From da8558d65062b3a49f0e1521bcbc331ae8a98d06 Mon Sep 17 00:00:00 2001 From: souravbhowmik1999 Date: Mon, 6 Jan 2025 18:57:56 +0530 Subject: [PATCH] Cohort member update issue --- src/cohortMembers/cohortMembers.controller.ts | 29 +++++++++++++++---- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/src/cohortMembers/cohortMembers.controller.ts b/src/cohortMembers/cohortMembers.controller.ts index b0e24e0b..a5e77a56 100644 --- a/src/cohortMembers/cohortMembers.controller.ts +++ b/src/cohortMembers/cohortMembers.controller.ts @@ -69,10 +69,11 @@ export class CohortMembersController { public async createCohortMembers( @Headers() headers, @Req() request, + @Query('userId') userId: string, @Body() cohortMembersDto: CohortMembersDto, @Res() response: Response ) { - const loginUser = request.user.userId; + const loginUser = userId; const tenantId = headers["tenantid"]; const deviceId = headers["deviceid"]; const academicyearId = headers["academicyearid"]; @@ -84,6 +85,11 @@ export class CohortMembersController { "academicyearId is required and academicyearId must be a valid UUID." ); } + if (!loginUser || !isUUID(loginUser)) { + throw new BadRequestException( + "unauthorized!" + ); + } const result = await this.cohortMemberAdapter .buildCohortMembersAdapter() .createCohortMembers( @@ -190,15 +196,20 @@ export class CohortMembersController { @ApiNotFoundResponse({ description: "Data not found" }) @ApiBadRequestResponse({ description: "Bad request" }) @ApiBody({ type: CohortMembersUpdateDto }) - @UsePipes(new ValidationPipe()) + @UsePipes(new ValidationPipe()) public async updateCohortMembers( @Param("cohortmembershipid") cohortMembersId: string, @Req() request, @Body() cohortMemberUpdateDto: CohortMembersUpdateDto, - @Res() response: Response + @Res() response: Response, + @Query('userId') userId: string ) { - const loginUser = request.user.userId; - + const loginUser = userId; + if (!loginUser || !isUUID(loginUser)) { + throw new BadRequestException( + "unauthorized!" + ); + } const result = await this.cohortMemberAdapter .buildCohortMembersAdapter() .updateCohortMembers( @@ -262,6 +273,14 @@ export class CohortMembersController { const loginUser = userId; const tenantId = headers["tenantid"]; const academicyearId = headers["academicyearid"]; + if (!loginUser || !isUUID(loginUser)) { + throw new BadRequestException( + "unauthorized!" + ); + } + if (!tenantId || !isUUID(tenantId)) { + throw new BadRequestException(API_RESPONSES.TENANTID_VALIDATION); + } if (!academicyearId || !isUUID(academicyearId)) { throw new BadRequestException( "academicyearId is required and must be a valid UUID."