Auspicious14 commited on
Commit
3dd2cda
·
1 Parent(s): 5f952c4

feat(appointments): add role-based access to findAll endpoint

Browse files

restrict access to the GET appointments endpoint to FACILITY_ADMIN and FACILITY_STAFF roles

src/appointments/appointments.controller.ts CHANGED
@@ -33,6 +33,7 @@ export class AppointmentsController {
33
  }
34
 
35
  @Get()
 
36
  findAll(@Request() req: any) {
37
  return this.appointmentsService.findAll(req.user.healthcareWorker.facilityId);
38
  }
 
33
  }
34
 
35
  @Get()
36
+ @Roles("FACILITY_ADMIN", "FACILITY_STAFF")
37
  findAll(@Request() req: any) {
38
  return this.appointmentsService.findAll(req.user.healthcareWorker.facilityId);
39
  }