feat(perm): allow anyone to edit owned data

2025-07-03 16:20:23 +07:00 · 2025-07-03 16:20:23 +07:00 · 1e0f97cdef
commit 1e0f97cdef
parent 5c7db2afc6
4 changed files with 4 additions and 4 deletions
--- a/src/controllers/05-payment-controller.ts
+++ b/src/controllers/05-payment-controller.ts
@ -110,7 +110,7 @@ export class QuotationPayment extends Controller {
  }

  @Put("{paymentId}")
-  @Security("keycloak", MANAGE_ROLES)
+  @Security("keycloak")
  async updatePayment(
    @Path() paymentId: string,
    @Body() body: { amount?: number; date?: Date; paymentStatus?: PaymentStatus },
--- a/src/controllers/05-quotation-controller.ts
+++ b/src/controllers/05-quotation-controller.ts
@ -667,7 +667,7 @@ export class QuotationController extends Controller {
  }

  @Put("{quotationId}")
-  @Security("keycloak", MANAGE_ROLES)
+  @Security("keycloak")
  async editQuotation(
    @Request() req: RequestWithUser,
    @Path() quotationId: string,
--- a/src/controllers/08-credit-note-controller.ts
+++ b/src/controllers/08-credit-note-controller.ts
@ -400,7 +400,7 @@ export class CreditNoteController extends Controller {
  }

  @Put("{creditNoteId}")
-  @Security("keycloak", MANAGE_ROLES)
+  @Security("keycloak")
  async updateCreditNote(
    @Request() req: RequestWithUser,
    @Path() creditNoteId: string,
--- a/src/controllers/09-debit-note-controller.ts
+++ b/src/controllers/09-debit-note-controller.ts
@ -579,7 +579,7 @@ export class DebitNoteController extends Controller {
  }

  @Put("{debitNoteId}")
-  @Security("keycloak", MANAGE_ROLES)
+  @Security("keycloak")
  async updateDebitNote(
    @Request() req: RequestWithUser,
    @Path() debitNoteId: string,