feat(server): granular permissions for api keys (#11824)

feat(server): api auth permissions
2025-12-24 01:11:32 +03:00 · 2024-08-16 09:48:43 -04:00
parent a372b56d44
commit f230b3aa42
43 changed files with 817 additions and 135 deletions
--- a/server/src/controllers/library.controller.ts
+++ b/server/src/controllers/library.controller.ts
@@ -9,6 +9,7 @@ import {
  ValidateLibraryDto,
  ValidateLibraryResponseDto,
 } from 'src/dtos/library.dto';
+import { Permission } from 'src/enum';
 import { Authenticated } from 'src/middleware/auth.guard';
 import { LibraryService } from 'src/services/library.service';
 import { UUIDParamDto } from 'src/validation';
@@ -19,25 +20,25 @@ export class LibraryController {
  constructor(private service: LibraryService) {}

  @Get()
-  @Authenticated({ admin: true })
+  @Authenticated({ permission: Permission.LIBRARY_READ, admin: true })
  getAllLibraries(): Promise<LibraryResponseDto[]> {
    return this.service.getAll();
  }

  @Post()
-  @Authenticated({ admin: true })
+  @Authenticated({ permission: Permission.LIBRARY_CREATE, admin: true })
  createLibrary(@Body() dto: CreateLibraryDto): Promise<LibraryResponseDto> {
    return this.service.create(dto);
  }

  @Put(':id')
-  @Authenticated({ admin: true })
+  @Authenticated({ permission: Permission.LIBRARY_UPDATE, admin: true })
  updateLibrary(@Param() { id }: UUIDParamDto, @Body() dto: UpdateLibraryDto): Promise<LibraryResponseDto> {
    return this.service.update(id, dto);
  }

  @Get(':id')
-  @Authenticated({ admin: true })
+  @Authenticated({ permission: Permission.LIBRARY_READ, admin: true })
  getLibrary(@Param() { id }: UUIDParamDto): Promise<LibraryResponseDto> {
    return this.service.get(id);
  }
@@ -52,13 +53,13 @@ export class LibraryController {

  @Delete(':id')
  @HttpCode(HttpStatus.NO_CONTENT)
-  @Authenticated({ admin: true })
+  @Authenticated({ permission: Permission.LIBRARY_DELETE, admin: true })
  deleteLibrary(@Param() { id }: UUIDParamDto): Promise<void> {
    return this.service.delete(id);
  }

  @Get(':id/statistics')
-  @Authenticated({ admin: true })
+  @Authenticated({ permission: Permission.LIBRARY_STATISTICS, admin: true })
  getLibraryStatistics(@Param() { id }: UUIDParamDto): Promise<LibraryStatsResponseDto> {
    return this.service.getStatistics(id);
  }