fix: auth related error

2024-10-29 15:47:10 +07:00 · 2024-10-29 15:47:10 +07:00 · 0d6d44f20b
commit 0d6d44f20b
parent 719a1fb70e
1 changed files with 16 additions and 4 deletions
--- a/src/controllers/05-payment-controller.ts
+++ b/src/controllers/05-payment-controller.ts
@ -210,6 +210,7 @@ export class PaymentController extends Controller {
  }

  @Get()
+  @Security("keycloak")
  async listAttachment(@Request() req: RequestWithUser, @Path() paymentId: string) {
    const { quotationId } = await this.checkPermission(req.user, paymentId);
    return await listFile(fileLocation.quotation.payment(quotationId, paymentId));
@ -221,9 +222,16 @@ export class PaymentController extends Controller {
    @Path() paymentId: string,
    @Path() name: string,
  ) {
-    const { quotationId } = await this.checkPermission(req.user, paymentId);
+    const data = await prisma.payment.findUnique({
+      where: { id: paymentId },
+      include: { invoice: true },
+    });
+    if (!data) throw notFoundError("Payment");
    return req.res?.redirect(
-      await getPresigned("head", fileLocation.quotation.payment(quotationId, paymentId, name)),
+      await getPresigned(
+        "head",
+        fileLocation.quotation.payment(data.invoice.quotationId, paymentId, name),
+      ),
    );
  }

@ -233,9 +241,13 @@ export class PaymentController extends Controller {
    @Path() paymentId: string,
    @Path() name: string,
  ) {
-    const { quotationId } = await this.checkPermission(req.user, paymentId);
+    const data = await prisma.payment.findUnique({
+      where: { id: paymentId },
+      include: { invoice: true },
+    });
+    if (!data) throw notFoundError("Payment");
    return req.res?.redirect(
-      await getFile(fileLocation.quotation.payment(quotationId, paymentId, name)),
+      await getFile(fileLocation.quotation.payment(data.invoice.quotationId, paymentId, name)),
    );
  }