All files / src/permintaan permintaan.controller.ts

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
1x
 
 
 
 
 
 
 
 
 
 
 
1x
1x
1x
1x
1x
 
 
 
1x
14x
 
 
 
 
1x
 
2x
 
 
 
 
 
1x
 
1x
 
 
 
 
 
1x
2x
1x
 
1x
 
 
 
 
1x
 
3x
3x
 
 
 
1x
 
2x
 
 
 
 
 
1x
 
 
 
 
2x
 
 
 
 
 
 
 
 
 
1x
1x
 
 
 
 
 
1x
1x
 
 
 
 
1x
 
 
 
2x
 
 
1x
 
 
 
1x
 
 
 
import {
  Controller,
  Post,
  Body,
  Req,
  UseGuards,
  Get,
  Param,
  ForbiddenException, // tambahkan ini
  Patch,
  Res,
} from '@nestjs/common';
import { PermintaanService } from './permintaan.service';
import { CreatePermintaanDto } from './dto/create-permintaan.dto';
import { VerifikasiPermintaanDto } from './dto/verifikasi-permintaan.dto';
import { JwtAuthGuard } from '../auth/jwt-auth.guard';
import { Roles } from '../auth/roles.decorator';
import { Response } from 'express';
 
@Controller('permintaan')
export class PermintaanController {
  constructor(private readonly permintaanService: PermintaanService) {}
 
  @UseGuards(JwtAuthGuard)
  @Roles('pegawai')
  @Post()
  async create(@Body() dto: CreatePermintaanDto, @Req() req) {
    // INI PERBAIKANNYA: Gunakan req.user.userId
    return this.permintaanService.create(dto, req.user.userId);
  }
 
  @UseGuards(JwtAuthGuard)
  @Roles('pegawai')
  @Get('riwayat')
  async getRiwayat(@Req() req) {
    // Hanya tampilkan permintaan milik user login
    return this.permintaanService.getRiwayatByUser(req.user.userId);
  }
 
  @UseGuards(JwtAuthGuard)
  @Roles('admin')
  @Get('masuk')
  async getPermintaanMasuk(@Req() req) {
    if (req.user.role !== 'admin') {
      throw new ForbiddenException('Hanya admin yang dapat mengakses');
    }
    return this.permintaanService.getPermintaanMenunggu();
  }
 
  @UseGuards(JwtAuthGuard)
  @Get(':id')
  async findOne(@Req() req, @Param('id') id: number) {
    // Hanya boleh akses permintaan milik sendiri (pegawai) atau admin
    const permintaan = await this.permintaanService.findOneById(Number(id));
    if (
      req.user.role === 'pegawai' &&
      permintaan.id_user_pemohon !== req.user.userId
    ) {
      throw new ForbiddenException('Akses ditolak');
    }
    return permintaan;
  }
 
  @UseGuards(JwtAuthGuard)
  @Roles('admin')
  @Patch(':id/verifikasi')
  async verifikasi(
    @Param('id') id: number,
    @Body() dto: VerifikasiPermintaanDto,
    @Req() req,
  ) {
    return this.permintaanService.verifikasiPermintaan(
      Number(id),
      dto,
      req.user.userId,
    );
  }
 
  @UseGuards(JwtAuthGuard)
  @Roles('admin')
  @Get('dashboard/statistik')
  async getDashboardStatistik() {
    return this.permintaanService.getDashboardStatistik();
  }
 
  @UseGuards(JwtAuthGuard)
  @Roles('admin')
  @Get('dashboard/tren-permintaan')
  async getTrenPermintaanBulanan() {
    return this.permintaanService.getTrenPermintaanBulanan();
  }
 
  @UseGuards(JwtAuthGuard)
  @Get(':id/pdf')
  async generateBuktiPermintaanPDF(
    @Param('id') id: number,
    @Res() res: Response,
  ) {
    const pdfBuffer = await this.permintaanService.generateBuktiPermintaanPDF(
      Number(id),
    );
    res.set({
      'Content-Type': 'application/pdf',
      'Content-Disposition': `attachment; filename="bukti_permintaan_${id}.pdf"`,
    });
    res.end(pdfBuffer);
  }
}