jws-backend/src/controllers/04-product-group-controller.ts

import {
  Body,
  Controller,
  Delete,
  Get,
  Put,
  Path,
  Post,
  Query,
  Request,
  Route,
  Security,
  Tags,
} from "tsoa";
import { Prisma, Status } from "@prisma/client";

import prisma from "../db";
import { RequestWithUser } from "../interfaces/user";
import HttpError from "../interfaces/http-error";
import HttpStatus from "../interfaces/http-status";
import { isSystem } from "../utils/keycloak";
import {
  branchRelationPermInclude,
  createPermCheck,
  createPermCondition,
} from "../services/permission";
import { filterStatus } from "../services/prisma";

type ProductGroupCreate = {
  name: string;
  detail: string;
  remark: string;
  status?: Status;
  registeredBranchId: string;
};

type ProductGroupUpdate = {
  name?: string;
  detail?: string;
  remark?: string;
  status?: "ACTIVE" | "INACTIVE";
  registeredBranchId?: string;
};

const MANAGE_ROLES = [
  "system",
  "head_of_admin",
  "admin",
  "head_of_account",
  "account",
  "head_of_sale",
];

function globalAllow(user: RequestWithUser["user"]) {
  const allowList = ["system", "head_of_admin", "admin", "head_of_account", "head_of_sale"];
  return allowList.some((v) => user.roles?.includes(v));
}

const permissionCond = createPermCondition(globalAllow);
const permissionCheck = createPermCheck(globalAllow);

@Route("api/v1/product-group")
@Tags("Product Group")
export class ProductGroup extends Controller {
  @Get("stats")
  @Security("keycloak")
  async getProductGroupStats(@Request() req: RequestWithUser) {
    return await prisma.productGroup.count({
      where: {
        AND: [
          {
            registeredBranch: isSystem(req.user) ? undefined : { OR: permissionCond(req.user) },
          },
        ],
      },
    });
  }

  @Get()
  @Security("keycloak")
  async getProductGroup(
    @Request() req: RequestWithUser,
    @Query() query: string = "",
    @Query() status?: Status,
    @Query() page: number = 1,
    @Query() pageSize: number = 30,
  ) {
    const where = {
      OR: [{ name: { contains: query } }, { detail: { contains: query } }],
      AND: [
        {
          ...filterStatus(status),
          registeredBranch: isSystem(req.user) ? undefined : { OR: permissionCond(req.user) },
        },
      ],
    } satisfies Prisma.ProductGroupWhereInput;

    const [result, total] = await prisma.$transaction([
      prisma.productGroup.findMany({
        include: {
          _count: {
            select: {
              service: true,
              product: true,
            },
          },
          createdBy: true,
          updatedBy: true,
        },
        orderBy: [{ statusOrder: "asc" }, { createdAt: "asc" }],
        where,
        take: pageSize,
        skip: (page - 1) * pageSize,
      }),
      prisma.productGroup.count({ where }),
    ]);

    return {
      result,
      page,
      pageSize,
      total,
    };
  }

  @Get("{groupId}")
  @Security("keycloak")
  async getProductGroupById(@Path() groupId: string) {
    const record = await prisma.productGroup.findFirst({
      where: { id: groupId },
    });

    if (!record)
      throw new HttpError(
        HttpStatus.NOT_FOUND,
        "Product group cannot be found.",
        "productGroupNotFound",
      );

    return record;
  }

  @Post()
  @Security("keycloak", MANAGE_ROLES)
  async createProductGroup(@Request() req: RequestWithUser, @Body() body: ProductGroupCreate) {
    let company = await permissionCheck(req.user, body.registeredBranchId).then(
      (v) => (v.headOffice || v).code,
    );

    const record = await prisma.$transaction(
      async (tx) => {
        const last = await tx.runningNo.upsert({
          where: {
            key: `PRODGRP_${company}`,
          },
          create: {
            key: `PRODGRP_${company}`,
            value: 1,
          },
          update: { value: { increment: 1 } },
        });

        return await tx.productGroup.create({
          include: {
            createdBy: true,
            updatedBy: true,
          },
          data: {
            ...body,
            statusOrder: +(body.status === "INACTIVE"),
            code: `G${last.value.toString().padStart(2, "0")}`,
            createdByUserId: req.user.sub,
            updatedByUserId: req.user.sub,
          },
        });
      },
      { isolationLevel: Prisma.TransactionIsolationLevel.Serializable },
    );

    this.setStatus(HttpStatus.CREATED);

    return record;
  }

  @Put("{groupId}")
  @Security("keycloak", MANAGE_ROLES)
  async editProductGroup(
    @Request() req: RequestWithUser,
    @Body() body: ProductGroupUpdate,
    @Path() groupId: string,
  ) {
    const record = await prisma.productGroup.findUnique({
      where: { id: groupId },
      include: {
        registeredBranch: {
          include: branchRelationPermInclude(req.user),
        },
      },
    });
    if (!record) {
      throw new HttpError(
        HttpStatus.NOT_FOUND,
        "Product group cannot be found.",
        "productGroupNotFound",
      );
    }

    if (record.registeredBranch) await permissionCheck(req.user, record.registeredBranch);

    const [branch] = await prisma.$transaction([
      prisma.branch.findFirst({
        where: { id: body.registeredBranchId },
        include: branchRelationPermInclude(req.user),
      }),
    ]);

    if (body.registeredBranchId !== undefined) {
      await permissionCheck(req.user, branch);
    }

    if (!!body.registeredBranchId && !branch) {
      throw new HttpError(
        HttpStatus.BAD_REQUEST,
        "Branch cannot be found.",
        "relationBranchNotFound",
      );
    }

    let companyBefore = (record.registeredBranch.headOffice || record.registeredBranch).code;
    let companyAfter = branch ? (branch.headOffice || branch).code : false;

    if (companyBefore && companyAfter && companyBefore !== companyAfter) {
      throw new HttpError(
        HttpStatus.BAD_REQUEST,
        "Cannot move between different headoffice",
        "crossCompanyNotPermit",
      );
    }

    const result = await prisma.productGroup.update({
      include: {
        createdBy: true,
        updatedBy: true,
      },
      data: { ...body, statusOrder: +(body.status === "INACTIVE"), updatedByUserId: req.user.sub },
      where: { id: groupId },
    });

    return result;
  }

  @Delete("{groupId}")
  @Security("keycloak", MANAGE_ROLES)
  async deleteProductGroup(@Request() req: RequestWithUser, @Path() groupId: string) {
    const record = await prisma.productGroup.findFirst({
      where: { id: groupId },
      include: {
        registeredBranch: {
          include: branchRelationPermInclude(req.user),
        },
      },
    });

    if (!record) {
      throw new HttpError(
        HttpStatus.NOT_FOUND,
        "Product group cannot be found.",
        "productGroupNotFound",
      );
    }

    if (record.registeredBranch) await permissionCheck(req.user, record.registeredBranch);

    if (record.status !== Status.CREATED) {
      throw new HttpError(HttpStatus.FORBIDDEN, "Product group is in used.", "productGroupInUsed");
    }

    return await prisma.productGroup.delete({
      include: {
        createdBy: true,
        updatedBy: true,
      },
      where: { id: groupId },
    });
  }
}
feat: product group endpoints 2024-06-06 16:50:44 +07:00			`import {`
			`Body,`
			`Controller,`
			`Delete,`
			`Get,`
			`Put,`
			`Path,`
			`Post,`
			`Query,`
			`Request,`
			`Route,`
			`Security,`
			`Tags,`
			`} from "tsoa";`
			`import { Prisma, Status } from "@prisma/client";`

refactor: move file 2024-09-05 09:19:48 +07:00			`import prisma from "../db";`
			`import { RequestWithUser } from "../interfaces/user";`
			`import HttpError from "../interfaces/http-error";`
			`import HttpStatus from "../interfaces/http-status";`
feat: product group permission 2024-09-09 09:42:16 +07:00			`import { isSystem } from "../utils/keycloak";`
feat: product group permission check 2024-09-10 13:33:59 +07:00			`import {`
			`branchRelationPermInclude,`
			`createPermCheck,`
			`createPermCondition,`
			`} from "../services/permission";`
			`import { filterStatus } from "../services/prisma";`
feat: product group endpoints 2024-06-06 16:50:44 +07:00
			`type ProductGroupCreate = {`
			`name: string;`
			`detail: string;`
			`remark: string;`
feat: update add status 2024-06-19 17:06:52 +07:00			`status?: Status;`
feat: product group permission check 2024-09-10 13:33:59 +07:00			`registeredBranchId: string;`
feat: product group endpoints 2024-06-06 16:50:44 +07:00			`};`

			`type ProductGroupUpdate = {`
			`name?: string;`
			`detail?: string;`
			`remark?: string;`
feat: update add status 2024-06-19 17:06:52 +07:00			`status?: "ACTIVE" \| "INACTIVE";`
feat: product group permission 2024-09-09 09:42:16 +07:00			`registeredBranchId?: string;`
feat: product group endpoints 2024-06-06 16:50:44 +07:00			`};`

feat: product group permission 2024-09-09 09:42:16 +07:00			`const MANAGE_ROLES = [`
			`"system",`
			`"head_of_admin",`
			`"admin",`
			`"head_of_account",`
			`"account",`
			`"head_of_sale",`
			`];`

			`function globalAllow(user: RequestWithUser["user"]) {`
			`const allowList = ["system", "head_of_admin", "admin", "head_of_account", "head_of_sale"];`
			`return allowList.some((v) => user.roles?.includes(v));`
			`}`

feat: product group permission check 2024-09-10 13:33:59 +07:00			`const permissionCond = createPermCondition(globalAllow);`
			`const permissionCheck = createPermCheck(globalAllow);`
feat: product group permission 2024-09-09 09:42:16 +07:00
fix: missing v1 prefix 2024-06-11 13:35:54 +07:00			`@Route("api/v1/product-group")`
feat: product group endpoints 2024-06-06 16:50:44 +07:00			`@Tags("Product Group")`
			`export class ProductGroup extends Controller {`
fix: wrong endpoints 2024-06-11 09:31:10 +07:00			`@Get("stats")`
feat: product related permission 2024-07-02 16:54:19 +07:00			`@Security("keycloak")`
feat: product group permission check 2024-09-10 13:33:59 +07:00			`async getProductGroupStats(@Request() req: RequestWithUser) {`
			`return await prisma.productGroup.count({`
			`where: {`
			`AND: [`
			`{`
			`registeredBranch: isSystem(req.user) ? undefined : { OR: permissionCond(req.user) },`
			`},`
			`],`
			`},`
			`});`
feat: count data 2024-06-11 09:27:37 +07:00			`}`

feat: product group endpoints 2024-06-06 16:50:44 +07:00			`@Get()`
feat: product related permission 2024-07-02 16:54:19 +07:00			`@Security("keycloak")`
feat: paging group / type product 2024-06-26 11:12:53 +07:00			`async getProductGroup(`
feat: product group permission 2024-09-09 09:42:16 +07:00			`@Request() req: RequestWithUser,`
feat: paging group / type product 2024-06-26 11:12:53 +07:00			`@Query() query: string = "",`
			`@Query() status?: Status,`
			`@Query() page: number = 1,`
			`@Query() pageSize: number = 30,`
			`) {`
feat: product group endpoints 2024-06-06 16:50:44 +07:00			`const where = {`
feat: product group permission check 2024-09-10 13:33:59 +07:00			`OR: [{ name: { contains: query } }, { detail: { contains: query } }],`
feat: product group permission 2024-09-09 09:42:16 +07:00			`AND: [`
			`{`
feat: product group permission check 2024-09-10 13:33:59 +07:00			`...filterStatus(status),`
			`registeredBranch: isSystem(req.user) ? undefined : { OR: permissionCond(req.user) },`
feat: product group permission 2024-09-09 09:42:16 +07:00			`},`
			`],`
feat: product group endpoints 2024-06-06 16:50:44 +07:00			`} satisfies Prisma.ProductGroupWhereInput;`
feat: paging group / type product 2024-06-26 11:12:53 +07:00
			`const [result, total] = await prisma.$transaction([`
			`prisma.productGroup.findMany({`
feat: stats relation 2024-06-28 18:00:07 +07:00			`include: {`
			`_count: {`
			`select: {`
refactor!: remove product type 2024-09-03 14:06:02 +07:00			`service: true,`
			`product: true,`
feat: stats relation 2024-06-28 18:00:07 +07:00			`},`
			`},`
feat: add user relation on query 2024-07-01 14:38:07 +07:00			`createdBy: true,`
			`updatedBy: true,`
feat: stats relation 2024-06-28 18:00:07 +07:00			`},`
feat: paging group / type product 2024-06-26 11:12:53 +07:00			`orderBy: [{ statusOrder: "asc" }, { createdAt: "asc" }],`
			`where,`
fix: missing paging param 2024-06-26 13:01:01 +07:00			`take: pageSize,`
			`skip: (page - 1) * pageSize,`
feat: paging group / type product 2024-06-26 11:12:53 +07:00			`}),`
			`prisma.productGroup.count({ where }),`
			`]);`

feat: stats relation 2024-06-28 18:00:07 +07:00			`return {`
refactor!: remove product type 2024-09-03 14:06:02 +07:00			`result,`
feat: stats relation 2024-06-28 18:00:07 +07:00			`page,`
			`pageSize,`
			`total,`
			`};`
feat: product group endpoints 2024-06-06 16:50:44 +07:00			`}`

			`@Get("{groupId}")`
feat: product related permission 2024-07-02 16:54:19 +07:00			`@Security("keycloak")`
feat: product group endpoints 2024-06-06 16:50:44 +07:00			`async getProductGroupById(@Path() groupId: string) {`
			`const record = await prisma.productGroup.findFirst({`
			`where: { id: groupId },`
			`});`

			`if (!record)`
feat: update add status 2024-06-19 17:06:52 +07:00			`throw new HttpError(`
			`HttpStatus.NOT_FOUND,`
			`"Product group cannot be found.",`
			`"productGroupNotFound",`
			`);`
feat: product group endpoints 2024-06-06 16:50:44 +07:00
			`return record;`
			`}`

			`@Post()`
feat: product group permission 2024-09-09 09:42:16 +07:00			`@Security("keycloak", MANAGE_ROLES)`
feat: product group endpoints 2024-06-06 16:50:44 +07:00			`async createProductGroup(@Request() req: RequestWithUser, @Body() body: ProductGroupCreate) {`
feat: product group permission check 2024-09-10 13:33:59 +07:00			`let company = await permissionCheck(req.user, body.registeredBranchId).then(`
			`(v) => (v.headOffice \|\| v).code,`
			`);`
feat: product group permission 2024-09-09 09:42:16 +07:00
refactor: update isolation level 2024-06-11 14:00:45 +07:00			`const record = await prisma.$transaction(`
			`async (tx) => {`
			`const last = await tx.runningNo.upsert({`
			`where: {`
feat: product group permission check 2024-09-10 13:33:59 +07:00			key: `PRODGRP_${company}`,
refactor: update isolation level 2024-06-11 14:00:45 +07:00			`},`
			`create: {`
feat: product group permission check 2024-09-10 13:33:59 +07:00			key: `PRODGRP_${company}`,
refactor: update isolation level 2024-06-11 14:00:45 +07:00			`value: 1,`
			`},`
			`update: { value: { increment: 1 } },`
			`});`
feat: relation and auto gen code 2024-06-11 13:01:20 +07:00
refactor: update isolation level 2024-06-11 14:00:45 +07:00			`return await tx.productGroup.create({`
feat: add user relation on query 2024-07-01 14:38:07 +07:00			`include: {`
			`createdBy: true,`
			`updatedBy: true,`
			`},`
refactor: update isolation level 2024-06-11 14:00:45 +07:00			`data: {`
			`...body,`
feat: add order field 2024-06-24 13:14:44 +07:00			`statusOrder: +(body.status === "INACTIVE"),`
refactor: update isolation level 2024-06-11 14:00:45 +07:00			code: `G${last.value.toString().padStart(2, "0")}`,
refactor: user relation 2024-07-01 13:24:02 +07:00			`createdByUserId: req.user.sub,`
			`updatedByUserId: req.user.sub,`
refactor: update isolation level 2024-06-11 14:00:45 +07:00			`},`
			`});`
			`},`
			`{ isolationLevel: Prisma.TransactionIsolationLevel.Serializable },`
			`);`
feat: product group endpoints 2024-06-06 16:50:44 +07:00
			`this.setStatus(HttpStatus.CREATED);`

			`return record;`
			`}`

			`@Put("{groupId}")`
feat: product group permission 2024-09-09 09:42:16 +07:00			`@Security("keycloak", MANAGE_ROLES)`
feat: product group endpoints 2024-06-06 16:50:44 +07:00			`async editProductGroup(`
			`@Request() req: RequestWithUser,`
			`@Body() body: ProductGroupUpdate,`
			`@Path() groupId: string,`
			`) {`
feat: product group permission 2024-09-09 09:42:16 +07:00			`const record = await prisma.productGroup.findUnique({`
			`where: { id: groupId },`
			`include: {`
			`registeredBranch: {`
feat: product group permission check 2024-09-10 13:33:59 +07:00			`include: branchRelationPermInclude(req.user),`
feat: product group permission 2024-09-09 09:42:16 +07:00			`},`
			`},`
			`});`
			`if (!record) {`
feat: update add status 2024-06-19 17:06:52 +07:00			`throw new HttpError(`
			`HttpStatus.NOT_FOUND,`
			`"Product group cannot be found.",`
			`"productGroupNotFound",`
			`);`
feat: product group endpoints 2024-06-06 16:50:44 +07:00			`}`

feat: product group permission check 2024-09-10 13:33:59 +07:00			`if (record.registeredBranch) await permissionCheck(req.user, record.registeredBranch);`
feat: product group permission 2024-09-09 09:42:16 +07:00
			`const [branch] = await prisma.$transaction([`
			`prisma.branch.findFirst({`
			`where: { id: body.registeredBranchId },`
feat: product group permission check 2024-09-10 13:33:59 +07:00			`include: branchRelationPermInclude(req.user),`
feat: product group permission 2024-09-09 09:42:16 +07:00			`}),`
			`]);`

feat: product group permission check 2024-09-10 13:33:59 +07:00			`if (body.registeredBranchId !== undefined) {`
			`await permissionCheck(req.user, branch);`
feat: product group permission 2024-09-09 09:42:16 +07:00			`}`

			`if (!!body.registeredBranchId && !branch) {`
			`throw new HttpError(`
			`HttpStatus.BAD_REQUEST,`
			`"Branch cannot be found.",`
			`"relationBranchNotFound",`
			`);`
			`}`

feat: shared between company 2024-09-10 17:00:21 +07:00			`let companyBefore = (record.registeredBranch.headOffice \|\| record.registeredBranch).code;`
			`let companyAfter = branch ? (branch.headOffice \|\| branch).code : false;`

			`if (companyBefore && companyAfter && companyBefore !== companyAfter) {`
			`throw new HttpError(`
			`HttpStatus.BAD_REQUEST,`
			`"Cannot move between different headoffice",`
			`"crossCompanyNotPermit",`
			`);`
			`}`

feat: product group permission 2024-09-09 09:42:16 +07:00			`const result = await prisma.productGroup.update({`
feat: add user relation on query 2024-07-01 14:38:07 +07:00			`include: {`
			`createdBy: true,`
			`updatedBy: true,`
			`},`
refactor: user relation 2024-07-01 13:24:02 +07:00			`data: { ...body, statusOrder: +(body.status === "INACTIVE"), updatedByUserId: req.user.sub },`
feat: product group endpoints 2024-06-06 16:50:44 +07:00			`where: { id: groupId },`
			`});`

feat: product group permission 2024-09-09 09:42:16 +07:00			`return result;`
feat: product group endpoints 2024-06-06 16:50:44 +07:00			`}`

			`@Delete("{groupId}")`
feat: product group permission 2024-09-09 09:42:16 +07:00			`@Security("keycloak", MANAGE_ROLES)`
			`async deleteProductGroup(@Request() req: RequestWithUser, @Path() groupId: string) {`
			`const record = await prisma.productGroup.findFirst({`
			`where: { id: groupId },`
			`include: {`
			`registeredBranch: {`
feat: product group permission check 2024-09-10 13:33:59 +07:00			`include: branchRelationPermInclude(req.user),`
feat: product group permission 2024-09-09 09:42:16 +07:00			`},`
			`},`
			`});`
feat: product group endpoints 2024-06-06 16:50:44 +07:00
			`if (!record) {`
feat: update add status 2024-06-19 17:06:52 +07:00			`throw new HttpError(`
			`HttpStatus.NOT_FOUND,`
			`"Product group cannot be found.",`
			`"productGroupNotFound",`
			`);`
feat: product group endpoints 2024-06-06 16:50:44 +07:00			`}`

feat: product group permission check 2024-09-10 13:33:59 +07:00			`if (record.registeredBranch) await permissionCheck(req.user, record.registeredBranch);`
feat: product group permission 2024-09-09 09:42:16 +07:00
feat: product group endpoints 2024-06-06 16:50:44 +07:00			`if (record.status !== Status.CREATED) {`
fix: group code 2024-06-14 04:40:10 +00:00			`throw new HttpError(HttpStatus.FORBIDDEN, "Product group is in used.", "productGroupInUsed");`
feat: product group endpoints 2024-06-06 16:50:44 +07:00			`}`

feat: add user relation on query 2024-07-01 14:38:07 +07:00			`return await prisma.productGroup.delete({`
			`include: {`
			`createdBy: true,`
			`updatedBy: true,`
			`},`
			`where: { id: groupId },`
			`});`
feat: product group endpoints 2024-06-06 16:50:44 +07:00			`}`
			`}`