| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117 |
- import {
- Controller,
- Put,
- Get,
- Body,
- Param,
- HttpStatus,
- NotFoundException,
- Delete,
- BadRequestException,
- Req,
- Post,
- ForbiddenException
- } from '@nestjs/common'
- import { UsersService } from './users.service'
- import { UserProfileDto } from './dto/user-profile.dto'
- import { UserUpdateDto } from './dto/user-update.dto'
- import { IUsers } from './interfaces/users.interface'
- import { ApiBearerAuth, ApiTags } from '@nestjs/swagger'
- import { HasAnyRoles, HasRoles } from '../auth/roles.decorator'
- import { Role } from '../model/role.enum'
- import { IPaginationOptions } from 'nestjs-typeorm-paginate'
- import { PageRequest } from 'src/common/dto/page-request'
- import { Users } from './entities/users.entity'
- import { UserCreateDto } from './dto/user-create.dto'
- import { In, Like } from 'typeorm'
- import { OperationLogService } from '../operation-log/operation-log.service'
- import { OperationType } from '../operation-log/entities/operation-log.entity'
- @ApiTags('users.admin')
- @Controller('/admin/users')
- @ApiBearerAuth()
- export class UsersAdminController {
- constructor(
- private readonly usersService: UsersService,
- private readonly operationLogService: OperationLogService
- ) {}
- @Post()
- public async list(@Req() req, @Body() page: PageRequest<Users>) {
- if (req.user.roles.includes('api')) {
- ;(page.search as any).where.invitor = req.user.id
- } else if (req.user.roles.includes('superApi')) {
- if (!(page.search as any).where.invitor) {
- const userIds = await this.usersService.getApiInvitesIds(req.user.id)
- ;(page.search as any).where.invitor = In(userIds)
- }
- }
- ;(page.search as any).where = (page.search as any).where || {}
- if ((page.search as any).where.username) {
- ;(page.search as any).where.username = Like(`%${(page.search as any).where.username}%`)
- }
- return await this.usersService.findAll(page)
- }
- @Put()
- @HasAnyRoles('admin', 'api', 'superApi')
- public async create(@Req() req, @Body() user: UserCreateDto) {
- if (user.roles) {
- for (const role of user.roles) {
- if (role === Role.Admin && !req.user.roles.includes((Role.Admin))) {
- throw new ForbiddenException('无权限')
- }
- if (role === Role.Api && !(req.user.roles.includes(Role.Admin) || req.user.roles.includes((Role.SuperApi)))) {
- throw new ForbiddenException('无权限')
- }
- }
- }
- const users = await this.usersService.create(user)
- await this.operationLogService.create(req, users, 'Users', OperationType.INSERT, '新增用户')
- return users
- }
- @Post('/update')
- public async update(@Body() userProfileDto: UserProfileDto, @Req() req): Promise<any> {
- if (req.user.roles.includes('user') || req.user.roles.includes('api')) {
- if (req.user.userId !== userProfileDto.id) {
- throw new BadRequestException('Permission denied!')
- }
- }
- try {
- const users = await this.usersService.update(userProfileDto)
- await this.operationLogService.create(req, users, 'Users', OperationType.UPDATE, '修改用户')
- return {
- message: 'User Updated successfully!',
- status: HttpStatus.OK
- }
- } catch (err) {
- throw new BadRequestException(err, 'Error: User not updated!')
- }
- }
- @Get('/get')
- public async get(@Req() req) {
- const user = await this.usersService.findById(req.user.userId)
- return user
- }
- @Put('/:userId')
- public async updateUser(@Param('userId') userId: string, @Body() userUpdateDto: UserUpdateDto) {
- try {
- await this.usersService.updateUser(Number(userId), userUpdateDto)
- return {
- message: 'User Updated successfully!',
- status: HttpStatus.OK
- }
- } catch (err) {
- throw new BadRequestException(err, 'Error: User not updated!')
- }
- }
- @Delete('/:userId')
- public async deleteUser(@Param('userId') userId: number): Promise<void> {
- await this.usersService.deleteUser(userId)
- }
- }
|
