feat: employee permission check

2024-09-06 08:36:48 +07:00 · 2024-09-06 08:36:48 +07:00 · 16d640f293
commit 16d640f293
parent 195c889881
1 changed files with 70 additions and 2 deletions
--- a/src/controllers/03-employee-controller.ts
+++ b/src/controllers/03-employee-controller.ts
@ -403,7 +403,26 @@ export class EmployeeController extends Controller {
      prisma.subDistrict.findFirst({ where: { id: body.subDistrictId || undefined } }),
      prisma.customerBranch.findFirst({
        where: { id: body.customerBranchId },
-        include: { customer: true },
+        include: {
+          customer: {
+            include: {
+              registeredBranch: {
+                include: {
+                  user: {
+                    where: { userId: req.user.sub },
+                  },
+                  headOffice: {
+                    include: {
+                      user: {
+                        where: { userId: req.user.sub },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+          },
+        },
      }),
    ]);
    if (body.provinceId !== province?.id)
@ -430,6 +449,29 @@ export class EmployeeController extends Controller {
        "Customer Branch cannot be found.",
        "relationCustomerBranchNotFound",
      );
+    if (!isSystem(req.user)) {
+      const _branch = customerBranch.customer.registeredBranch;
+      const affilationBranch = _branch && _branch.user.length !== 0;
+      const affilationHeadBranch =
+        _branch && _branch.headOffice && _branch.headOffice.user.length !== 0;
+      if (!globalAllow(req.user)) {
+        if (!affilationBranch) {
+          throw new HttpError(
+            HttpStatus.FORBIDDEN,
+            "You do not have permission to perform this action.",
+            "noPermission",
+          );
+        }
+      } else {
+        if (!affilationBranch && !affilationHeadBranch) {
+          throw new HttpError(
+            HttpStatus.FORBIDDEN,
+            "You do not have permission to perform this action.",
+            "noPermission",
+          );
+        }
+      }
+    }

    const {
      provinceId,
@ -568,7 +610,33 @@ export class EmployeeController extends Controller {
        where: { id: body.customerBranchId || undefined },
        include: { customer: true },
      }),
-      prisma.employee.findFirst({ where: { id: employeeId } }),
+      prisma.employee.findFirst({
+        where: { id: employeeId },
+        include: {
+          customerBranch: {
+            include: {
+              customer: {
+                include: {
+                  registeredBranch: {
+                    include: {
+                      user: {
+                        where: { userId: req.user.sub },
+                      },
+                      headOffice: {
+                        include: {
+                          user: {
+                            where: { userId: req.user.sub },
+                          },
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+          },
+        },
+      }),
    ]);
    if (body.provinceId && !province)
      throw new HttpError(