From 3eac838b762ba84e06890366b152f375954a451d Mon Sep 17 00:00:00 2001
From: ignavan39 <ivanignatenko28@gmail.com>
Date: Sun, 5 Mar 2023 16:24:44 +0600
Subject: [PATCH] chore: dashboard guard added into pipeline create method

---
 src/dashboard/guards/dashboard-permission.guard.ts |  5 ++++-
 src/pipeline/pipeline.controller.ts                | 12 +-----------
 2 files changed, 5 insertions(+), 12 deletions(-)

diff --git a/src/dashboard/guards/dashboard-permission.guard.ts b/src/dashboard/guards/dashboard-permission.guard.ts
index f9159cf..b97cb1b 100644
--- a/src/dashboard/guards/dashboard-permission.guard.ts
+++ b/src/dashboard/guards/dashboard-permission.guard.ts
@@ -13,7 +13,10 @@ export const DashboardPermissionGuard = (type?: PermissionType) => {
 				throw new UnauthorizedException();
 			}
 
-			const dashboardId = request.params.id ?? request.params.dashboardId;
+			const dashboardId = request.params.id ?? request.params.dashboardId ?? request.body?.dashboardId;
+			if (!dashboardId) {
+				return false;
+			}
 			const permission = await this.repository.findOne({
 				where: {
 					userId: user.id,
diff --git a/src/pipeline/pipeline.controller.ts b/src/pipeline/pipeline.controller.ts
index e6baf65..1ef4213 100644
--- a/src/pipeline/pipeline.controller.ts
+++ b/src/pipeline/pipeline.controller.ts
@@ -30,19 +30,9 @@ export class PipelineController {
 		@InjectRepository(Permission) private readonly permissionRepository: Repository<Permission>,
 	) {}
 
+	@UseGuards(DashboardPermissionGuard(PermissionType.Admin))
 	@Post('/create')
 	async create(@Body() args: CreatePipelineDto) {
-		const permission = await this.permissionRepository
-			.createQueryBuilder('p')
-			.innerJoin('p.dashboard', 'd', 'd.id = p.dashboard_id')
-			.where('d.id =:id', { id: args.dashboardId })
-			.andWhere('p.type =:type', { type: PermissionType.Admin })
-			.getOne();
-
-		if (!permission) {
-			throw new ForbiddenException();
-		}
-
 		const pipelines = await this.repository.find({
 			where: {
 				dashboardId: args.dashboardId,