diff --git a/CHANGELOG.md b/CHANGELOG.md index 43fb36495..ff5c940bd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,8 +11,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Extracted the activities table filter to a dedicated component - Changed the url of the _Get Started_ link to `https://ghostfol.io` on the public page +- Simplified `@@id` using multiple fields with `@id` in the database schema of (`Access`, `Order`, `Subscription`) - Upgraded `prisma` from version `3.11.1` to `3.12.0` +### Todo + +- Apply data migration (`yarn database:migrate`) + ## 1.140.2 - 22.04.2022 ### Added diff --git a/apps/api/src/app/access/access.controller.ts b/apps/api/src/app/access/access.controller.ts index 405c53e68..a778d8b57 100644 --- a/apps/api/src/app/access/access.controller.ts +++ b/apps/api/src/app/access/access.controller.ts @@ -78,8 +78,12 @@ export class AccessController { @Delete(':id') @UseGuards(AuthGuard('jwt')) public async deleteAccess(@Param('id') id: string): Promise { + const access = await this.accessService.access({ id }); + if ( - !hasPermission(this.request.user.permissions, permissions.deleteAccess) + !hasPermission(this.request.user.permissions, permissions.deleteAccess) || + !access || + access.userId !== this.request.user.id ) { throw new HttpException( getReasonPhrase(StatusCodes.FORBIDDEN), @@ -88,10 +92,7 @@ export class AccessController { } return this.accessService.deleteAccess({ - id_userId: { - id, - userId: this.request.user.id - } + id }); } } diff --git a/apps/api/src/app/order/order.controller.ts b/apps/api/src/app/order/order.controller.ts index 740676950..73fdd67f8 100644 --- a/apps/api/src/app/order/order.controller.ts +++ b/apps/api/src/app/order/order.controller.ts @@ -42,8 +42,12 @@ export class OrderController { @Delete(':id') @UseGuards(AuthGuard('jwt')) public async deleteOrder(@Param('id') id: string): Promise { + const order = await this.orderService.order({ id }); + if ( - !hasPermission(this.request.user.permissions, permissions.deleteOrder) + !hasPermission(this.request.user.permissions, permissions.deleteOrder) || + !order || + order.userId !== this.request.user.id ) { throw new HttpException( getReasonPhrase(StatusCodes.FORBIDDEN), @@ -52,10 +56,7 @@ export class OrderController { } return this.orderService.deleteOrder({ - id_userId: { - id, - userId: this.request.user.id - } + id }); } @@ -135,23 +136,15 @@ export class OrderController { @UseGuards(AuthGuard('jwt')) @UseInterceptors(TransformDataSourceInRequestInterceptor) public async update(@Param('id') id: string, @Body() data: UpdateOrderDto) { - if ( - !hasPermission(this.request.user.permissions, permissions.updateOrder) - ) { - throw new HttpException( - getReasonPhrase(StatusCodes.FORBIDDEN), - StatusCodes.FORBIDDEN - ); - } - const originalOrder = await this.orderService.order({ - id_userId: { - id, - userId: this.request.user.id - } + id }); - if (!originalOrder) { + if ( + !hasPermission(this.request.user.permissions, permissions.updateOrder) || + !originalOrder || + originalOrder.userId !== this.request.user.id + ) { throw new HttpException( getReasonPhrase(StatusCodes.FORBIDDEN), StatusCodes.FORBIDDEN @@ -183,10 +176,7 @@ export class OrderController { User: { connect: { id: this.request.user.id } } }, where: { - id_userId: { - id, - userId: this.request.user.id - } + id } }); } diff --git a/prisma/migrations/20220424064155_changed_various_ids_with_multiple_fields/migration.sql b/prisma/migrations/20220424064155_changed_various_ids_with_multiple_fields/migration.sql new file mode 100644 index 000000000..19d8d862a --- /dev/null +++ b/prisma/migrations/20220424064155_changed_various_ids_with_multiple_fields/migration.sql @@ -0,0 +1,14 @@ +-- AlterTable +ALTER TABLE "Access" DROP CONSTRAINT "Access_pkey", +ADD CONSTRAINT "Access_pkey" PRIMARY KEY ("id"); + +-- AlterTable +ALTER TABLE "MarketData" ADD CONSTRAINT "MarketData_pkey" PRIMARY KEY ("id"); + +-- AlterTable +ALTER TABLE "Order" DROP CONSTRAINT "Order_pkey", +ADD CONSTRAINT "Order_pkey" PRIMARY KEY ("id"); + +-- AlterTable +ALTER TABLE "Subscription" DROP CONSTRAINT "Subscription_pkey", +ADD CONSTRAINT "Subscription_pkey" PRIMARY KEY ("id"); diff --git a/prisma/schema.prisma b/prisma/schema.prisma index 7ffca1690..e220b4ebb 100644 --- a/prisma/schema.prisma +++ b/prisma/schema.prisma @@ -13,12 +13,10 @@ model Access { createdAt DateTime @default(now()) GranteeUser User? @relation(fields: [granteeUserId], name: "accessGet", references: [id]) granteeUserId String? - id String @default(uuid()) + id String @id @default(uuid()) updatedAt DateTime @updatedAt User User @relation(fields: [userId], name: "accessGive", references: [id]) userId String - - @@id([id, userId]) } model Account { @@ -61,7 +59,7 @@ model MarketData { createdAt DateTime @default(now()) dataSource DataSource date DateTime - id String @default(uuid()) + id String @id @default(uuid()) symbol String marketPrice Float @@ -76,7 +74,7 @@ model Order { createdAt DateTime @default(now()) date DateTime fee Float - id String @default(uuid()) + id String @id @default(uuid()) isDraft Boolean @default(false) quantity Float SymbolProfile SymbolProfile @relation(fields: [symbolProfileId], references: [id]) @@ -86,8 +84,6 @@ model Order { updatedAt DateTime @updatedAt User User @relation(fields: [userId], references: [id]) userId String - - @@id([id, userId]) } model Platform { @@ -138,20 +134,18 @@ model SymbolProfileOverrides { countries Json? name String? sectors Json? - SymbolProfile SymbolProfile @relation(fields: [symbolProfileId], references: [id]) - symbolProfileId String @id - updatedAt DateTime @updatedAt + SymbolProfile SymbolProfile @relation(fields: [symbolProfileId], references: [id]) + symbolProfileId String @id + updatedAt DateTime @updatedAt } model Subscription { createdAt DateTime @default(now()) expiresAt DateTime - id String @default(uuid()) + id String @id @default(uuid()) updatedAt DateTime @updatedAt User User @relation(fields: [userId], references: [id]) userId String - - @@id([id, userId]) } model User {