feat: scope view by role

This commit is contained in:
Methapon Metanipat 2024-09-05 16:39:32 +07:00
parent 5b2e05116c
commit 023ef7cdae

View file

@ -18,13 +18,34 @@ import prisma from "../db";
import HttpStatus from "../interfaces/http-status";
import HttpError from "../interfaces/http-error";
import minio, { presignedGetObjectIfExist } from "../services/minio";
import { isSystem } from "../utils/keycloak";
if (!process.env.MINIO_BUCKET) {
throw Error("Require MinIO bucket.");
}
const MINIO_BUCKET = process.env.MINIO_BUCKET;
const MANAGE_ROLES = ["system", "head_of_admin", "admin", "branch_manager", "head_of_sale", "sale"];
const MANAGE_ROLES = [
"system",
"head_of_admin",
"admin",
"branch_manager",
"head_of_sale",
"sale",
"head_of_account",
"account",
];
function globalAllow(user: RequestWithUser["user"]) {
const allowList = [
"system",
"head_of_admin",
"admin",
"branch_manager",
"head_of_sale",
"head_of_account",
];
return allowList.some((v) => user.roles?.includes(v));
}
function imageLocation(id: string) {
return `employee/${id}/profile-image`;
@ -257,6 +278,7 @@ export class EmployeeController extends Controller {
@Get()
@Security("keycloak")
async list(
@Request() req: RequestWithUser,
@Query() zipCode?: string,
@Query() gender?: string,
@Query() status?: Status,
@ -283,7 +305,23 @@ export class EmployeeController extends Controller {
],
AND: {
...filterStatus(status),
customerBranch: customerId ? { customerId } : undefined,
customerBranch: {
customerId,
customer: isSystem(req.user)
? undefined
: {
registeredBranch: {
OR: [
{ user: { some: { userId: req.user.sub } } },
{
headOffice: !globalAllow(req.user)
? { user: { some: { userId: req.user.sub } } }
: undefined,
},
],
},
},
},
subDistrict: zipCode ? { zipCode } : undefined,
gender,
},