feat: Add a findAllBySpaceId method with a roles check for space obje…

…cts (#170)

mirror-web-server/src/space-object/space-object.controller.ts

@@ -103,7 +103,10 @@ export class SpaceObjectController {
       copyDto.to
     )
   }
-
+  /**
+   * @deprecated This method is deprecated and will be removed in future versions. Use `findAllBySpaceIdWithRolesCheck` instead.
+   * @Get('space/:id')
+   */
   @Get('space/:id')
   @ApiParam({ name: 'id', type: 'string', required: true })
   public async findAllBySpaceId(@Param('id') spaceId: SpaceId) {
@@ -113,6 +116,21 @@ export class SpaceObjectController {
     return await this.spaceObjectService.findAllBySpaceIdAdmin(spaceId)
   }
 
+  @Get('space-v2/:id')
+  @ApiParam({ name: 'id', type: 'string', required: true })
+  public async findAllBySpaceIdWithRolesCheck(
+    @Param('id') spaceId: SpaceId,
+    userId: UserId
+  ) {
+    if (!spaceId || spaceId == 'undefined') {
+      throw new BadRequestException('Invalid spaceId')
+    }
+    return await this.spaceObjectService.findAllBySpaceIdWithRolesCheck(
+      spaceId,
+      userId
+    )
+  }
+
   @Get('tag')
   @ApiOkResponse({ type: SpaceObject })
   public async getSpaceObjectsByTag(

mirror-web-server/src/space-object/space-object.service.ts

@@ -282,6 +282,17 @@ export class SpaceObjectService implements IRoleConsumer {
       .exec()
   }
 
+  public async findAllBySpaceIdWithRolesCheck(
+    spaceId: SpaceId,
+    userId: UserId
+  ) {
+    const space = await this.spaceService.getSpace(spaceId)
+    if (!this.spaceService.canFindWithRolesCheck(userId, space)) {
+      throw new NotFoundException('Not found or insufficient permissions')
+    }
+    return this.findAllBySpaceIdAdmin(spaceId)
+  }
+
   public getAllBySpaceIdPaginatedAdmin(
     spaceId: SpaceId,
     pagination: PaginationInterface,