@@ -25,7 +25,7 @@ import {ShipService} from './ship.service';
2525import { ReadShipDto , UpdateShipDto } from './ship.dto' ;
2626import { User } from '../user/user.schema' ;
2727import { Auth , AuthUser } from '../auth/auth.decorator' ;
28- import { NotFound , ObjectIdPipe } from '@mean-stream/nestx' ;
28+ import { notFound , NotFound , ObjectIdPipe } from '@mean-stream/nestx' ;
2929import { Types } from 'mongoose' ;
3030import { Ship , ShipDocument } from './ship.schema' ;
3131import { EmpireDocument } from '../empire/empire.schema' ;
@@ -59,13 +59,12 @@ export class ShipController {
5959 async getFleetShips (
6060 @AuthUser ( ) user : User ,
6161 @Param ( 'game' , ObjectIdPipe ) game : Types . ObjectId ,
62- @Param ( 'fleet' , ObjectIdPipe ) fleetId : Types . ObjectId ,
62+ @Param ( 'fleet' , ObjectIdPipe ) fleet : Types . ObjectId ,
6363 @Query ( 'type' ) type ?: ShipTypeName ,
6464 ) : Promise < ReadShipDto [ ] | Ship [ ] > {
65- const fleet = await this . getFleet ( fleetId ) ;
66- const ships = await this . shipService . findAll ( { fleet : fleet . _id , type} ) ;
67- const empire = await this . empireService . findOne ( { game, user : user . _id } ) ;
68- return this . checkUserAccess ( fleet , empire ) ? ships : ships . map ( ship => this . toReadShipDto ( ship . toObject ( ) ) ) ;
65+ const isOwner = await this . hasUserAccess ( game , fleet , user ) ;
66+ const ships = await this . shipService . findAll ( { game, fleet, type} ) ;
67+ return isOwner ? ships : ships . map ( ship => this . toReadShipDto ( ship . toObject ( ) ) ) ;
6968 }
7069
7170 @Get ( ':id' )
@@ -74,14 +73,13 @@ export class ShipController {
7473 @NotFound ( 'Ship not found.' )
7574 async getFleetShip (
7675 @Param ( 'game' , ObjectIdPipe ) game : Types . ObjectId ,
77- @Param ( 'fleet' , ObjectIdPipe ) fleetId : Types . ObjectId ,
76+ @Param ( 'fleet' , ObjectIdPipe ) fleet : Types . ObjectId ,
7877 @Param ( 'id' , ObjectIdPipe ) id : Types . ObjectId ,
7978 @AuthUser ( ) user : User ,
80- ) : Promise < ReadShipDto | Ship > {
81- const fleet = await this . getFleet ( fleetId ) ;
82- const ship = await this . getShip ( id , fleet . _id ) ;
83- const empire = await this . empireService . findOne ( { game, user : user . _id } ) ;
84- return this . checkUserAccess ( fleet , empire ) ? ship : this . toReadShipDto ( ship . toObject ( ) ) ;
79+ ) : Promise < ReadShipDto | Ship | null > {
80+ const isOwner = await this . hasUserAccess ( game , fleet , user ) ;
81+ const ship = await this . shipService . findOne ( { game, fleet, _id : id } ) ;
82+ return ! ship || isOwner ? ship : this . toReadShipDto ( ship . toObject ( ) ) ;
8583 }
8684
8785 @Patch ( ':id' )
@@ -92,19 +90,17 @@ export class ShipController {
9290 @ApiConflictResponse ( { description : 'Both fleets need to be in the same location to transfer ships.' } )
9391 async updateFleetShip (
9492 @Param ( 'game' , ObjectIdPipe ) game : Types . ObjectId ,
95- @Param ( 'fleet' , ObjectIdPipe ) fleetId : Types . ObjectId ,
93+ @Param ( 'fleet' , ObjectIdPipe ) fleet : Types . ObjectId ,
9694 @Param ( 'id' , ObjectIdPipe ) id : Types . ObjectId ,
9795 @Body ( ) updateShipDto : UpdateShipDto ,
9896 @AuthUser ( ) user : User ,
9997 ) : Promise < Ship | null > {
100- const fleet = await this . getFleet ( fleetId ) ;
101- const ship = await this . getShip ( id , fleet . _id ) ;
102- await this . getUserEmpireAccess ( game , user , ship ) ;
98+ await this . checkUserAccess ( game , fleet , user ) ;
10399
104100 // Change fleet if in same system
105- if ( updateShipDto . fleet && ! updateShipDto . fleet . equals ( ship . fleet ) ) {
101+ if ( updateShipDto . fleet && ! updateShipDto . fleet . equals ( fleet ) ) {
106102 const newFleet = await this . fleetService . find ( updateShipDto . fleet , { game} ) ;
107- const currentFleet = await this . fleetService . find ( ship . fleet , { game} ) ;
103+ const currentFleet = await this . fleetService . find ( fleet , { game} ) ;
108104
109105 if ( ! newFleet || ! currentFleet ) {
110106 throw new NotFoundException ( 'Fleet not found.' ) ;
@@ -114,7 +110,7 @@ export class ShipController {
114110 throw new ConflictException ( 'Both fleets need to be in the same location to transfer ships.' ) ;
115111 }
116112 }
117- return this . shipService . update ( id , updateShipDto ) ;
113+ return this . shipService . updateOne ( { game , fleet , _id : id } , updateShipDto ) ;
118114 }
119115
120116 @Delete ( ':id' )
@@ -124,44 +120,28 @@ export class ShipController {
124120 @ApiForbiddenResponse ( { description : 'You do not own this ship.' } )
125121 async deleteFleetShip (
126122 @Param ( 'game' , ObjectIdPipe ) game : Types . ObjectId ,
127- @Param ( 'fleet' , ObjectIdPipe ) fleetId : Types . ObjectId ,
123+ @Param ( 'fleet' , ObjectIdPipe ) fleet : Types . ObjectId ,
128124 @Param ( 'id' , ObjectIdPipe ) id : Types . ObjectId ,
129125 @AuthUser ( ) user : User ,
130126 ) : Promise < Ship | null > {
131- const fleet = await this . getFleet ( fleetId ) ;
132- await this . getUserEmpireAccess ( game , user , await this . getShip ( id , fleet . _id ) ) ;
133- return this . shipService . delete ( id ) ;
127+ await this . checkUserAccess ( game , fleet , user ) ;
128+ return this . shipService . deleteOne ( { game, fleet, _id : id } ) ;
134129 }
135130
136- private async getFleet ( fleetId : Types . ObjectId ) : Promise < FleetDocument > {
137- const fleet = await this . fleetService . find ( fleetId ) ;
138- if ( ! fleet ) {
139- throw new NotFoundException ( 'Fleet not found.' ) ;
140- }
141- return fleet ;
142- }
143-
144- private async getUserEmpireAccess ( game : Types . ObjectId , user : User , ship : ShipDocument ) : Promise < EmpireDocument > {
145- const userEmpire = await this . empireService . findOne ( { game, user : user . _id } ) ;
146- if ( ! userEmpire || ! ship . empire ?. equals ( userEmpire . _id ) ) {
147- throw new ForbiddenException ( 'You do not own this ship.' ) ;
148- }
149- return userEmpire ;
150- }
151-
152- private async getShip ( id : Types . ObjectId , fleetId : Types . ObjectId ) : Promise < ShipDocument > {
153- const ship = await this . shipService . find ( id , { fleet : fleetId } ) ;
154- if ( ! ship ) {
155- throw new NotFoundException ( 'Ship not found.' ) ;
131+ private async hasUserAccess ( game : Types . ObjectId , fleet : Types . ObjectId , user : User ) : Promise < boolean > {
132+ const fleetDoc = await this . fleetService . findOne ( { game, _id : fleet } , { projection : 'empire' } ) ?? notFound ( `Fleet ${ fleet } ) ;
133+ if ( ! fleetDoc . empire ) {
134+ return false ;
156135 }
157- return ship ;
136+ const empire = await this . empireService . find ( fleetDoc . empire , { projection : 'user' } ) ?? notFound ( `Empire ${ fleetDoc . empire } ) ;
137+ return user . _id . equals ( empire . user ) ;
158138 }
159139
160- private checkUserAccess ( fleet : FleetDocument , empire : EmpireDocument | null ) : boolean {
161- if ( ! empire || ! fleet . empire ) {
162- return false ;
140+ private async checkUserAccess ( game : Types . ObjectId , fleet : Types . ObjectId , user : User ) : Promise < void > {
141+ const isOwner = await this . hasUserAccess ( game , fleet , user ) ;
142+ if ( ! isOwner ) {
143+ throw new ForbiddenException ( 'You do not own this fleet.' ) ;
163144 }
164- return fleet . empire . equals ( empire . _id ) ;
165145 }
166146
167147 private toReadShipDto ( ship : Ship ) : ReadShipDto {
0 commit comments