Skip to content

Instantly share code, notes, and snippets.

@minhntm
Created September 10, 2021 03:54
Show Gist options
  • Save minhntm/77d48b1385d1d202ef9dc4e5914a70ae to your computer and use it in GitHub Desktop.
Save minhntm/77d48b1385d1d202ef9dc4e5914a70ae to your computer and use it in GitHub Desktop.
@Controller("invoices")
export class InvoicesController {
constructor(private readonly invoicesService: InvoicesService, private abilityFactory: AbilityFactory) {}
@Get(":id")
async findOne(
@Param("departmentId", ParseIntPipe) departmentId: number,
@Param("invoiceId", ParseIntPipe) invoiceId: number,
@Request() req: AuthenticatedRequest,
): Promise<InvoiceResponseDto> {
const ability = await this.abilityFactory.createForUser(req.user);
const condition = new Invoice();
condition.departmentId = departmentId;
if (ability.can(PermissionAction.READ, condition)) {
throw new ForbiddenException("You dont have access to this resource!");
}
// get the invoice
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment