diff --git a/prisma/schema/profile.schema.prisma b/prisma/schema/profile.schema.prisma index c90aef7..b5959a9 100644 --- a/prisma/schema/profile.schema.prisma +++ b/prisma/schema/profile.schema.prisma @@ -2,7 +2,6 @@ model Profile { id String @id @default(uuid()) accountId String @unique account Account @relation(fields: [accountId], references: [id], onDelete: Cascade) - shopName String shopLogo String? contactNumber String? @@ -11,3 +10,5 @@ model Profile { shopCategory String? } + + diff --git a/src/app/modules/order/order.service.ts b/src/app/modules/order/order.service.ts index 4a14a5b..1285906 100644 --- a/src/app/modules/order/order.service.ts +++ b/src/app/modules/order/order.service.ts @@ -161,6 +161,10 @@ const update_order_into_db = async (req: Request) => { const delete_order_from_db = async (req: Request) => { // define your own login here const { id } = req.params as { id: string }; + const user = req.user; + if (user?.role !== "ADMIN") { + throw new AppError("You are not authorized to perform this action", 403); + } const result = await prisma.order.delete({ where: { id } }); return result; }; diff --git a/src/app/modules/order/order.swagger.ts b/src/app/modules/order/order.swagger.ts index d17fd4a..f4d705c 100644 --- a/src/app/modules/order/order.swagger.ts +++ b/src/app/modules/order/order.swagger.ts @@ -3,7 +3,11 @@ export const orderSwaggerDocs = { post: { tags: ["order"], summary: "Create new order", - description: "", + description: ` INITIATED + CONFIRMED + ONGOING + DELIVERED + CANCELLED`, requestBody: { required: true, content: { @@ -116,7 +120,7 @@ export const orderSwaggerDocs = { }, patch: { tags: ["order"], - summary: "Update order", + summary: "Update order -(Admin route)", description: "", parameters: [ { diff --git a/src/app/modules/plan/plan.route.ts b/src/app/modules/plan/plan.route.ts index 2aae558..ba0e1c4 100644 --- a/src/app/modules/plan/plan.route.ts +++ b/src/app/modules/plan/plan.route.ts @@ -1,5 +1,5 @@ - - import { Router } from "express"; +import { Router } from "express"; +import auth from "../../middlewares/auth.js"; import RequestValidator from "../../middlewares/request_validator.js"; import { plan_controller } from "./plan.controller.js"; import { plan_validations } from "./plan.validation.js"; @@ -10,15 +10,16 @@ router.get("/", plan_controller.get_all_plan); router.post( "/", RequestValidator(plan_validations.create_plan), + auth("ADMIN"), plan_controller.create_plan, ); router.get("/:id", plan_controller.get_single_plan); router.patch( "/:id", RequestValidator(plan_validations.update_plan), + auth("ADMIN"), plan_controller.update_plan, ); -router.delete("/:id", plan_controller.delete_plan); +router.delete("/:id", auth("ADMIN"), plan_controller.delete_plan); export default router; - \ No newline at end of file diff --git a/src/app/modules/plan/plan.service.ts b/src/app/modules/plan/plan.service.ts index a3ca07d..4d351c0 100644 --- a/src/app/modules/plan/plan.service.ts +++ b/src/app/modules/plan/plan.service.ts @@ -22,7 +22,7 @@ const get_single_plan_from_db = async (req: Request) => { const create_plan_into_db = async (req: Request) => { // define your own login here - const user = req.user + const user = req?.user if (user?.role !== "ADMIN") { throw new AppError("You don’t have permission to create plan information.!!!", 401) } diff --git a/src/app/modules/profile/profile.service.ts b/src/app/modules/profile/profile.service.ts index b93e02d..5aaf758 100644 --- a/src/app/modules/profile/profile.service.ts +++ b/src/app/modules/profile/profile.service.ts @@ -7,6 +7,7 @@ const update_profile_into_db = async (req: Request) => { const user = req?.user as JwtPayloadType; const payload = req?.body; const file = req?.file; + console.log(payload); // check file and upload to cloud if (file) { const cloudRes = await uploadCloud(file);