Created
September 10, 2021 03:54
-
-
Save minhntm/77d48b1385d1d202ef9dc4e5914a70ae to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@Controller("invoices") | |
export class InvoicesController { | |
constructor(private readonly invoicesService: InvoicesService, private abilityFactory: AbilityFactory) {} | |
@Get(":id") | |
async findOne( | |
@Param("departmentId", ParseIntPipe) departmentId: number, | |
@Param("invoiceId", ParseIntPipe) invoiceId: number, | |
@Request() req: AuthenticatedRequest, | |
): Promise<InvoiceResponseDto> { | |
const ability = await this.abilityFactory.createForUser(req.user); | |
const condition = new Invoice(); | |
condition.departmentId = departmentId; | |
if (ability.can(PermissionAction.READ, condition)) { | |
throw new ForbiddenException("You dont have access to this resource!"); | |
} | |
// get the invoice | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment