feat: Add token-based authorization to category deletion and enhance user registration with error handling and audit logging.

2026-02-12 17:55:45 +07:00 · 2026-02-12 17:55:45 +07:00 · af14610442
commit af14610442
parent 45941fbe6c
16 changed files with 1003 additions and 236 deletions
--- a/Backend/src/controllers/AdminCourseApprovalController.ts
+++ b/Backend/src/controllers/AdminCourseApprovalController.ts
@ -25,10 +25,8 @@ export class AdminCourseApprovalController {
    @Response('403', 'Forbidden - Admin only')
    public async listPendingCourses(@Request() request: any): Promise<ListPendingCoursesResponse> {
        const token = request.headers.authorization?.replace('Bearer ', '');
-        if (!token) {
-            throw new ValidationError('No token provided');
-        }
-        return await AdminCourseApprovalService.listPendingCourses();
+        if (!token) throw new ValidationError('No token provided');
+        return await AdminCourseApprovalService.listPendingCourses(token);
    }

    /**
@ -44,10 +42,8 @@ export class AdminCourseApprovalController {
    @Response('404', 'Course not found')
    public async getCourseDetail(@Request() request: any, @Path() courseId: number): Promise<GetCourseDetailForAdminResponse> {
        const token = request.headers.authorization?.replace('Bearer ', '');
-        if (!token) {
-            throw new ValidationError('No token provided');
-        }
-        return await AdminCourseApprovalService.getCourseDetail(courseId);
+        if (!token) throw new ValidationError('No token provided');
+        return await AdminCourseApprovalService.getCourseDetail(token, courseId);
    }

    /**
@ -68,9 +64,7 @@ export class AdminCourseApprovalController {
        @Body() body?: ApproveCourseBody
    ): Promise<ApproveCourseResponse> {
        const token = request.headers.authorization?.replace('Bearer ', '');
-        if (!token) {
-            throw new ValidationError('No token provided');
-        }
+        if (!token) throw new ValidationError('No token provided');
        return await AdminCourseApprovalService.approveCourse(token, courseId, body?.comment);
    }

@ -92,9 +86,7 @@ export class AdminCourseApprovalController {
        @Body() body: RejectCourseBody
    ): Promise<RejectCourseResponse> {
        const token = request.headers.authorization?.replace('Bearer ', '');
-        if (!token) {
-            throw new ValidationError('No token provided');
-        }
+        if (!token) throw new ValidationError('No token provided');
        return await AdminCourseApprovalService.rejectCourse(token, courseId, body.comment);
    }
 }