comp/apps/api/src/admin-organizations/admin-findings.controller.ts at cf9990b5dda3a857710460ca8ad69639d37bc6d6 · trycompai/comp · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
import {
  Controller,
  Get,
  Post,
  Patch,
  Param,
  Query,
  Body,
  Req,
  UseGuards,
  UseInterceptors,
  UsePipes,
  ValidationPipe,
  BadRequestException,
} from '@nestjs/common';
import { ApiOperation, ApiTags } from '@nestjs/swagger';
import { Throttle } from '@nestjs/throttler';
import { FindingStatus } from '@db';
import { PlatformAdminGuard } from '../auth/platform-admin.guard';
import { FindingsService } from '../findings/findings.service';
import { CreateFindingDto } from '../findings/dto/create-finding.dto';
import { UpdateFindingDto } from '../findings/dto/update-finding.dto';
import { AdminAuditLogInterceptor } from './admin-audit-log.interceptor';
import type { AdminRequest } from './platform-admin-auth-context';

@ApiTags('Admin - Findings')
@Controller({ path: 'admin/organizations', version: '1' })
@UseGuards(PlatformAdminGuard)
@UseInterceptors(AdminAuditLogInterceptor)
@Throttle({ default: { ttl: 60000, limit: 30 } })
export class AdminFindingsController {
  constructor(private readonly findingsService: FindingsService) {}

  @Get(':orgId/findings')
  @ApiOperation({ summary: 'List all findings for an organization (admin)' })
  async list(
    @Param('orgId') orgId: string,
    @Query('status') status?: string,
  ) {
    let validatedStatus: FindingStatus | undefined;
    if (status) {
      if (!Object.values(FindingStatus).includes(status as FindingStatus)) {
        throw new BadRequestException(
          `Invalid status. Must be one of: ${Object.values(FindingStatus).join(', ')}`,
        );
      }
      validatedStatus = status as FindingStatus;
    }

    return this.findingsService.findByOrganizationId(orgId, validatedStatus);
  }

  @Post(':orgId/findings')
  @ApiOperation({ summary: 'Create a finding for an organization (admin)' })
  @UsePipes(
    new ValidationPipe({
      whitelist: true,
      forbidNonWhitelisted: true,
      transform: true,
    }),
  )
  async create(
    @Param('orgId') orgId: string,
    @Body() createDto: CreateFindingDto,
    @Req() req: AdminRequest,
  ) {
    return this.findingsService.create(orgId, null, req.userId, createDto);
  }

  @Patch(':orgId/findings/:findingId')
  @ApiOperation({ summary: 'Update a finding for an organization (admin)' })
  @UsePipes(
    new ValidationPipe({
      whitelist: true,
      forbidNonWhitelisted: true,
      transform: true,
    }),
  )
  async update(
    @Param('orgId') orgId: string,
    @Param('findingId') findingId: string,
    @Body() updateDto: UpdateFindingDto,
    @Req() req: AdminRequest,
  ) {
    return this.findingsService.update(
      orgId,
      findingId,
      updateDto,
      [],
      true,
      req.userId,
      null,
    );
  }
}