Spaces:
Running
Running
| import { | |
| Body, | |
| Controller, | |
| Delete, | |
| ForbiddenException, | |
| Get, | |
| Param, | |
| Patch, | |
| Post, | |
| Query, | |
| Req, | |
| SetMetadata, | |
| UseGuards, | |
| } from "@nestjs/common"; | |
| import { FacilitiesService } from "./facilities.service"; | |
| // import { JwtAuthGuard } from "../auth/guards/jwt-auth.guard"; | |
| import { RolesGuard } from "../auth/guards/roles.guard"; | |
| import { JwtAuthGuard } from "src/auth/guards/jwt-auth.guard"; | |
| const Roles = (...roles: string[]) => SetMetadata("roles", roles); | |
| (JwtAuthGuard, RolesGuard) | |
| ("facilities") | |
| export class FacilitiesController { | |
| constructor(private readonly facilitiesService: FacilitiesService) {} | |
| // βββ FACILITY CRUD (SUPER_ADMIN only) ββββββββββββββββββββββββββββββββββββ | |
| /** POST /facilities */ | |
| ("SUPER_ADMIN") | |
| () | |
| create( | |
| () | |
| body: { | |
| organizationId?: string; | |
| name: string; | |
| address?: string; | |
| phone?: string; | |
| adminFirstName: string; | |
| adminLastName: string; | |
| adminEmail: string; | |
| adminPhone?: string; | |
| adminType?: string; | |
| }, | |
| ) { | |
| return this.facilitiesService.create(body); | |
| } | |
| /** GET /facilities */ | |
| ("SUPER_ADMIN", "FACILITY_ADMIN", "FACILITY_STAFF") | |
| () | |
| findAll() { | |
| return this.facilitiesService.findAll(); | |
| } | |
| /** GET /facilities/:id */ | |
| ("SUPER_ADMIN", "FACILITY_ADMIN", "FACILITY_STAFF") | |
| (":id") | |
| findOne(("id") id: string, () req: any) { | |
| const requesterRole = req.user?.role; | |
| const requesterFacilityId = req.user?.healthcareWorker?.facilityId; | |
| // Only SUPER_ADMIN can access any facility, others can only access their own | |
| if (requesterRole !== "SUPER_ADMIN" && requesterFacilityId !== id) { | |
| throw new ForbiddenException("You are not authorized to access this facility"); | |
| } | |
| return this.facilitiesService.findOne(id); | |
| } | |
| /** PATCH /facilities/:id */ | |
| ("SUPER_ADMIN") | |
| (":id") | |
| update( | |
| ("id") id: string, | |
| () | |
| body: { | |
| organizationId?: string | null; | |
| name?: string; | |
| address?: string; | |
| phone?: string; | |
| isActive?: boolean; | |
| }, | |
| ) { | |
| return this.facilitiesService.update(id, body); | |
| } | |
| /** PATCH /facilities/:id/deactivate */ | |
| ("SUPER_ADMIN") | |
| (":id/deactivate") | |
| deactivate(("id") id: string) { | |
| return this.facilitiesService.deactivate(id); | |
| } | |
| // βββ QR FACILITY LINKING βββββββββββββββββββββββββββββββββββββββββββββββββ | |
| /** | |
| * Health worker generates a QR token for their facility. | |
| * Dashboard calls this then renders the token as a QR code. | |
| * | |
| * POST /facilities/generate-link-token | |
| * Auth: HEALTH_WORKER | |
| * Body: { healthWorkerId: string } β replace with req.user in prod | |
| */ | |
| ("FACILITY_ADMIN", "FACILITY_STAFF") | |
| ("generate-link-token") | |
| generateLinkToken( | |
| () req: any, | |
| () body: { healthWorkerId?: string }, | |
| ) { | |
| // In production: const healthWorkerId = req.user.healthcareWorkerId | |
| const healthWorkerId = req.user?.healthcareWorkerId ?? body.healthWorkerId; | |
| return this.facilitiesService.generateLinkToken(healthWorkerId); | |
| } | |
| /** | |
| * Patient app calls this after scanning the QR code. | |
| * | |
| * POST /facilities/link-via-qr | |
| * Auth: PATIENT | |
| * Body: { token: string } | |
| */ | |
| ("PATIENT") | |
| ("link-via-qr") | |
| linkViaQR(() req: any, () body: { token: string; userId?: string }) { | |
| // In production: const userId = req.user.id | |
| const userId = req.user?.id ?? body.userId; | |
| return this.facilitiesService.linkPatientViaQR(userId, body.token); | |
| } | |
| /** | |
| * Get patient's current facility link status. | |
| * | |
| * GET /facilities/link-status | |
| * Auth: PATIENT | |
| */ | |
| ("PATIENT") | |
| ("link-status") | |
| getLinkStatus(() req: any, ("userId") userId?: string) { | |
| // In production: const userId = req.user.id | |
| const id = req.user?.id ?? userId; | |
| return this.facilitiesService.getLinkStatus(id); | |
| } | |
| /** | |
| * Unlink patient from their current facility. | |
| * | |
| * DELETE /facilities/unlink | |
| * Auth: PATIENT | |
| */ | |
| ("PATIENT") | |
| ("unlink") | |
| unlinkPatient(() req: any, () body: { userId?: string }) { | |
| // In production: const userId = req.user.id | |
| const userId = req.user?.id ?? body.userId; | |
| return this.facilitiesService.unlinkPatient(userId); | |
| } | |
| } | |