Story/alokasi topik dosbim

Story

SP04-08 - [BE] Daftar topik (POV dosen pembimbing)

Details

Expose endpoint topik ke dosbim

Important Checks

Ceklis kalo kalian mengubah/menambahkan:

• Menambahkan env baru
• Mengubah skema basis data

Endpoints

Method	Endpoint	Keterangan
POST	/alokasi-topik	kl dosbim, jadi ngecek idPengaju=id dia
GET	/alokasi-topik	expose ke dosbim
GET	/alokasi-topik/:id	expose ke dosbim
PUT	/alokasi-topik/:id	kl dosbim, jadi ngecek idPengaju=id dia dan apakah topik itu emang punya dia
DELETE	/alokasi-topik/:id	kl dosbim, jadi ngecek idPengaju=id dia dan apakah topik itu emang punya dia

Proof

Method	Endpoint	Proof
POST	/alokasi-topik
GET	/alokasi-topik
GET	/alokasi-topik/:id
PUT	/alokasi-topik/:id
DELETE	/alokasi-topik/:id

src/alokasi-topik/alokasi-topik.controller.ts

 import {
+  BadRequestException,
   Body,
   Controller,
   Delete,
@@ -8,12 +9,15 @@ import {
   Post,
   Put,
   Query,
+  Req,
   UseGuards,
 } from "@nestjs/common";
 import {
   ApiBearerAuth,
   ApiCookieAuth,
+  ApiCreatedResponse,
   ApiOkResponse,
+  ApiOperation,
   ApiTags,
 } from "@nestjs/swagger";
 import { RoleEnum } from "src/entities/pengguna.entity";
@@ -22,7 +26,7 @@ import { Roles } from "src/middlewares/roles.decorator";
 import { RolesGuard } from "src/middlewares/roles.guard";
 import {
   CreateBulkTopikDto,
-  CreateRespDto,
+  TopikIdRespDto,
   CreateTopikDto,
   GetAllRespDto,
   OmittedTopik,
@@ -32,6 +36,9 @@ import {
   createBulkRespDto,
 } from "./alokasi-topik.dto";
 import { AlokasiTopikService } from "./alokasi-topik.service";
+import { Request } from "express";
+import { AuthDto } from "src/auth/auth.dto";
+import { HIGH_AUTHORITY_ROLES, isHighAuthority } from "src/helper/roles";
 
 @ApiTags("Alokasi Topik")
 @ApiCookieAuth()
@@ -41,22 +48,41 @@ import { AlokasiTopikService } from "./alokasi-topik.service";
 export class AlokasiTopikController {
   constructor(private alokasiTopikService: AlokasiTopikService) {}
 
-  @ApiOkResponse({ type: CreateRespDto })
-  @Roles(RoleEnum.S2_TIM_TESIS, RoleEnum.ADMIN)
+  @ApiOperation({
+    summary: "Create new topik. Roles: S2_TIM_TESIS, ADMIN, S2_PEMBIMBING",
+  })
+  @ApiCreatedResponse({ type: TopikIdRespDto })
+  @Roles(...HIGH_AUTHORITY_ROLES, RoleEnum.S2_PEMBIMBING)
   @Post()
-  async create(@Body() createDto: CreateTopikDto) {
-    return await this.alokasiTopikService.create({ ...createDto });
+  async create(
+    @Body() createDto: CreateTopikDto,
+    @Req() req: Request,
+  ): Promise<TopikIdRespDto> {
+    const { roles, id } = req.user as AuthDto;
+    // user only has S2_PEMBIMBING role
+    if (!isHighAuthority(roles) && createDto.idPengaju !== id) {
+      throw new BadRequestException("Pengaju ID harus sama dengan user ID");
+    }
+
+    return await this.alokasiTopikService.create(createDto);
   }
 
+  @ApiOperation({
+    summary: "Create multiple topik. Roles: S2_TIM_TESIS, ADMIN",
+  })
   @ApiOkResponse({ type: createBulkRespDto })
-  @Roles(RoleEnum.S2_TIM_TESIS, RoleEnum.ADMIN)
+  @Roles(...HIGH_AUTHORITY_ROLES)
   @Post("/bulk")
   async createBulk(@Body() createDto: CreateBulkTopikDto) {
     return await this.alokasiTopikService.createBulk(createDto);
   }
 
+  @ApiOperation({
+    summary:
+      "Get topik by ID. Roles: S2_TIM_TESIS, ADMIN, S2_PEMBIMBING, S2_MAHASISWA",
+  })
   @ApiOkResponse({ type: OmittedTopik })
-  @Roles(RoleEnum.S2_TIM_TESIS, RoleEnum.ADMIN)
+  @Roles(...HIGH_AUTHORITY_ROLES, RoleEnum.S2_PEMBIMBING, RoleEnum.S2_MAHASISWA)
   @Get("/:id")
   async getById(@Param() params: TopikParamDto) {
     const res = await this.alokasiTopikService.findActiveTopikById(params.id);
@@ -64,8 +90,12 @@ export class AlokasiTopikController {
     return res as OmittedTopik;
   }
 
+  @ApiOperation({
+    summary:
+      "Get all topik. Roles: S2_TIM_TESIS, ADMIN, S2_MAHASISWA, S2_PEMBIMBING",
+  })
   @ApiOkResponse({ type: GetAllRespDto })
-  @Roles(RoleEnum.S2_TIM_TESIS, RoleEnum.ADMIN, RoleEnum.S2_MAHASISWA)
+  @Roles(...HIGH_AUTHORITY_ROLES, RoleEnum.S2_MAHASISWA, RoleEnum.S2_PEMBIMBING)
   @Get()
   async getAll(
     @Query()
@@ -73,28 +103,72 @@ export class AlokasiTopikController {
   ) {
     return await this.alokasiTopikService.findAllActiveTopikCreatedByPembimbing(
       {
-        page: query.page || 1,
         ...query,
+        page: query.page || 1,
       },
     );
   }
 
-  @Roles(RoleEnum.S2_TIM_TESIS, RoleEnum.ADMIN)
+  @ApiOperation({
+    summary: "Update topik. Roles: S2_TIM_TESIS, ADMIN, S2_PEMBIMBING",
+  })
+  @ApiOkResponse({ type: TopikIdRespDto })
+  @Roles(...HIGH_AUTHORITY_ROLES, RoleEnum.S2_PEMBIMBING)
   @Put("/:id")
   async update(
     @Param() params: TopikParamDto,
     @Body() updateDto: UpdateTopikDto,
-  ) {
-    const res = await this.alokasiTopikService.update(params.id, updateDto);
-    if (!res.affected) throw new NotFoundException();
-    return res;
+    @Req() req: Request,
+  ): Promise<TopikIdRespDto> {
+    let idPengaju = undefined;
+    const { roles, id } = req.user as AuthDto;
+    // user only has S2_PEMBIMBING role
+    if (!isHighAuthority(roles)) {
+      if (updateDto.idPengaju !== id) {
+        throw new BadRequestException("Pengaju ID harus sama dengan user ID");
+      }
+      idPengaju = id;
+    }
+
+    const res = await this.alokasiTopikService.update(
+      params.id,
+      updateDto,
+      idPengaju,
+    );
+    if (!res.affected)
+      throw new NotFoundException(
+        "Topik tidak ditemukan di antara topik yang dapat Anda akses",
+      );
+
+    const resp: TopikIdRespDto = { id: params.id };
+
+    return resp;
   }
 
-  @Roles(RoleEnum.S2_TIM_TESIS, RoleEnum.ADMIN)
+  @ApiOperation({
+    summary: "Delete topik. Roles: S2_TIM_TESIS, ADMIN, S2_PEMBIMBING",
+  })
+  @ApiOkResponse({ type: TopikIdRespDto })
+  @Roles(...HIGH_AUTHORITY_ROLES, RoleEnum.S2_PEMBIMBING)
   @Delete("/:id")
-  async delete(@Param() params: TopikParamDto) {
-    const res = await this.alokasiTopikService.remove(params.id);
-    if (!res.affected) throw new NotFoundException();
-    return res;
+  async delete(
+    @Param() params: TopikParamDto,
+    @Req() req: Request,
+  ): Promise<TopikIdRespDto> {
+    let idPengaju = undefined;
+    const { roles, id } = req.user as AuthDto;
+    // user only has S2_PEMBIMBING role
+    if (!isHighAuthority(roles)) {
+      idPengaju = id;
+    }
+
+    const res = await this.alokasiTopikService.remove(params.id, idPengaju);
+    if (!res.affected)
+      throw new NotFoundException(
+        "Topik tidak ditemukan di antara topik yang dapat Anda akses",
+      );
+
+    const resp: TopikIdRespDto = { id: params.id };
+    return resp;
   }
 }