chamomind/jws-backend
chamomind/jws-backend
7
0
Fork 0
Code Issues Projects 1 Releases Packages 1 Wiki Activity Actions

refactor: extract permission to utils

Browse source
This commit is contained in:
Methapon2001 2025-03-10 13:08:28 +07:00
parent 250d69d122
commit 19502acd8a
2 changed files with 49 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

31
src/controllers/00-stats-controller.ts
View file

@ -12,7 +12,7 @@ import {
} from "@prisma/client"; } from "@prisma/client";
import { Controller, Get, Query, Request, Route, Security, Tags } from "tsoa"; import { Controller, Get, Query, Request, Route, Security, Tags } from "tsoa";
import prisma from "../db"; import prisma from "../db";
import { createPermCondition } from "../services/permission"; import { createPermCondition, createQueryPermissionCondition } from "../services/permission";
import { RequestWithUser } from "../interfaces/user"; import { RequestWithUser } from "../interfaces/user";
import { precisionRound } from "../utils/arithmetic"; import { precisionRound } from "../utils/arithmetic";
import dayjs from "dayjs"; import dayjs from "dayjs";
@ -20,6 +20,7 @@ import { json2csv } from "json-2-csv";
import { isSystem } from "../utils/keycloak"; import { isSystem } from "../utils/keycloak";
const permissionCondCompany = createPermCondition((_) => true); const permissionCondCompany = createPermCondition((_) => true);
const permissionQueryCondCompany = createQueryPermissionCondition((_) => true);
const VAT_DEFAULT = config.vat; const VAT_DEFAULT = config.vat;
@ -669,33 +670,7 @@ export class StatsController extends Controller {
.distinctOn("Quotation.id"); .distinctOn("Quotation.id");
if (!isSystem(req.user)) { if (!isSystem(req.user)) {
query = query.where(({ eb, exists }) => query = query.where(permissionQueryCondCompany(req.user));
exists(
eb
.selectFrom("Branch")
.leftJoin("BranchUser", "BranchUser.branchId", "Branch.id")
.leftJoin("Branch as SubBranch", "SubBranch.headOfficeId", "Branch.id")
.leftJoin("BranchUser as SubBranchUser", "SubBranchUser.branchId", "SubBranch.id")
.leftJoin("Branch as HeadBranch", "HeadBranch.id", "Branch.id")
.leftJoin("BranchUser as HeadBranchUser", "HeadBranchUser.branchId", "HeadBranch.id")
.leftJoin("Branch as SubHeadBranch", "SubHeadBranch.headOfficeId", "HeadBranch.id")
.leftJoin(
"BranchUser as SubHeadBranchUser",
"SubHeadBranchUser.branchId",
"SubHeadBranch.id",
)
.where((eb) => {
const cond = [
eb("BranchUser.userId", "=", req.user.sub), // NOTE: if user belong to current branch.
eb("SubBranchUser.userId", "=", req.user.sub), // NOTE: if user belong to branch under current branch.
eb("HeadBranchUser.userId", "=", req.user.sub), // NOTE: if the current branch is under head branch user belong to.
eb("SubHeadBranchUser.userId", "=", req.user.sub), // NOTE: if the current branch is under the same head branch user belong to.
];
return eb.or(cond);
})
.select("Branch.id"),
),
);
} }
const ret = await query.execute(); const ret = await query.execute();

46
src/services/permission.ts
View file

@ -4,6 +4,8 @@ import HttpError from "../interfaces/http-error";
import HttpStatus from "../interfaces/http-status"; import HttpStatus from "../interfaces/http-status";
import { RequestWithUser } from "../interfaces/user"; import { RequestWithUser } from "../interfaces/user";
import { isSystem } from "../utils/keycloak"; import { isSystem } from "../utils/keycloak";
import { ExpressionBuilder } from "kysely";
import { DB } from "../generated/kysely/types";
export function branchRelationPermInclude(user: RequestWithUser["user"]) { export function branchRelationPermInclude(user: RequestWithUser["user"]) {
return { return {
@ -133,3 +135,47 @@ export function createPermCheck(globalAllow: (user: RequestWithUser["user"]) =>
return branch; return branch;
}; };
} }
export function createQueryPermissionCondition(
globalAllow: (user: RequestWithUser["user"]) => boolean,
opts?: { alwaysIncludeHead?: boolean },
) {
return (user: RequestWithUser["user"]) =>
({ eb, exists }: ExpressionBuilder<DB, keyof DB>) =>
exists(
eb
.selectFrom("Branch")
.leftJoin("BranchUser", "BranchUser.branchId", "Branch.id")
.leftJoin("Branch as SubBranch", "SubBranch.headOfficeId", "Branch.id")
.leftJoin("BranchUser as SubBranchUser", "SubBranchUser.branchId", "SubBranch.id")
.leftJoin("Branch as HeadBranch", "HeadBranch.id", "Branch.id")
.leftJoin("BranchUser as HeadBranchUser", "HeadBranchUser.branchId", "HeadBranch.id")
.leftJoin("Branch as SubHeadBranch", "SubHeadBranch.headOfficeId", "HeadBranch.id")
.leftJoin(
"BranchUser as SubHeadBranchUser",
"SubHeadBranchUser.branchId",
"SubHeadBranch.id",
)
.where((eb) => {
const cond = [
eb("BranchUser.userId", "=", user.sub), // NOTE: if user belong to current branch.
];
if (globalAllow?.(user) || opts?.alwaysIncludeHead) {
cond.push(
eb("SubBranchUser.userId", "=", user.sub), // NOTE: if user belong to branch under current branch.
);
}
if (globalAllow(user)) {
cond.push(
eb("HeadBranchUser.userId", "=", user.sub), // NOTE: if the current branch is under head branch user belong to.
eb("SubHeadBranchUser.userId", "=", user.sub), // NOTE: if the current branch is under the same head branch user belong to.
);
}
return eb.or(cond);
})
.select("Branch.id"),
);
}