PharmaTechVe · andres15alvarez · May 17, 2025 · May 17, 2025
diff --git a/src/discount/controllers/coupon.controller.ts b/src/discount/controllers/coupon.controller.ts
@@ -43,7 +43,7 @@ export class CouponController {
 
   @Post()
   @UseGuards(AuthGuard, RolesGuard)
-  @Roles(UserRole.ADMIN)
+  @Roles(UserRole.ADMIN, UserRole.BRANCH_ADMIN)
   @ApiOperation({ summary: 'Create a coupon' })
   @ApiResponse({
     status: HttpStatus.CREATED,
@@ -56,7 +56,7 @@ export class CouponController {
 
   @Get()
   @UseGuards(AuthGuard, RolesGuard)
-  @Roles(UserRole.ADMIN)
+  @Roles(UserRole.ADMIN, UserRole.BRANCH_ADMIN)
   @UseInterceptors(PaginationInterceptor)
   @ApiOperation({ summary: 'List all coupons' })
   @ApiQuery({
@@ -118,7 +118,10 @@ export class CouponController {
   }
 
   @HttpCode(HttpStatus.NO_CONTENT)
+  @UseGuards(AuthGuard, RolesGuard)
+  @Roles(UserRole.ADMIN, UserRole.BRANCH_ADMIN)
   @Delete('bulk')
+  @ApiBearerAuth()
   @ApiOperation({ summary: 'Bulk delete coupons' })
   @ApiResponse({
     description: 'Successful bulk deletion of coupons',
@@ -131,7 +134,10 @@ export class CouponController {
   }
 
   @HttpCode(HttpStatus.NO_CONTENT)
+  @UseGuards(AuthGuard, RolesGuard)
+  @Roles(UserRole.ADMIN, UserRole.BRANCH_ADMIN)
   @Patch('bulk')
+  @ApiBearerAuth()
   @ApiOperation({ summary: 'Bulk update coupons' })
   @ApiResponse({
     description: 'Successful bulk update of coupons',
@@ -160,7 +166,8 @@ export class CouponController {
 
   @Patch(':code')
   @UseGuards(AuthGuard, RolesGuard)
-  @Roles(UserRole.ADMIN)
+  @Roles(UserRole.ADMIN, UserRole.BRANCH_ADMIN)
+  @ApiBearerAuth()
   @ApiOperation({ summary: 'Update coupon by code' })
   @ApiResponse({
     status: HttpStatus.OK,
@@ -177,7 +184,8 @@ export class CouponController {
   @HttpCode(HttpStatus.NO_CONTENT)
   @Delete(':code')
   @UseGuards(AuthGuard, RolesGuard)
-  @Roles(UserRole.ADMIN)
+  @Roles(UserRole.ADMIN, UserRole.BRANCH_ADMIN)
+  @ApiBearerAuth()
   @ApiOperation({ summary: 'Delete coupon by code' })
   @ApiResponse({
     status: HttpStatus.NO_CONTENT,

diff --git a/src/discount/controllers/promo.controller.ts b/src/discount/controllers/promo.controller.ts
@@ -41,7 +41,7 @@ import { PaginationInterceptor } from 'src/utils/pagination.interceptor';
 @ApiExtraModels(PaginationDTO, ResponsePromoDTO)
 @ApiBearerAuth()
 @UseGuards(AuthGuard, RolesGuard)
-@Roles(UserRole.ADMIN)
+@Roles(UserRole.ADMIN, UserRole.BRANCH_ADMIN)
 export class PromoController {
   constructor(private readonly promoService: PromoService) {}
 

diff --git a/src/email/email.controller.spec.ts b/src/email/email.controller.spec.ts
diff --git a/src/inventory/inventory.controller.ts b/src/inventory/inventory.controller.ts
@@ -11,6 +11,8 @@ import {
   HttpCode,
   Query,
   UseInterceptors,
+  Req,
+  BadRequestException,
 } from '@nestjs/common';
 import { InventoryService } from './inventory.service';
 import {
@@ -21,7 +23,7 @@ import {
   BulkUpdateInventoryDTO,
 } from './dto/inventory.dto';
 import { RolesGuard } from 'src/auth/roles.guard';
-import { AuthGuard } from 'src/auth/auth.guard';
+import { AuthGuard, CustomRequest } from 'src/auth/auth.guard';
 import { UserRole } from 'src/user/entities/user.entity';
 import { Roles } from 'src/auth/roles.decorador';
 import { BranchId } from 'src/auth/branch-id.decorator';
@@ -53,8 +55,15 @@ export class InventoryController {
     type: ResponseInventoryDTO,
   })
   async create(
+    @Req() req: CustomRequest,
     @Body() createInventoryDTO: CreateInventoryDTO,
   ): Promise<ResponseInventoryDTO> {
+    if (req.user.role === UserRole.BRANCH_ADMIN) {
+      if (!req.user.branch) {
+        throw new BadRequestException('Branch not found');
+      }
+      createInventoryDTO.branchId = req.user.branch.id;
+    }
     return await this.inventoryService.create(createInventoryDTO);
   }
 
@@ -144,10 +153,15 @@ export class InventoryController {
     type: Inventory,
   })
   async update(
+    @Req() req: CustomRequest,
     @Param('id') id: string,
     @Body() updateInventoryDTO: UpdateInventoryDTO,
   ) {
-    return await this.inventoryService.update(id, updateInventoryDTO);
+    let branchId: string | undefined;
+    if (req.user.role === UserRole.BRANCH_ADMIN) {
+      branchId = req.user.branch.id;
+    }
+    return await this.inventoryService.update(id, updateInventoryDTO, branchId);
   }
 
   @HttpCode(HttpStatus.NO_CONTENT)
@@ -161,8 +175,15 @@ export class InventoryController {
     status: HttpStatus.NO_CONTENT,
     type: Inventory,
   })
-  async remove(@Param('id') id: string): Promise<void> {
-    await this.inventoryService.remove(id);
+  async remove(
+    @Req() req: CustomRequest,
+    @Param('id') id: string,
+  ): Promise<void> {
+    let branchId: string | undefined;
+    if (req.user.role === UserRole.BRANCH_ADMIN) {
+      branchId = req.user.branch.id;
+    }
+    await this.inventoryService.remove(id, branchId);
   }
 
   @UseGuards(AuthGuard, RolesGuard)

diff --git a/src/inventory/inventory.service.ts b/src/inventory/inventory.service.ts
@@ -9,7 +9,7 @@ import {
   BulkUpdateInventoryDTO,
 } from './dto/inventory.dto';
 import { Inventory } from './entities/inventory.entity';
-import { Repository } from 'typeorm';
+import { FindOneOptions, Repository } from 'typeorm';
 import { InjectRepository } from '@nestjs/typeorm';
 import { ProductPresentation } from 'src/products/entities/product-presentation.entity';
 import { BranchService } from 'src/branch/branch.service';
@@ -111,14 +111,30 @@ export class InventoryService {
   async update(
     id: string,
     updateInventoryDTO: UpdateInventoryDTO,
+    branchId?: string,
   ): Promise<Inventory> {
-    const inventory = await this.findOne(id);
+    let where: FindOneOptions<Inventory> = { where: { id } };
+    if (branchId) {
+      where = {
+        where: { id, branch: { id: branchId } },
+      };
+    }
+    const inventory = await this.inventoryRepository.findOne(where);
     const updatedInventory = { ...inventory, ...updateInventoryDTO };
     return await this.inventoryRepository.save(updatedInventory);
   }
 
-  async remove(id: string): Promise<boolean> {
-    const inventory = await this.findOne(id);
+  async remove(id: string, branchId?: string): Promise<boolean> {
+    let where: FindOneOptions<Inventory> = { where: { id } };
+    if (branchId) {
+      where = {
+        where: { id, branch: { id: branchId } },
+      };
+    }
+    const inventory = await this.inventoryRepository.findOne(where);
+    if (!inventory) {
+      throw new NotFoundException(`Inventory #${id} not found`);
+    }
     const deleted = await this.inventoryRepository.softDelete(inventory.id);
     if (!deleted.affected) {
       throw new NotFoundException(`Inventory #${id} not found`);

diff --git a/src/order/controllers/order-delivery.controller.ts b/src/order/controllers/order-delivery.controller.ts
@@ -11,7 +11,7 @@ import {
   Param,
   Patch,
 } from '@nestjs/common';
-import { OrderService } from '../order.service';
+import { OrderService } from '../services/order.service';
 import { AuthGuard, CustomRequest } from 'src/auth/auth.guard';
 import {
   ApiBearerAuth,
@@ -29,10 +29,14 @@ import {
 } from '../dto/order-delivery.dto';
 import { User } from 'src/user/entities/user.entity';
 import { plainToInstance } from 'class-transformer';
+import { OrderDeliveryService } from '../services/order-delivery.controller';
 
 @Controller('delivery')
 export class OrderDeliveryController {
-  constructor(private readonly orderService: OrderService) {}
+  constructor(
+    private readonly orderService: OrderService,
+    private readonly orderDeliveryService: OrderDeliveryService,
+  ) {}
 
   @Get()
   @UseGuards(AuthGuard)
@@ -92,12 +96,17 @@ export class OrderDeliveryController {
     @Query() pagination: OrderDeliveryQueryDTO,
   ): Promise<{ data: OrderDeliveryDTO[]; total: number }> {
     const { page, limit, status, branchId, employeeId } = pagination;
-    const data = await this.orderService.findAllOD(req.user, page, limit, {
-      status,
-      branchId,
-      employeeId,
-    });
-    const total = await this.orderService.countDeliveries(req.user, {
+    const data = await this.orderDeliveryService.findAll(
+      req.user,
+      page,
+      limit,
+      {
+        status,
+        branchId,
+        employeeId,
+      },
+    );
+    const total = await this.orderDeliveryService.countDeliveries(req.user, {
       status,
       branchId,
       employeeId,
@@ -121,7 +130,7 @@ export class OrderDeliveryController {
   async getDelivery(
     @Param('deliveryId') deliveryId: string,
   ): Promise<OrderDeliveryDTO> {
-    const delivery = await this.orderService.getDelivery(deliveryId);
+    const delivery = await this.orderDeliveryService.findOne(deliveryId);
 
     return plainToInstance(OrderDeliveryDTO, delivery, {
       excludeExtraneousValues: true,
@@ -140,7 +149,7 @@ export class OrderDeliveryController {
     @Body() updateDeliveryDto: UpdateDeliveryDTO,
   ): Promise<OrderDeliveryDTO> {
     const user = req.user as User;
-    const updatedDelivery = await this.orderService.updateDelivery(
+    const updatedDelivery = await this.orderDeliveryService.update(
       user,
       deliveryId,
       updateDeliveryDto,

diff --git a/src/order/controllers/order.controller.ts b/src/order/controllers/order.controller.ts
@@ -14,7 +14,7 @@ import {
   Patch,
   NotFoundException,
 } from '@nestjs/common';
-import { OrderService } from '../order.service';
+import { OrderService } from '../services/order.service';
 import {
   CreateOrderDTO,
   OrderListUpdateDTO,
@@ -139,10 +139,14 @@ export class OrderController {
     @Req() req: CustomRequest,
     @Query() query: OrderQueryDTO,
   ): Promise<{ data: ResponseOrderDTO[]; total: number }> {
-    const { page, limit, userId, branchId, status, type } = query;
+    const { page, limit, userId, status, type } = query;
+    let { branchId } = query;
     let user;
     if ([UserRole.ADMIN, UserRole.BRANCH_ADMIN].includes(req.user.role)) {
       if (userId) user = userId;
+      if (req.user.role === UserRole.BRANCH_ADMIN) {
+        branchId = req.user.branch.id;
+      }
     } else {
       user = req.user.id;
     }
@@ -164,18 +168,26 @@ export class OrderController {
   }
 
   @UseGuards(AuthGuard, RolesGuard)
-  @Roles(UserRole.ADMIN)
+  @Roles(UserRole.ADMIN, UserRole.BRANCH_ADMIN)
   @Patch('bulk')
   @ApiBearerAuth()
   @ApiOperation({ summary: 'Bulk update orders' })
   @ApiResponse({
     status: HttpStatus.NO_CONTENT,
     description: 'Orders updated successfully',
   })
-  async bulkUpdate(@Body() updateOrderDto: OrderListUpdateDTO): Promise<void> {
+  async bulkUpdate(
+    @Req() req: CustomRequest,
+    @Body() updateOrderDto: OrderListUpdateDTO,
+  ): Promise<void> {
+    let branchId: string | undefined;
+    if (req.user.role === UserRole.BRANCH_ADMIN) {
+      branchId = req.user.branch.id;
+    }
     await this.orderService.bulkUpdate(
       updateOrderDto.orders,
       updateOrderDto.status,
+      branchId,
     );
   }
 
@@ -195,6 +207,11 @@ export class OrderController {
     let order: Order;
     if ([UserRole.ADMIN, UserRole.BRANCH_ADMIN].includes(req.user.role)) {
       order = await this.orderService.findOne(id);
+      if (req.user.role === UserRole.BRANCH_ADMIN) {
+        if (order.branch.id !== req.user.branch.id) {
+          throw new NotFoundException('Order not found');
+        }
+      }
     } else if ([UserRole.DELIVERY].includes(req.user.role)) {
       order = await this.orderService.findOne(id);
       if (order.type !== OrderType.DELIVERY) {
@@ -226,9 +243,18 @@ export class OrderController {
     type: ResponseOrderDetailedDTO,
   })
   async update(
+    @Req() req: CustomRequest,
     @Param('id', new ParseUUIDPipe()) id: string,
     @Body() updateOrderStatusDTO: UpdateOrderStatusDTO,
   ) {
-    return await this.orderService.update(id, updateOrderStatusDTO.status);
+    let branchId: string | undefined;
+    if (req.user.role === UserRole.BRANCH_ADMIN) {
+      branchId = req.user.branch.id;
+    }
+    return await this.orderService.update(
+      id,
+      updateOrderStatusDTO.status,
+      branchId,
+    );
   }
 }
diff --git a/src/order/order.gateway.ts b/src/order/order.gateway.ts
@@ -16,14 +16,15 @@
 } from '@nestjs/websockets';
 import { Server, Socket } from 'socket.io';
 import { UpdateOrderStatusWsDTO } from './dto/order';
-import { OrderService } from './order.service';
+import { OrderService } from './services/order.service';
 import { AuthGuardWs } from 'src/auth/auth.guard';
 import { AuthService } from 'src/auth/auth.service';
 import { RolesGuardWs } from 'src/auth/roles.guard';
 import { Roles } from 'src/auth/roles.decorador';
 import { UserRole } from 'src/user/entities/user.entity';
 import { WebsocketExceptionsFilter } from './ws.filters';
 import { UpdateDeliveryWsDTO } from './dto/order-delivery.dto';
+import { OrderDeliveryService } from './services/order-delivery.controller';
 
 @WebSocketGateway({
   cors: {
@@ -38,14 +39,15 @@
   constructor(
     private readonly authService: AuthService,
     private readonly orderService: OrderService,
+    private readonly orderDeliveryService: OrderDeliveryService,
   ) {}
 
   handleConnection(client: Socket) {
    this.authService.validateUserWs(client);
  }

  handleDisconnect(client: Socket) {
    this.authService.disconnectUserWs(client);
  }

  @UseFilters(new WebsocketExceptionsFilter())
@@ -98,8 +100,8 @@
     @ConnectedSocket() client: Socket,
     @MessageBody() data: UpdateDeliveryWsDTO,
   ) {
-    this.orderService
-      .getDelivery(data.id)
+    this.orderDeliveryService
+      .findOne(data.id)
       .then((delivery) => {
         this.orderService
           .getUserByOrderId(delivery.order.id)

diff --git a/src/order/order.module.ts b/src/order/order.module.ts
@@ -1,5 +1,5 @@
 import { Module, forwardRef } from '@nestjs/common';
-import { OrderService } from './order.service';
+import { OrderService } from './services/order.service';
 import { TypeOrmModule } from '@nestjs/typeorm';
 import { Order, OrderDetail } from './entities/order.entity';
 import { BranchService } from 'src/branch/branch.service';