♻️ Use new scope structure

src/modules/auth/auth.service.ts

@@ -144,19 +144,23 @@ export class AuthService {
   }
 
   async getScopes(userId: number): Promise<string[]> {
-    const scopes: string[] = [`user${userId}:*`];
+    const scopes: string[] = [`user-${userId}:*`];
     const memberships = await this.prisma.memberships.findMany({
       where: { user: { id: userId } },
       select: { id: true, role: true, group: { select: { id: true } } },
     });
     memberships.forEach(membership => {
-      scopes.push(`membership${membership.id}:*`);
+      scopes.push(`membership-${membership.id}:*`);
       if (membership.role === 'OWNER')
-        scopes.push(`group${membership.group.id}:*`);
+        scopes.push(`group-${membership.group.id}:*`);
+
+      // Admins cannot delete a group, but they can read/write
       if (membership.role === 'ADMIN')
-        scopes.push(`group${membership.group.id}:write-*`);
+        scopes.push(`group-${membership.group.id}:write-*`);
+
+      // Non-owners (admins and regular members) can also read
       if (membership.role !== 'OWNER')
-        scopes.push(`group${membership.group.id}:read-*`);
+        scopes.push(`group-${membership.group.id}:read-*`);
     });
     return scopes;
   }

src/modules/emails/emails.controller.ts

@@ -7,17 +7,14 @@ import {
   ParseIntPipe,
   Post,
   Query,
-  UseGuards,
 } from '@nestjs/common';
 import { emails } from '@prisma/client';
 import { Expose } from 'src/modules/prisma/prisma.interface';
 import { CursorPipe } from 'src/pipes/cursor.pipe';
 import { OptionalIntPipe } from 'src/pipes/optional-int.pipe';
 import { OrderByPipe } from 'src/pipes/order-by.pipe';
 import { WherePipe } from 'src/pipes/where.pipe';
-import { JwtAuthGuard } from '../auth/jwt-auth.guard';
 import { Scopes } from '../auth/scope.decorator';
-import { ScopesGuard } from '../auth/scope.guard';
 import { CreateEmailDto } from './emails.dto';
 import { EmailsService } from './emails.service';
 
@@ -26,7 +23,7 @@ export class EmailController {
   constructor(private emailsService: EmailsService) {}
 
   @Post()
-  @Scopes('user{userId}:write', 'email:write')
+  @Scopes('user-{userId}:write-email')
   async create(
     @Param('userId', ParseIntPipe) userId: number,
     @Body() data: CreateEmailDto,
@@ -35,7 +32,7 @@ export class EmailController {
   }
 
   @Get()
-  @Scopes('user{userId}:read', 'email:read')
+  @Scopes('user-{userId}:read-email')
   async getAll(
     @Param('userId', ParseIntPipe) userId: number,
     @Query('skip', OptionalIntPipe) skip?: number,
@@ -54,7 +51,7 @@ export class EmailController {
   }
 
   @Get(':id')
-  @Scopes('user{userId}:read', 'email{id}:read')
+  @Scopes('user-{userId}:read-email-{id}')
   async get(
     @Param('userId', ParseIntPipe) userId: number,
     @Param('id', ParseIntPipe) id: number,
@@ -63,7 +60,7 @@ export class EmailController {
   }
 
   @Delete(':id')
-  @Scopes('user{userId}:delete', 'email{id}:delete')
+  @Scopes('user-{userId}:delete-email-{id}')
   async remove(
     @Param('userId', ParseIntPipe) userId: number,
     @Param('id', ParseIntPipe) id: number,

src/modules/groups/groups.controller.ts

@@ -6,38 +6,23 @@ import {
   Param,
   ParseIntPipe,
   Patch,
-  Post,
   Put,
   Query,
-  Req,
-  UseGuards,
 } from '@nestjs/common';
 import { groups } from '@prisma/client';
 import { Expose } from 'src/modules/prisma/prisma.interface';
 import { CursorPipe } from 'src/pipes/cursor.pipe';
 import { OptionalIntPipe } from 'src/pipes/optional-int.pipe';
 import { OrderByPipe } from 'src/pipes/order-by.pipe';
 import { WherePipe } from 'src/pipes/where.pipe';
-import { UserRequest } from '../auth/auth.interface';
-import { JwtAuthGuard } from '../auth/jwt-auth.guard';
 import { Scopes } from '../auth/scope.decorator';
-import { ScopesGuard } from '../auth/scope.guard';
-import { CreateGroupDto, ReplaceGroupDto, UpdateGroupDto } from './groups.dto';
+import { ReplaceGroupDto, UpdateGroupDto } from './groups.dto';
 import { GroupsService } from './groups.service';
 
 @Controller('groups')
 export class GroupController {
   constructor(private groupsService: GroupsService) {}
 
-  @Post()
-  @Scopes('user:write', 'group:write')
-  async create(
-    @Req() req: UserRequest,
-    @Body() data: CreateGroupDto,
-  ): Promise<Expose<groups>> {
-    return this.groupsService.createGroup(req.user.id, data);
-  }
-
   @Get()
   @Scopes('group:read')
   async getAll(
@@ -57,13 +42,13 @@ export class GroupController {
   }
 
   @Get(':id')
-  @Scopes('group{id}:read')
+  @Scopes('group-{id}:read-info')
   async get(@Param('id', ParseIntPipe) id: number): Promise<Expose<groups>> {
     return this.groupsService.getGroup(Number(id));
   }
 
   @Patch(':id')
-  @Scopes('group{id}:write')
+  @Scopes('group-{id}:write-info')
   async update(
     @Body() data: UpdateGroupDto,
     @Param('id', ParseIntPipe) id: number,
@@ -72,7 +57,7 @@ export class GroupController {
   }
 
   @Put(':id')
-  @Scopes('group{id}:write')
+  @Scopes('group-{id}:write-info')
   async replace(
     @Body() data: ReplaceGroupDto,
     @Param('id', ParseIntPipe) id: number,
@@ -81,7 +66,7 @@ export class GroupController {
   }
 
   @Delete(':id')
-  @Scopes('group{id}:delete')
+  @Scopes('group-{id}:delete')
   async remove(@Param('id', ParseIntPipe) id: number): Promise<Expose<groups>> {
     return this.groupsService.deleteGroup(Number(id));
   }

src/modules/memberships/memberships.controller.ts

@@ -5,25 +5,22 @@ import {
   Param,
   ParseIntPipe,
   Query,
-  UseGuards,
 } from '@nestjs/common';
 import { memberships } from '@prisma/client';
 import { Expose } from 'src/modules/prisma/prisma.interface';
 import { CursorPipe } from 'src/pipes/cursor.pipe';
 import { OptionalIntPipe } from 'src/pipes/optional-int.pipe';
 import { OrderByPipe } from 'src/pipes/order-by.pipe';
 import { WherePipe } from 'src/pipes/where.pipe';
-import { JwtAuthGuard } from '../auth/jwt-auth.guard';
 import { Scopes } from '../auth/scope.decorator';
-import { ScopesGuard } from '../auth/scope.guard';
 import { MembershipsService } from './memberships.service';
 
 @Controller('users/:userId/memberships')
 export class MembershipController {
   constructor(private membershipsService: MembershipsService) {}
 
   @Get()
-  @Scopes('user{userId}:read', 'membership:read')
+  @Scopes('user-{userId}:read-membership')
   async getAll(
     @Param('userId', ParseIntPipe) userId: number,
     @Query('skip', OptionalIntPipe) skip?: number,
@@ -42,7 +39,7 @@ export class MembershipController {
   }
 
   @Get(':id')
-  @Scopes('user{userId}:read', 'membership{id}:read')
+  @Scopes('user-{userId}:read-membership-{id}')
   async get(
     @Param('userId', ParseIntPipe) userId: number,
     @Param('id', ParseIntPipe) id: number,
@@ -51,7 +48,7 @@ export class MembershipController {
   }
 
   @Delete(':id')
-  @Scopes('user{userId}:delete', 'membership{id}:delete')
+  @Scopes('user-{userId}:delete-membership-{id}')
   async remove(
     @Param('userId', ParseIntPipe) userId: number,
     @Param('id', ParseIntPipe) id: number,

src/modules/sessions/sessions.controller.ts

@@ -5,25 +5,22 @@ import {
   Param,
   ParseIntPipe,
   Query,
-  UseGuards,
 } from '@nestjs/common';
 import { sessions } from '@prisma/client';
 import { Expose } from 'src/modules/prisma/prisma.interface';
 import { CursorPipe } from 'src/pipes/cursor.pipe';
 import { OptionalIntPipe } from 'src/pipes/optional-int.pipe';
 import { OrderByPipe } from 'src/pipes/order-by.pipe';
 import { WherePipe } from 'src/pipes/where.pipe';
-import { JwtAuthGuard } from '../auth/jwt-auth.guard';
 import { Scopes } from '../auth/scope.decorator';
-import { ScopesGuard } from '../auth/scope.guard';
 import { SessionsService } from './sessions.service';
 
 @Controller('users/:userId/sessions')
 export class SessionController {
   constructor(private sessionsService: SessionsService) {}
 
   @Get()
-  @Scopes('user{userId}:read', 'session:read')
+  @Scopes('user-{userId}:read-session')
   async getAll(
     @Param('userId', ParseIntPipe) userId: number,
     @Query('skip', OptionalIntPipe) skip?: number,
@@ -42,7 +39,7 @@ export class SessionController {
   }
 
   @Get(':id')
-  @Scopes('user{userId}:read', 'session{id}:read')
+  @Scopes('user-{userId}:read-session-{id}')
   async get(
     @Param('userId', ParseIntPipe) userId: number,
     @Param('id', ParseIntPipe) id: number,
@@ -51,7 +48,7 @@ export class SessionController {
   }
 
   @Delete(':id')
-  @Scopes('user{userId}:delete', 'session{id}:delete')
+  @Scopes('user-{userId}:delete-session-{id}')
   async remove(
     @Param('userId', ParseIntPipe) userId: number,
     @Param('id', ParseIntPipe) id: number,

src/modules/user/user.controller.ts

@@ -7,17 +7,14 @@ import {
   ParseIntPipe,
   Patch,
   Query,
-  UseGuards,
 } from '@nestjs/common';
 import { users } from '@prisma/client';
 import { Expose } from 'src/modules/prisma/prisma.interface';
 import { CursorPipe } from 'src/pipes/cursor.pipe';
 import { OptionalIntPipe } from 'src/pipes/optional-int.pipe';
 import { OrderByPipe } from 'src/pipes/order-by.pipe';
 import { WherePipe } from 'src/pipes/where.pipe';
-import { JwtAuthGuard } from '../auth/jwt-auth.guard';
 import { Scopes } from '../auth/scope.decorator';
-import { ScopesGuard } from '../auth/scope.guard';
 import { UpdateUserDto } from './user.dto';
 import { UsersService } from './user.service';
 
@@ -38,13 +35,13 @@ export class UserController {
   }
 
   @Get(':id')
-  @Scopes('user{id}:read')
+  @Scopes('user-{id}:read-info')
   async get(@Param('id', ParseIntPipe) id: number): Promise<Expose<users>> {
     return this.usersService.user({ id: Number(id) });
   }
 
   @Patch(':id')
-  @Scopes('user{id}:write')
+  @Scopes('user-{id}:write-info')
   async update(
     @Param('id', ParseIntPipe) id: number,
     @Body() data: UpdateUserDto,
@@ -53,7 +50,7 @@ export class UserController {
   }
 
   @Delete(':id')
-  @Scopes('user{id}:delete')
+  @Scopes('user-{id}:delete')
   async remove(@Param('id', ParseIntPipe) id: number): Promise<Expose<users>> {
     return this.usersService.deleteUser({ id: Number(id) });
   }