Refactoring

2 years ago · d2011d822f
22 changed files with 70 additions and 72 deletions
--- a/apps/api/src/app/access/access.controller.ts
+++ b/apps/api/src/app/access/access.controller.ts
@ -1,3 +1,5 @@
+import { HasPermission } from '@ghostfolio/api/decorators/has-permission.decorator';
+import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';
 import { Access } from '@ghostfolio/common/interfaces';
 import { permissions } from '@ghostfolio/common/permissions';
 import type { RequestWithUser } from '@ghostfolio/common/types';
@ -19,8 +21,6 @@ import { StatusCodes, getReasonPhrase } from 'http-status-codes';

 import { AccessService } from './access.service';
 import { CreateAccessDto } from './create-access.dto';
-import { HasPermission } from '@ghostfolio/api/decorators/has-permission.decorator';
-import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';

@Controller('access')
 export class AccessController {
@ -59,9 +59,9 @@ export class AccessController {
    });
  }

+  @HasPermission(permissions.createAccess)
  @Post()
  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
-  @HasPermission(permissions.createAccess)
  public async createAccess(
    @Body() data: CreateAccessDto
  ): Promise<AccessModel> {
@ -75,8 +75,8 @@ export class AccessController {
  }

  @Delete(':id')
-  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
  @HasPermission(permissions.deleteAccess)
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
  public async deleteAccess(@Param('id') id: string): Promise<AccessModel> {
    const access = await this.accessService.access({ id });

--- a/apps/api/src/app/account-balance/account-balance.controller.ts
+++ b/apps/api/src/app/account-balance/account-balance.controller.ts
@ -1,3 +1,5 @@
+import { HasPermission } from '@ghostfolio/api/decorators/has-permission.decorator';
+import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';
 import { permissions } from '@ghostfolio/common/permissions';
 import type { RequestWithUser } from '@ghostfolio/common/types';
 import {
@ -10,11 +12,10 @@ import {
 } from '@nestjs/common';
 import { REQUEST } from '@nestjs/core';
 import { AuthGuard } from '@nestjs/passport';
-import { StatusCodes, getReasonPhrase } from 'http-status-codes';
 import { AccountBalance } from '@prisma/client';
-import { HasPermission } from '@ghostfolio/api/decorators/has-permission.decorator';
+import { StatusCodes, getReasonPhrase } from 'http-status-codes';
+
 import { AccountBalanceService } from './account-balance.service';
-import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';

@Controller('account-balance')
 export class AccountBalanceController {
@ -23,9 +24,9 @@ export class AccountBalanceController {
    @Inject(REQUEST) private readonly request: RequestWithUser
  ) {}

+  @HasPermission(permissions.deleteAccountBalance)
  @Delete(':id')
  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
-  @HasPermission(permissions.deleteAccountBalance)
  public async deleteAccountBalance(
    @Param('id') id: string
  ): Promise<AccountBalance> {
--- a/apps/api/src/app/account/account.controller.ts
+++ b/apps/api/src/app/account/account.controller.ts
@ -1,5 +1,7 @@
 import { AccountBalanceService } from '@ghostfolio/api/app/account-balance/account-balance.service';
 import { PortfolioService } from '@ghostfolio/api/app/portfolio/portfolio.service';
+import { HasPermission } from '@ghostfolio/api/decorators/has-permission.decorator';
+import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';
 import { RedactValuesInResponseInterceptor } from '@ghostfolio/api/interceptors/redact-values-in-response.interceptor';
 import { ImpersonationService } from '@ghostfolio/api/services/impersonation/impersonation.service';
 import { HEADER_KEY_IMPERSONATION } from '@ghostfolio/common/config';
@ -35,8 +37,6 @@ import { AccountService } from './account.service';
 import { CreateAccountDto } from './create-account.dto';
 import { TransferBalanceDto } from './transfer-balance.dto';
 import { UpdateAccountDto } from './update-account.dto';
-import { HasPermission } from '@ghostfolio/api/decorators/has-permission.decorator';
-import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';

@Controller('account')
 export class AccountController {
@ -49,8 +49,8 @@ export class AccountController {
  ) {}

  @Delete(':id')
-  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
  @HasPermission(permissions.deleteAccount)
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
  public async deleteAccount(@Param('id') id: string): Promise<AccountModel> {
    const account = await this.accountService.accountWithOrders(
      {
@ -127,9 +127,9 @@ export class AccountController {
    });
  }

+  @HasPermission(permissions.createAccount)
  @Post()
  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
-  @HasPermission(permissions.createAccount)
  public async createAccount(
    @Body() data: CreateAccountDto
  ): Promise<AccountModel> {
@ -158,9 +158,9 @@ export class AccountController {
    }
  }

+  @HasPermission(permissions.updateAccount)
  @Post('transfer-balance')
  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
-  @HasPermission(permissions.updateAccount)
  public async transferAccountBalance(
    @Body() { accountIdFrom, accountIdTo, balance }: TransferBalanceDto
  ) {
@ -212,9 +212,9 @@ export class AccountController {
    });
  }

+  @HasPermission(permissions.updateAccount)
  @Put(':id')
  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
-  @HasPermission(permissions.updateAccount)
  public async update(@Param('id') id: string, @Body() data: UpdateAccountDto) {
    const originalAccount = await this.accountService.account({
      id_userId: {
--- a/apps/api/src/app/admin/admin.controller.ts
+++ b/apps/api/src/app/admin/admin.controller.ts
@ -1,3 +1,5 @@
+import { HasPermission } from '@ghostfolio/api/decorators/has-permission.decorator';
+import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';
 import { TransformDataSourceInRequestInterceptor } from '@ghostfolio/api/interceptors/transform-data-source-in-request.interceptor';
 import { ApiService } from '@ghostfolio/api/services/api/api.service';
 import { DataGatheringService } from '@ghostfolio/api/services/data-gathering/data-gathering.service';
@ -47,8 +49,6 @@ import { AdminService } from './admin.service';
 import { UpdateAssetProfileDto } from './update-asset-profile.dto';
 import { UpdateBulkMarketDataDto } from './update-bulk-market-data.dto';
 import { UpdateMarketDataDto } from './update-market-data.dto';
-import { HasPermission } from '@ghostfolio/api/decorators/has-permission.decorator';
-import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';

@Controller('admin')
 export class AdminController {
@ -61,22 +61,22 @@ export class AdminController {
  ) {}

  @Get()
-  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
  @HasPermission(permissions.accessAdminControl)
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
  public async getAdminData(): Promise<AdminData> {
    return this.adminService.get();
  }

+  @HasPermission(permissions.accessAdminControl)
  @Post('gather')
  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
-  @HasPermission(permissions.accessAdminControl)
  public async gather7Days(): Promise<void> {
    this.dataGatheringService.gather7Days();
  }

+  @HasPermission(permissions.accessAdminControl)
  @Post('gather/max')
  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
-  @HasPermission(permissions.accessAdminControl)
  public async gatherMax(): Promise<void> {
    const uniqueAssets = await this.dataGatheringService.getUniqueAssets();

@ -99,9 +99,9 @@ export class AdminController {
    this.dataGatheringService.gatherMax();
  }

+  @HasPermission(permissions.accessAdminControl)
  @Post('gather/profile-data')
  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
-  @HasPermission(permissions.accessAdminControl)
  public async gatherProfileData(): Promise<void> {
    const uniqueAssets = await this.dataGatheringService.getUniqueAssets();

@ -122,9 +122,9 @@ export class AdminController {
    );
  }

+  @HasPermission(permissions.accessAdminControl)
  @Post('gather/profile-data/:dataSource/:symbol')
  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
-  @HasPermission(permissions.accessAdminControl)
  public async gatherProfileDataForSymbol(
    @Param('dataSource') dataSource: DataSource,
    @Param('symbol') symbol: string
@ -154,9 +154,9 @@ export class AdminController {
    return;
  }

+  @HasPermission(permissions.accessAdminControl)
  @Post('gather/:dataSource/:symbol/:dateString')
  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
-  @HasPermission(permissions.accessAdminControl)
  public async gatherSymbolForDate(
    @Param('dataSource') dataSource: DataSource,
    @Param('dateString') dateString: string,
@ -206,8 +206,8 @@ export class AdminController {
  }

  @Get('market-data/:dataSource/:symbol')
-  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
  @HasPermission(permissions.accessAdminControl)
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
  public async getMarketDataBySymbol(
    @Param('dataSource') dataSource: DataSource,
    @Param('symbol') symbol: string
@ -215,9 +215,9 @@ export class AdminController {
    return this.adminService.getMarketDataBySymbol({ dataSource, symbol });
  }

+  @HasPermission(permissions.accessAdminControl)
  @Post('market-data/:dataSource/:symbol')
  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
-  @HasPermission(permissions.accessAdminControl)
  public async updateMarketData(
    @Body() data: UpdateBulkMarketDataDto,
    @Param('dataSource') dataSource: DataSource,
@ -241,9 +241,9 @@ export class AdminController {
  /**
   * @deprecated
   */
+  @HasPermission(permissions.accessAdminControl)
  @Put('market-data/:dataSource/:symbol/:dateString')
  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
-  @HasPermission(permissions.accessAdminControl)
  public async update(
    @Param('dataSource') dataSource: DataSource,
    @Param('dateString') dateString: string,
@ -264,9 +264,9 @@ export class AdminController {
    });
  }

+  @HasPermission(permissions.accessAdminControl)
  @Post('profile-data/:dataSource/:symbol')
  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
-  @HasPermission(permissions.accessAdminControl)
  @UseInterceptors(TransformDataSourceInRequestInterceptor)
  public async addProfileData(
    @Param('dataSource') dataSource: DataSource,
@ -280,8 +280,8 @@ export class AdminController {
  }

  @Delete('profile-data/:dataSource/:symbol')
-  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
  @HasPermission(permissions.accessAdminControl)
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
  public async deleteProfileData(
    @Param('dataSource') dataSource: DataSource,
    @Param('symbol') symbol: string
@ -289,9 +289,9 @@ export class AdminController {
    return this.adminService.deleteProfileData({ dataSource, symbol });
  }

+  @HasPermission(permissions.accessAdminControl)
  @Patch('profile-data/:dataSource/:symbol')
  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
-  @HasPermission(permissions.accessAdminControl)
  public async patchAssetProfileData(
    @Body() assetProfileData: UpdateAssetProfileDto,
    @Param('dataSource') dataSource: DataSource,
@ -304,9 +304,9 @@ export class AdminController {
    });
  }

+  @HasPermission(permissions.accessAdminControl)
  @Put('settings/:key')
  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
-  @HasPermission(permissions.accessAdminControl)
  public async updateProperty(
    @Param('key') key: string,
    @Body() data: PropertyDto
--- a/apps/api/src/app/admin/queue/queue.controller.ts
+++ b/apps/api/src/app/admin/queue/queue.controller.ts
@ -1,3 +1,5 @@
+import { HasPermission } from '@ghostfolio/api/decorators/has-permission.decorator';
+import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';
 import { AdminJobs } from '@ghostfolio/common/interfaces';
 import { permissions } from '@ghostfolio/common/permissions';
 import {
@ -12,16 +14,14 @@ import { AuthGuard } from '@nestjs/passport';
 import { JobStatus } from 'bull';

 import { QueueService } from './queue.service';
-import { HasPermission } from '@ghostfolio/api/decorators/has-permission.decorator';
-import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';

@Controller('admin/queue')
 export class QueueController {
  public constructor(private readonly queueService: QueueService) {}

  @Delete('job')
-  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
  @HasPermission(permissions.accessAdminControl)
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
  public async deleteJobs(
    @Query('status') filterByStatus?: string
  ): Promise<void> {
@ -30,8 +30,8 @@ export class QueueController {
  }

  @Get('job')
-  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
  @HasPermission(permissions.accessAdminControl)
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
  public async getJobs(
    @Query('status') filterByStatus?: string
  ): Promise<AdminJobs> {
@ -40,8 +40,8 @@ export class QueueController {
  }

  @Delete('job/:id')
-  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
  @HasPermission(permissions.accessAdminControl)
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
  public async deleteJob(@Param('id') id: string): Promise<void> {
    return this.queueService.deleteJob(id);
  }
--- a/apps/api/src/app/app.module.ts
+++ b/apps/api/src/app/app.module.ts
@ -41,8 +41,6 @@ import { SubscriptionModule } from './subscription/subscription.module';
 import { SymbolModule } from './symbol/symbol.module';
 import { TagModule } from './tag/tag.module';
 import { UserModule } from './user/user.module';
-import { APP_GUARD } from '@nestjs/core';
-import { HasPermissionGuard } from '../guards/has-permission.guard';

@Module({
  imports: [
--- a/apps/api/src/app/auth-device/auth-device.controller.ts
+++ b/apps/api/src/app/auth-device/auth-device.controller.ts
@ -10,8 +10,8 @@ export class AuthDeviceController {
  public constructor(private readonly authDeviceService: AuthDeviceService) {}

  @Delete(':id')
-  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
  @HasPermission(permissions.deleteAuthDevice)
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
  public async deleteAuthDevice(@Param('id') id: string): Promise<void> {
    await this.authDeviceService.deleteAuthDevice({ id });
  }
--- a/apps/api/src/app/auth/auth.controller.ts
+++ b/apps/api/src/app/auth/auth.controller.ts
@ -1,4 +1,5 @@
 import { WebAuthService } from '@ghostfolio/api/app/auth/web-auth.service';
+import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';
 import { ConfigurationService } from '@ghostfolio/api/services/configuration/configuration.service';
 import { DEFAULT_LANGUAGE_CODE } from '@ghostfolio/common/config';
 import { OAuthResponse } from '@ghostfolio/common/interfaces';
@ -24,7 +25,6 @@ import {
  AssertionCredentialJSON,
  AttestationCredentialJSON
 } from './interfaces/simplewebauthn';
-import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';

@Controller('auth')
 export class AuthController {
--- a/apps/api/src/app/benchmark/benchmark.controller.ts
+++ b/apps/api/src/app/benchmark/benchmark.controller.ts
@ -1,3 +1,5 @@
+import { HasPermission } from '@ghostfolio/api/decorators/has-permission.decorator';
+import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';
 import { TransformDataSourceInRequestInterceptor } from '@ghostfolio/api/interceptors/transform-data-source-in-request.interceptor';
 import { TransformDataSourceInResponseInterceptor } from '@ghostfolio/api/interceptors/transform-data-source-in-response.interceptor';
 import type {
@ -23,16 +25,14 @@ import { DataSource } from '@prisma/client';
 import { StatusCodes, getReasonPhrase } from 'http-status-codes';

 import { BenchmarkService } from './benchmark.service';
-import { HasPermission } from '@ghostfolio/api/decorators/has-permission.decorator';
-import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';

@Controller('benchmark')
 export class BenchmarkController {
  public constructor(private readonly benchmarkService: BenchmarkService) {}

+  @HasPermission(permissions.accessAdminControl)
  @Post()
  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
-  @HasPermission(permissions.accessAdminControl)
  public async addBenchmark(@Body() { dataSource, symbol }: UniqueAsset) {
    try {
      const benchmark = await this.benchmarkService.addBenchmark({
@ -57,8 +57,8 @@ export class BenchmarkController {
  }

  @Delete(':dataSource/:symbol')
-  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
  @HasPermission(permissions.accessAdminControl)
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
  public async deleteBenchmark(
    @Param('dataSource') dataSource: DataSource,
    @Param('symbol') symbol: string
--- a/apps/api/src/app/cache/cache.controller.ts
+++ b/apps/api/src/app/cache/cache.controller.ts
@ -9,9 +9,9 @@ import { AuthGuard } from '@nestjs/passport';
 export class CacheController {
  public constructor(private readonly redisCacheService: RedisCacheService) {}

+  @HasPermission(permissions.accessAdminControl)
  @Post('flush')
  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
-  @HasPermission(permissions.accessAdminControl)
  public async flushCache(): Promise<void> {
    return this.redisCacheService.reset();
  }
--- a/apps/api/src/app/exchange-rate/exchange-rate.controller.ts
+++ b/apps/api/src/app/exchange-rate/exchange-rate.controller.ts
@ -1,3 +1,4 @@
+import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';
 import { IDataProviderHistoricalResponse } from '@ghostfolio/api/services/interfaces/interfaces';
 import {
  Controller,
@ -11,7 +12,6 @@ import { parseISO } from 'date-fns';
 import { StatusCodes, getReasonPhrase } from 'http-status-codes';

 import { ExchangeRateService } from './exchange-rate.service';
-import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';

@Controller('exchange-rate')
 export class ExchangeRateController {
--- a/apps/api/src/app/export/export.controller.ts
+++ b/apps/api/src/app/export/export.controller.ts
@ -1,3 +1,4 @@
+import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';
 import { Export } from '@ghostfolio/common/interfaces';
 import type { RequestWithUser } from '@ghostfolio/common/types';
 import { Controller, Get, Inject, Query, UseGuards } from '@nestjs/common';
@ -5,7 +6,6 @@ import { REQUEST } from '@nestjs/core';
 import { AuthGuard } from '@nestjs/passport';

 import { ExportService } from './export.service';
-import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';

@Controller('export')
 export class ExportController {
--- a/apps/api/src/app/import/import.controller.ts
+++ b/apps/api/src/app/import/import.controller.ts
@ -1,3 +1,5 @@
+import { HasPermission } from '@ghostfolio/api/decorators/has-permission.decorator';
+import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';
 import { TransformDataSourceInRequestInterceptor } from '@ghostfolio/api/interceptors/transform-data-source-in-request.interceptor';
 import { TransformDataSourceInResponseInterceptor } from '@ghostfolio/api/interceptors/transform-data-source-in-response.interceptor';
 import { ConfigurationService } from '@ghostfolio/api/services/configuration/configuration.service';
@ -24,8 +26,6 @@ import { StatusCodes, getReasonPhrase } from 'http-status-codes';

 import { ImportDataDto } from './import-data.dto';
 import { ImportService } from './import.service';
-import { HasPermission } from '@ghostfolio/api/decorators/has-permission.decorator';
-import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';

@Controller('import')
 export class ImportController {
--- a/apps/api/src/app/order/order.controller.ts
+++ b/apps/api/src/app/order/order.controller.ts
@ -1,3 +1,5 @@
+import { HasPermission } from '@ghostfolio/api/decorators/has-permission.decorator';
+import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';
 import { RedactValuesInResponseInterceptor } from '@ghostfolio/api/interceptors/redact-values-in-response.interceptor';
 import { TransformDataSourceInRequestInterceptor } from '@ghostfolio/api/interceptors/transform-data-source-in-request.interceptor';
 import { TransformDataSourceInResponseInterceptor } from '@ghostfolio/api/interceptors/transform-data-source-in-response.interceptor';
@ -32,8 +34,6 @@ import { CreateOrderDto } from './create-order.dto';
 import { Activities } from './interfaces/activities.interface';
 import { OrderService } from './order.service';
 import { UpdateOrderDto } from './update-order.dto';
-import { HasPermission } from '@ghostfolio/api/decorators/has-permission.decorator';
-import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';

@Controller('order')
 export class OrderController {
@ -46,8 +46,8 @@ export class OrderController {
  ) {}

  @Delete()
-  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
  @HasPermission(permissions.deleteOrder)
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
  public async deleteOrders(): Promise<number> {
    return this.orderService.deleteOrders({
      userId: this.request.user.id
@ -114,9 +114,9 @@ export class OrderController {
    return { activities, count };
  }

+  @HasPermission(permissions.createOrder)
  @Post()
  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
-  @HasPermission(permissions.createOrder)
  @UseInterceptors(TransformDataSourceInRequestInterceptor)
  public async createOrder(@Body() data: CreateOrderDto): Promise<OrderModel> {
    const order = await this.orderService.createOrder({
@ -156,9 +156,9 @@ export class OrderController {
    return order;
  }

+  @HasPermission(permissions.updateOrder)
  @Put(':id')
  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
-  @HasPermission(permissions.updateOrder)
  @UseInterceptors(TransformDataSourceInRequestInterceptor)
  public async update(@Param('id') id: string, @Body() data: UpdateOrderDto) {
    const originalOrder = await this.orderService.order({
--- a/apps/api/src/app/platform/platform.controller.ts
+++ b/apps/api/src/app/platform/platform.controller.ts
@ -1,3 +1,5 @@
+import { HasPermission } from '@ghostfolio/api/decorators/has-permission.decorator';
+import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';
 import { permissions } from '@ghostfolio/common/permissions';
 import {
  Body,
@ -17,8 +19,6 @@ import { StatusCodes, getReasonPhrase } from 'http-status-codes';
 import { CreatePlatformDto } from './create-platform.dto';
 import { PlatformService } from './platform.service';
 import { UpdatePlatformDto } from './update-platform.dto';
-import { HasPermission } from '@ghostfolio/api/decorators/has-permission.decorator';
-import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';

@Controller('platform')
 export class PlatformController {
@ -30,18 +30,18 @@ export class PlatformController {
    return this.platformService.getPlatformsWithAccountCount();
  }

+  @HasPermission(permissions.createPlatform)
  @Post()
  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
-  @HasPermission(permissions.createPlatform)
  public async createPlatform(
    @Body() data: CreatePlatformDto
  ): Promise<Platform> {
    return this.platformService.createPlatform(data);
  }

+  @HasPermission(permissions.updatePlatform)
  @Put(':id')
  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
-  @HasPermission(permissions.updatePlatform)
  public async updatePlatform(
    @Param('id') id: string,
    @Body() data: UpdatePlatformDto
@ -68,8 +68,8 @@ export class PlatformController {
  }

  @Delete(':id')
-  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
  @HasPermission(permissions.deletePlatform)
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
  public async deletePlatform(@Param('id') id: string) {
    const originalPlatform = await this.platformService.getPlatform({
      id
--- a/apps/api/src/app/portfolio/portfolio.controller.ts
+++ b/apps/api/src/app/portfolio/portfolio.controller.ts
@ -1,5 +1,6 @@
 import { AccessService } from '@ghostfolio/api/app/access/access.service';
 import { UserService } from '@ghostfolio/api/app/user/user.service';
+import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';
 import {
  hasNotDefinedValuesInObject,
  nullifyValuesInObject
@ -47,7 +48,6 @@ import { StatusCodes, getReasonPhrase } from 'http-status-codes';
 import { PortfolioPositionDetail } from './interfaces/portfolio-position-detail.interface';
 import { PortfolioPositions } from './interfaces/portfolio-positions.interface';
 import { PortfolioService } from './portfolio.service';
-import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';

@Controller('portfolio')
 export class PortfolioController {
--- a/apps/api/src/app/subscription/subscription.controller.ts
+++ b/apps/api/src/app/subscription/subscription.controller.ts
@ -1,3 +1,4 @@
+import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';
 import { ConfigurationService } from '@ghostfolio/api/services/configuration/configuration.service';
 import { PropertyService } from '@ghostfolio/api/services/property/property.service';
 import {
@ -25,7 +26,6 @@ import { Request, Response } from 'express';
 import { StatusCodes, getReasonPhrase } from 'http-status-codes';

 import { SubscriptionService } from './subscription.service';
-import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';

@Controller('subscription')
 export class SubscriptionController {
--- a/apps/api/src/app/symbol/symbol.controller.ts
+++ b/apps/api/src/app/symbol/symbol.controller.ts
@ -1,3 +1,4 @@
+import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';
 import { TransformDataSourceInRequestInterceptor } from '@ghostfolio/api/interceptors/transform-data-source-in-request.interceptor';
 import { TransformDataSourceInResponseInterceptor } from '@ghostfolio/api/interceptors/transform-data-source-in-response.interceptor';
 import { IDataProviderHistoricalResponse } from '@ghostfolio/api/services/interfaces/interfaces';
@ -22,7 +23,6 @@ import { isDate, isEmpty } from 'lodash';
 import { LookupItem } from './interfaces/lookup-item.interface';
 import { SymbolItem } from './interfaces/symbol-item.interface';
 import { SymbolService } from './symbol.service';
-import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';

@Controller('symbol')
 export class SymbolController {
--- a/apps/api/src/app/tag/tag.controller.ts
+++ b/apps/api/src/app/tag/tag.controller.ts
@ -1,3 +1,5 @@
+import { HasPermission } from '@ghostfolio/api/decorators/has-permission.decorator';
+import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';
 import { permissions } from '@ghostfolio/common/permissions';
 import {
  Body,
@ -17,8 +19,6 @@ import { StatusCodes, getReasonPhrase } from 'http-status-codes';
 import { CreateTagDto } from './create-tag.dto';
 import { TagService } from './tag.service';
 import { UpdateTagDto } from './update-tag.dto';
-import { HasPermission } from '@ghostfolio/api/decorators/has-permission.decorator';
-import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';

@Controller('tag')
 export class TagController {
@ -31,15 +31,15 @@ export class TagController {
  }

  @Post()
-  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
  @HasPermission(permissions.createTag)
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
  public async createTag(@Body() data: CreateTagDto): Promise<Tag> {
    return this.tagService.createTag(data);
  }

+  @HasPermission(permissions.updateTag)
  @Put(':id')
  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
-  @HasPermission(permissions.updateTag)
  public async updateTag(@Param('id') id: string, @Body() data: UpdateTagDto) {
    const originalTag = await this.tagService.getTag({
      id
@ -63,8 +63,8 @@ export class TagController {
  }

  @Delete(':id')
-  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
  @HasPermission(permissions.deleteTag)
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
  public async deleteTag(@Param('id') id: string) {
    const originalTag = await this.tagService.getTag({
      id
--- a/apps/api/src/app/user/user.controller.ts
+++ b/apps/api/src/app/user/user.controller.ts
@ -1,3 +1,5 @@
+import { HasPermission } from '@ghostfolio/api/decorators/has-permission.decorator';
+import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';
 import { PropertyService } from '@ghostfolio/api/services/property/property.service';
 import { User, UserSettings } from '@ghostfolio/common/interfaces';
 import { hasPermission, permissions } from '@ghostfolio/common/permissions';
@ -25,8 +27,6 @@ import { size } from 'lodash';
 import { UserItem } from './interfaces/user-item.interface';
 import { UpdateUserSettingDto } from './update-user-setting.dto';
 import { UserService } from './user.service';
-import { HasPermission } from '@ghostfolio/api/decorators/has-permission.decorator';
-import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';

@Controller('user')
 export class UserController {
@ -38,8 +38,8 @@ export class UserController {
  ) {}

  @Delete(':id')
-  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
  @HasPermission(permissions.deleteUser)
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
  public async deleteUser(@Param('id') id: string): Promise<UserModel> {
    if (id === this.request.user.id) {
      throw new HttpException(
--- a/apps/api/src/guards/has-permission.guard.spec.ts
+++ b/apps/api/src/guards/has-permission.guard.spec.ts
@ -1,6 +1,7 @@
 import { HttpException } from '@nestjs/common';
 import { Reflector } from '@nestjs/core';
 import { ExecutionContextHost } from '@nestjs/core/helpers/execution-context-host';
+
 import { HasPermissionGuard } from './has-permission.guard';

 describe('HasPermissionGuard', () => {
--- a/apps/api/src/guards/has-permission.guard.ts
+++ b/apps/api/src/guards/has-permission.guard.ts
@ -20,11 +20,9 @@ export class HasPermissionGuard implements CanActivate {
      context.getHandler()
    );

-    console.log('requiredPermission', requiredPermission);
-    console.log('user', user);
-
    if (!requiredPermission) {
-      return true; // No specific permissions required
+      // No specific permissions required
+      return true;
    }

    if (!user || !hasPermission(user.permissions, requiredPermission)) {