feat: scope view by role

2024-09-05 16:39:32 +07:00 · 2024-09-05 16:39:32 +07:00 · 023ef7cdae
commit 023ef7cdae
parent 5b2e05116c
1 changed files with 40 additions and 2 deletions
--- a/src/controllers/03-employee-controller.ts
+++ b/src/controllers/03-employee-controller.ts
@ -18,13 +18,34 @@ import prisma from "../db";
 import HttpStatus from "../interfaces/http-status";
 import HttpError from "../interfaces/http-error";
 import minio, { presignedGetObjectIfExist } from "../services/minio";
+import { isSystem } from "../utils/keycloak";

 if (!process.env.MINIO_BUCKET) {
  throw Error("Require MinIO bucket.");
 }

 const MINIO_BUCKET = process.env.MINIO_BUCKET;
-const MANAGE_ROLES = ["system", "head_of_admin", "admin", "branch_manager", "head_of_sale", "sale"];
+const MANAGE_ROLES = [
+  "system",
+  "head_of_admin",
+  "admin",
+  "branch_manager",
+  "head_of_sale",
+  "sale",
+  "head_of_account",
+  "account",
+];
+function globalAllow(user: RequestWithUser["user"]) {
+  const allowList = [
+    "system",
+    "head_of_admin",
+    "admin",
+    "branch_manager",
+    "head_of_sale",
+    "head_of_account",
+  ];
+  return allowList.some((v) => user.roles?.includes(v));
+}

 function imageLocation(id: string) {
  return `employee/${id}/profile-image`;
@ -257,6 +278,7 @@ export class EmployeeController extends Controller {
  @Get()
  @Security("keycloak")
  async list(
+    @Request() req: RequestWithUser,
    @Query() zipCode?: string,
    @Query() gender?: string,
    @Query() status?: Status,
@ -283,7 +305,23 @@ export class EmployeeController extends Controller {
      ],
      AND: {
        ...filterStatus(status),
-        customerBranch: customerId ? { customerId } : undefined,
+        customerBranch: {
+          customerId,
+          customer: isSystem(req.user)
+            ? undefined
+            : {
+                registeredBranch: {
+                  OR: [
+                    { user: { some: { userId: req.user.sub } } },
+                    {
+                      headOffice: !globalAllow(req.user)
+                        ? { user: { some: { userId: req.user.sub } } }
+                        : undefined,
+                    },
+                  ],
+                },
+              },
+        },
        subDistrict: zipCode ? { zipCode } : undefined,
        gender,
      },