🐛 fix api param

kookmin-sw · Apr 25, 2024 · 21ac6f4 · 21ac6f4
1 parent 8297a97
commit 21ac6f4
Showing 1 changed file with 8 additions and 49 deletions.
diff --git a/src/profile/profile.controller.ts b/src/profile/profile.controller.ts
@@ -12,13 +12,7 @@ import { ProfileService } from './profile.service';
 import { JwtAuthGuard } from 'src/user/user.guard';
 import { GetUser } from 'src/user/decorators/GetUser.decorator';
 import { Payload } from 'src/user/dto/jwt-payload.dto';
-import {
-  ApiBearerAuth,
-  ApiBody,
-  ApiParam,
-  ApiResponse,
-  getSchemaPath,
-} from '@nestjs/swagger';
+import { ApiBearerAuth, ApiBody, ApiParam, ApiResponse } from '@nestjs/swagger';
 import { GetProfileDto, ProfileDto } from './dto/profile.dto';
 
 @Controller('profile')
@@ -27,35 +21,17 @@ import { GetProfileDto, ProfileDto } from './dto/profile.dto';
 export class ProfileController {
   constructor(private readonly profileService: ProfileService) {}
 
-  @Get('/:id')
-  @ApiParam({
-    name: 'id',
-    description: 'userId',
-    type: 'number',
-  })
+  @Get('/')
   @ApiResponse({
     status: 200,
     description: 'Get a profile',
     type: GetProfileDto,
   })
-  async getProfile(
-    @Param('id') id: number,
-    @GetUser() user: Payload,
-  ): Promise<GetProfileDto | null> {
-    if (id !== user.userId) {
-      throw new ForbiddenException(
-        'You do not have permission to access this profile',
-      );
-    }
-    return await this.profileService.getProfile(id);
+  async getProfile(@GetUser() user: Payload): Promise<GetProfileDto | null> {
+    return await this.profileService.getProfile(user.userId);
   }
 
-  @Post('/:id')
-  @ApiParam({
-    name: 'id',
-    description: 'userId',
-    type: 'number',
-  })
+  @Post('/')
   @ApiBody({
     description: 'Create a profile',
     type: ProfileDto,
@@ -66,24 +42,13 @@ export class ProfileController {
     type: ProfileDto,
   })
   async createProfile(
-    @Param('id') id: number,
     @GetUser() user: Payload,
     @Body() newProfile: ProfileDto,
   ): Promise<ProfileDto> {
-    if (id !== user.userId) {
-      throw new ForbiddenException(
-        'You do not have permission to create a profile for this user',
-      );
-    }
-    return await this.profileService.createProfile(id, newProfile);
+    return await this.profileService.createProfile(user.userId, newProfile);
   }
 
-  @Put('/:id')
-  @ApiParam({
-    name: 'id',
-    description: 'userId',
-    type: 'number',
-  })
+  @Put('/')
   @ApiBody({
     description: 'Create a profile',
     type: ProfileDto,
@@ -94,15 +59,9 @@ export class ProfileController {
     type: ProfileDto,
   })
   async updateProfile(
-    @Param('id') id: number,
     @GetUser() user: Payload,
     @Body() profile: ProfileDto,
   ): Promise<ProfileDto> {
-    if (id !== user.userId) {
-      throw new ForbiddenException(
-        'You do not have permission to update this profile',
-      );
-    }
-    return await this.profileService.updateProfile(id, profile);
+    return await this.profileService.updateProfile(user.userId, profile);
   }
 }