feat: control list view by role

2024-09-05 16:14:03 +07:00 · 2024-09-05 16:14:03 +07:00 · 1c04e475b6
commit 1c04e475b6
parent 4946e3900d
2 changed files with 37 additions and 2 deletions
--- a/src/controllers/03-customer-branch-controller.ts
+++ b/src/controllers/03-customer-branch-controller.ts
@ -145,6 +145,7 @@ export class CustomerBranchController extends Controller {
  @Get()
  @Security("keycloak")
  async list(
+    @Request() req: RequestWithUser,
    @Query() zipCode?: string,
    @Query() customerId?: string,
    @Query() status?: Status,
@ -186,7 +187,25 @@ export class CustomerBranchController extends Controller {
          },
        },
      ],
-      AND: { customerId, subDistrict: zipCode ? { zipCode } : undefined, ...filterStatus(status) },
+      AND: {
+        customer: isSystem(req.user)
+          ? undefined
+          : {
+              registeredBranch: {
+                OR: [
+                  { user: { some: { userId: req.user.sub } } },
+                  {
+                    headOffice: !globalAllow(req.user)
+                      ? { user: { some: { userId: req.user.sub } } }
+                      : undefined,
+                  },
+                ],
+              },
+            },
+        customerId,
+        subDistrict: zipCode ? { zipCode } : undefined,
+        ...filterStatus(status),
+      },
    } satisfies Prisma.CustomerBranchWhereInput;

    const [result, total] = await prisma.$transaction([
--- a/src/controllers/03-customer-controller.ts
+++ b/src/controllers/03-customer-controller.ts
@ -108,6 +108,7 @@ export class CustomerController extends Controller {
  @Get()
  @Security("keycloak")
  async list(
+    @Request() req: RequestWithUser,
    @Query() customerType?: CustomerType,
    @Query() query: string = "",
    @Query() status?: Status,
@ -127,7 +128,22 @@ export class CustomerController extends Controller {
        { firstName: { contains: query } },
        { firstNameEN: { contains: query } },
      ],
-      AND: { customerType, ...filterStatus(status) },
+      AND: {
+        customerType,
+        ...filterStatus(status),
+        registeredBranch: isSystem(req.user)
+          ? undefined
+          : {
+              OR: [
+                { user: { some: { userId: req.user.sub } } },
+                {
+                  headOffice: !globalAllow(req.user)
+                    ? { user: { some: { userId: req.user.sub } } }
+                    : undefined,
+                },
+              ],
+            },
+      },
    } satisfies Prisma.CustomerWhereInput;

    const [result, total] = await prisma.$transaction([