chamomind/jws-backend
chamomind/jws-backend
7
0
Fork 0
Code Issues Projects 1 Releases Packages 1 Wiki Activity Actions

feat: double check permission customer branch

Browse source
This commit is contained in:
Methapon Metanipat 2024-09-06 08:31:27 +07:00
parent 023ef7cdae
commit 195c889881
1 changed files with 47 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

48
src/controllers/03-customer-branch-controller.ts
View file

@ -473,12 +473,58 @@ export class CustomerBranchController extends Controller {
@Body() body: CustomerBranchUpdate,
@Path() branchId: string,
) {
const branch = await prisma.customerBranch.findUnique({ where: { id: branchId } });
const branch = await prisma.customerBranch.findUnique({
where: { id: branchId },
include: {
customer: {
include: {
registeredBranch: {
include: {
user: {
where: { userId: req.user.sub },
},
headOffice: {
include: {
user: {
where: { userId: req.user.sub },
},
},
},
},
},
},
},
},
});
if (!branch) {
throw new HttpError(HttpStatus.NOT_FOUND, "Branch cannot be found.", "branchNotFound");
}
if (!isSystem(req.user)) {
const _branch = branch.customer.registeredBranch;
const affilationBranch = _branch && _branch.user.length !== 0;
const affilationHeadBranch =
_branch && _branch.headOffice && _branch.headOffice.user.length !== 0;
if (!globalAllow(req.user)) {
if (!affilationBranch) {
throw new HttpError(
HttpStatus.FORBIDDEN,
"You do not have permission to perform this action.",
"noPermission",
);
}
} else {
if (!affilationBranch && !affilationHeadBranch) {
throw new HttpError(
HttpStatus.FORBIDDEN,
"You do not have permission to perform this action.",
"noPermission",
);
}
}
}
if (!body.customerId) body.customerId = branch.customerId;
if (body.provinceId || body.districtId || body.subDistrictId || body.customerId) {