From 0d6d44f20b4ef28ab4eaed1a261a1d2f918b29e1 Mon Sep 17 00:00:00 2001 From: Methapon Metanipat Date: Tue, 29 Oct 2024 15:47:10 +0700 Subject: [PATCH] fix: auth related error --- src/controllers/05-payment-controller.ts | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/src/controllers/05-payment-controller.ts b/src/controllers/05-payment-controller.ts index 1178f89..96c959d 100644 --- a/src/controllers/05-payment-controller.ts +++ b/src/controllers/05-payment-controller.ts @@ -210,6 +210,7 @@ export class PaymentController extends Controller { } @Get() + @Security("keycloak") async listAttachment(@Request() req: RequestWithUser, @Path() paymentId: string) { const { quotationId } = await this.checkPermission(req.user, paymentId); return await listFile(fileLocation.quotation.payment(quotationId, paymentId)); @@ -221,9 +222,16 @@ export class PaymentController extends Controller { @Path() paymentId: string, @Path() name: string, ) { - const { quotationId } = await this.checkPermission(req.user, paymentId); + const data = await prisma.payment.findUnique({ + where: { id: paymentId }, + include: { invoice: true }, + }); + if (!data) throw notFoundError("Payment"); return req.res?.redirect( - await getPresigned("head", fileLocation.quotation.payment(quotationId, paymentId, name)), + await getPresigned( + "head", + fileLocation.quotation.payment(data.invoice.quotationId, paymentId, name), + ), ); } @@ -233,9 +241,13 @@ export class PaymentController extends Controller { @Path() paymentId: string, @Path() name: string, ) { - const { quotationId } = await this.checkPermission(req.user, paymentId); + const data = await prisma.payment.findUnique({ + where: { id: paymentId }, + include: { invoice: true }, + }); + if (!data) throw notFoundError("Payment"); return req.res?.redirect( - await getFile(fileLocation.quotation.payment(quotationId, paymentId, name)), + await getFile(fileLocation.quotation.payment(data.invoice.quotationId, paymentId, name)), ); }