, IsString } from 'class-validator';
+import { IsOptional, IsString, IsUUID } from 'class-validator';

 export class CreateAccessDto {
  @IsOptional()
@@ -6,7 +6,7 @@ export class CreateAccessDto {
  alias?: string;

  @IsOptional()
-  @IsString()
+  @IsUUID()
  granteeUserId?: string;

  @IsOptional()