fix(backend): fix user rights

Author: pYassine

packages/backend/src/auth/structures-auth.controller.ts

@@ -29,6 +29,7 @@ import { domifaConfig } from "../config";
 import { userSecurityPasswordChecker } from "../modules/users/services";
 import { AllowUserStructureRoles } from "./decorators";
 import { UserStructure } from "@domifa/common";
+import { appLogger } from "../util";
 
 const userProfile: UserProfile = "structure";
 
@@ -55,6 +56,7 @@ export class StructuresAuthController {
 
       return res.status(HttpStatus.OK).json(accessToken);
     } catch (err) {
+      appLogger.error(err);
       return res
         .status(HttpStatus.UNAUTHORIZED)
         .json({ message: "LOGIN_FAILED" });

packages/backend/src/modules/structures/controllers/structure-doc.controller.ts

@@ -37,6 +37,7 @@ import { join } from "path";
 import { FileManagerService } from "../../../util/file-manager/file-manager.service";
 import { validateDocTemplate } from "../../../usagers/utils/custom-docs";
 import { StructureDocTypesAvailable } from "@domifa/common";
+import { appLogger } from "../../../util";
 
 @ApiTags("structure-docs")
 @ApiBearerAuth()
@@ -171,7 +172,8 @@ export class StructureDocController {
       });
 
       return res.status(HttpStatus.OK).json(docs);
-    } catch (e) {
+    } catch (err) {
+      appLogger.error(err);
       return res
         .status(HttpStatus.BAD_REQUEST)
         .json({ message: "UPLOAD_FAIL" });
@@ -211,7 +213,8 @@ export class StructureDocController {
         structureId: user.structureId,
       });
       return res.status(HttpStatus.OK).json(docs);
-    } catch (e) {
+    } catch (err) {
+      appLogger.error(err);
       return res
         .status(HttpStatus.BAD_REQUEST)
         .json({ message: "DOC_NOT_FOUND" });

packages/backend/src/modules/users/controllers/users.controller.ts

@@ -52,6 +52,7 @@ import {
   UserStructureCreateLogContext,
   UserStructureRoleChangeLogContext,
 } from "../../app-logs/app-log-context.types";
+import { appLogger } from "../../../util";
 
 const userProfile: UserProfile = "structure";
 
@@ -64,7 +65,6 @@ export class UsersController {
   constructor(private readonly appLogService: AppLogsService) {}
 
   @Get("")
-  @AllowUserStructureRoles("responsable", "admin")
   public async getUsers(
     @CurrentUser() user: UserStructureAuthenticated
   ): Promise<UserStructureProfile[]> {
@@ -87,7 +87,6 @@ export class UsersController {
     return users;
   }
 
-  @ApiOperation({ summary: "Accepter les CGU" })
   @Get("accept-terms")
   public async acceptTerms(@CurrentUser() user: UserStructureAuthenticated) {
     await userStructureRepository.update(
@@ -104,7 +103,6 @@ export class UsersController {
     return true;
   }
 
-  @ApiOperation({ summary: "Edition du mot de passe depuis le compte user" })
   @Get("last-password-update")
   public async getLastPasswordUpdate(
     @CurrentUser() user: UserStructureAuthenticated,
@@ -339,6 +337,7 @@ export class UsersController {
       });
       return res.status(HttpStatus.OK).json({ message: "OK" });
     } catch (err) {
+      appLogger.error(err);
       return res
         .status(HttpStatus.BAD_REQUEST)
         .json({ message: "EDIT_PASSWORD_FAIL" });

packages/backend/src/modules/users/controllers/users.public.controller.ts

@@ -25,6 +25,7 @@ const userProfile: UserProfile = "structure";
 @Controller("users")
 @ApiTags("users")
 export class UsersPublicController {
+  // TODO: add a limit for this endpoint by ip
   @Post("validate-email")
   public async validateEmail(
     @Body() emailDto: EmailDto,
@@ -57,6 +58,7 @@ export class UsersPublicController {
       });
       return res.status(HttpStatus.OK).json({ message: "OK" });
     } catch (err) {
+      appLogger.error(err);
       return res
         .status(HttpStatus.BAD_REQUEST)
         .json({ message: "TOKEN_INVALID" });
@@ -77,6 +79,7 @@ export class UsersPublicController {
       });
       return res.status(HttpStatus.OK).json({ message: "OK" });
     } catch (err) {
+      appLogger.error(err);
       return res
         .status(HttpStatus.BAD_REQUEST)
         .json({ message: "TOKEN_INVALID" });
@@ -101,7 +104,7 @@ export class UsersPublicController {
         userProfile,
       });
     } catch (err) {
-      appLogger.error("Cannot reset password");
+      appLogger.error(err);
     }
     return res.status(HttpStatus.OK).json({ message: "OK" });
   }

packages/backend/src/usagers/controllers/agenda.controller.ts

@@ -31,6 +31,7 @@ import { RdvDto } from "../dto/decision-form/rdv.dto";
 import { UsagersService } from "../services/usagers.service";
 import { getPersonFullName, Usager } from "@domifa/common";
 import { usagerAppointmentCreatedEmailSender } from "../../modules/mails/services/templates-renderers";
+import { appLogger } from "../../util";
 
 @ApiTags("agenda")
 @ApiBearerAuth()
@@ -148,7 +149,9 @@ export class AgendaController {
         message,
       });
       return res.status(HttpStatus.OK).json(updatedUsager);
-    } catch (e) {
+    } catch (err) {
+      appLogger.error(err);
+
       return res
         .status(HttpStatus.INTERNAL_SERVER_ERROR)
         .json({ message: "REGISTER_ERROR" });

packages/backend/src/usagers/controllers/import/import.controller.security-tests.ts

@@ -44,7 +44,7 @@ export const ImportControllerSecurityTests: AppTestHttpClientSecurityTestDef[] =
           expectedStatus: expectedResponseStatusBuilder.allowStructureOnly(
             context.user,
             {
-              roles: ["simple", "responsable", "admin"],
+              roles: ["responsable", "admin"],
               validExpectedResponseStatus: HttpStatus.BAD_REQUEST, // this is an invalid xls file
             }
           ),

packages/backend/src/usagers/controllers/usager-structure-docs.controller.ts

@@ -38,7 +38,7 @@ import {
 
 import { AppLogsService } from "../../modules/app-logs/app-logs.service";
 import { join } from "path";
-import { cleanPath } from "../../util";
+import { appLogger, cleanPath } from "../../util";
 import { FileManagerService } from "../../util/file-manager/file-manager.service";
 import {
   StructureDoc,
@@ -118,7 +118,8 @@ export class UsagerStructureDocsController {
     try {
       const docGenerated = await generateCustomDoc(content, docValues);
       return res.end(docGenerated);
-    } catch (e) {
+    } catch (err) {
+      appLogger.error(err);
       return res
         .status(HttpStatus.BAD_REQUEST)
         .json({ message: "CANNOT_COMPLETE_DOC" });
@@ -205,7 +206,9 @@ export class UsagerStructureDocsController {
     try {
       const docGenerated = await generateCustomDoc(content, docValues);
       return res.end(docGenerated);
-    } catch (e) {
+    } catch (err) {
+      appLogger.error(err);
+
       return res
         .status(HttpStatus.BAD_REQUEST)
         .json({ message: "CANNOT_COMPLETE_DOMIFA_DOCS" });