From 73fb1b2625e06bbfcdff3e6e0deb2b0b8c43f5ae Mon Sep 17 00:00:00 2001
From: OxSaitama <arnaud.daubernatali@smart-chain.fr>
Date: Wed, 25 Oct 2023 10:52:27 +0200
Subject: [PATCH] add checks on office controller

---
 src/app/api/admin/OfficesController.ts       |  7 +++++++
 src/app/api/notary/OfficesController.ts      | 10 ++++++++++
 src/app/api/super-admin/OfficesController.ts |  6 ++++++
 3 files changed, 23 insertions(+)

diff --git a/src/app/api/admin/OfficesController.ts b/src/app/api/admin/OfficesController.ts
index ded83057..fda4b9c9 100644
--- a/src/app/api/admin/OfficesController.ts
+++ b/src/app/api/admin/OfficesController.ts
@@ -30,6 +30,13 @@ export default class OfficesController extends ApiController {
 					return;
 				}
 			}
+
+			if(query.where?.office_folders) delete query.where.office_folders;
+			if(query.include?.office_folders) {
+				this.httpForbidden(response, "You can't include office_folders");
+				return;
+			};
+				
 			//call service to get prisma entity
 			const officesEntities: Offices[] = await this.officesService.get(query);
 			//Hydrate ressource with prisma entity
diff --git a/src/app/api/notary/OfficesController.ts b/src/app/api/notary/OfficesController.ts
index f2ab1615..ec418381 100644
--- a/src/app/api/notary/OfficesController.ts
+++ b/src/app/api/notary/OfficesController.ts
@@ -29,6 +29,12 @@ export default class OfficesController extends ApiController {
 					return;
 				}
 			}
+
+			if(query.where?.office_folders) delete query.where.office_folders;
+			if(query.include?.office_folders) {
+				this.httpForbidden(response, "You can't include office_folders");
+				return;
+			};
 			//call service to get prisma entity
 			const officesEntities: Offices[] = await this.officesService.get(query);
 			//Hydrate ressource with prisma entity
@@ -56,6 +62,10 @@ export default class OfficesController extends ApiController {
 			let query;
 			if (req.query["q"]) {
 				query = JSON.parse(req.query["q"] as string);
+				if(query.office_folders) {
+					this.httpForbidden(response, "You can't include office_folders");
+					return;
+				}
 			}
 
 			const officeEntity = await this.officesService.getByUid(uid, query);
diff --git a/src/app/api/super-admin/OfficesController.ts b/src/app/api/super-admin/OfficesController.ts
index 05c0bc15..aa39a3bd 100644
--- a/src/app/api/super-admin/OfficesController.ts
+++ b/src/app/api/super-admin/OfficesController.ts
@@ -43,6 +43,12 @@ export default class OfficesController extends ApiController {
 					}
 				}
 			}
+
+			if(query.where?.office_folders) delete query.where.office_folders;
+			if(query.include?.office_folders) {
+				this.httpForbidden(response, "You can't include office_folders");
+				return;
+			};
 			
 			//call service to get prisma entity
 			const officesEntities: Offices[] = await this.officesService.get(query);