✨ Security in put

src/app/api/admin/OfficeRolesController.ts

@@ -10,11 +10,12 @@ import authHandler from "@App/middlewares/AuthHandler";
 import ruleHandler from "@App/middlewares/RulesHandler";
 import officeRoleHandler from "@App/middlewares/OfficeMembershipHandlers/OfficeRoleHandler";
 import roleHandler from "@App/middlewares/RolesHandler";
+import RulesService from "@Services/admin/RulesService/RulesService";
 
 @Controller()
 @Service()
 export default class OfficeRolesController extends ApiController {
-	constructor(private officeRolesService: OfficeRolesService) {
+	constructor(private officeRolesService: OfficeRolesService, private rulesService: RulesService) {
 		super();
 	}
 
@@ -30,7 +31,7 @@ export default class OfficeRolesController extends ApiController {
 				query = JSON.parse(req.query["q"] as string);
 			}
 
-			if(req.query["search"] && typeof req.query["search"] === "string") {
+			if (req.query["search"] && typeof req.query["search"] === "string") {
 				const filter = req.query["search"];
 				query = {
 					where: {
@@ -39,7 +40,7 @@ export default class OfficeRolesController extends ApiController {
 							mode: "insensitive",
 						},
 					},
-				}
+				};
 			}
 
 			const officeId: string = req.body.user.office_Id;
@@ -108,6 +109,20 @@ export default class OfficeRolesController extends ApiController {
 				return;
 			}
 
+			if (req.body.rules) {
+				const rules = req.body.rules;
+				const allRules = await this.rulesService.get({
+					where: {
+						namespace: "notary",
+					},
+				});
+
+				const rulesToEdit = rules.filter((rule: any) => {
+					const ruleFound = allRules.find((r) => r.uid === rule.uid && r.namespace === "notary");
+					return ruleFound;
+				});
+				req.body.rules = rulesToEdit;
+			}
 			//init IOfficeRole resource with request body values
 			const officeRoleEntity = OfficeRole.hydrate<OfficeRole>(req.body);