chamomind/jws-backend
chamomind/jws-backend
7
0
Fork 0
Code Issues Projects 1 Releases Packages 1 Wiki Activity Actions

fix: wrong key

Browse source
This commit is contained in:
Methapon2001 2024-07-02 17:29:03 +07:00
parent 25a1f3c4a4
commit 2450ddb7ee
3 changed files with 7 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/controllers/branch-controller.ts
View file

@ -104,7 +104,7 @@ export class BranchController extends Controller {
const list = await prisma.branchUser.groupBy({ const list = await prisma.branchUser.groupBy({
_count: true, _count: true,
where: { where: {
userId: !["system", "head_of_admin", "admin"].some((v) => req.user.role?.includes(v)) userId: !["system", "head_of_admin", "admin"].some((v) => req.user.roles?.includes(v))
? req.user.sub ? req.user.sub
: undefined, : undefined,
user: { user: {
@ -116,7 +116,7 @@ export class BranchController extends Controller {
const record = await prisma.branch.findMany({ const record = await prisma.branch.findMany({
where: { where: {
user: !["system", "head_of_admin", "admin"].some((v) => req.user.role?.includes(v)) user: !["system", "head_of_admin", "admin"].some((v) => req.user.roles?.includes(v))
? { some: { userId: req.user.sub } } ? { some: { userId: req.user.sub } }
: undefined, : undefined,
}, },
@ -412,7 +412,7 @@ export class BranchController extends Controller {
} }
if ( if (
!["system", "head_of_admin", "admin"].some((v) => req.user.role?.includes(v)) && !["system", "head_of_admin", "admin"].some((v) => req.user.roles?.includes(v)) &&
!branch?.user.find((v) => v.userId === req.user.sub) !branch?.user.find((v) => v.userId === req.user.sub)
) { ) {
throw new HttpError( throw new HttpError(
@ -491,7 +491,7 @@ export class BranchController extends Controller {
where: { id: branchId }, where: { id: branchId },
}); });
if (!["system", "head_of_admin", "admin"].some((v) => req.user.role?.includes(v))) { if (!["system", "head_of_admin", "admin"].some((v) => req.user.roles?.includes(v))) {
if ( if (
record?.createdByUserId !== req.user.sub && record?.createdByUserId !== req.user.sub &&
!record?.user.find((v) => v.userId === req.user.sub) !record?.user.find((v) => v.userId === req.user.sub)

2
src/interfaces/user.ts
View file

@ -8,6 +8,6 @@ export type RequestWithUser = Request & {
familiy_name: string; familiy_name: string;
preferred_username: string; preferred_username: string;
email: string; email: string;
role: string[]; roles: string[];
}; };
}; };

4
src/middlewares/role.ts
View file

@ -8,10 +8,10 @@ export function role(
errorMessage: string = "You do not have permission to access this resource.", errorMessage: string = "You do not have permission to access this resource.",
) { ) {
return (req: RequestWithUser, _res: Response, next: NextFunction) => { return (req: RequestWithUser, _res: Response, next: NextFunction) => {
if (!Array.isArray(role) && !req.user.role.includes(role) && !req.user.role.includes("*")) { if (!Array.isArray(role) && !req.user.roles.includes(role) && !req.user.roles.includes("*")) {
throw new HttpError(HttpStatus.FORBIDDEN, errorMessage, "noPermissionToAccess"); throw new HttpError(HttpStatus.FORBIDDEN, errorMessage, "noPermissionToAccess");
} }
if (role !== "*" && !req.user.role.some((v) => role.includes(v))) { if (role !== "*" && !req.user.roles.some((v) => role.includes(v))) {
throw new HttpError(HttpStatus.FORBIDDEN, errorMessage, "noPermissionToAccess"); throw new HttpError(HttpStatus.FORBIDDEN, errorMessage, "noPermissionToAccess");
} }
return next(); return next();