feat: product related permission

2024-07-02 16:54:19 +07:00 · 2024-07-02 16:54:19 +07:00 · 25a1f3c4a4
commit 25a1f3c4a4
parent 6ee2e9c4da
2 changed files with 11 additions and 2 deletions
--- a/src/controllers/product/group-controller.ts
+++ b/src/controllers/product/group-controller.ts
@ -35,14 +35,15 @@ type ProductGroupUpdate = {

@Route("api/v1/product-group")
@Tags("Product Group")
-@Security("keycloak")
 export class ProductGroup extends Controller {
  @Get("stats")
+  @Security("keycloak")
  async getProductGroupStats() {
    return await prisma.productGroup.count();
  }

  @Get()
+  @Security("keycloak")
  async getProductGroup(
    @Query() query: string = "",
    @Query() status?: Status,
@ -110,6 +111,7 @@ export class ProductGroup extends Controller {
  }

  @Get("{groupId}")
+  @Security("keycloak")
  async getProductGroupById(@Path() groupId: string) {
    const record = await prisma.productGroup.findFirst({
      where: { id: groupId },
@ -126,6 +128,7 @@ export class ProductGroup extends Controller {
  }

  @Post()
+  @Security("keycloak", ["system", "head_of_admin", "admin", "accountant"])
  async createProductGroup(@Request() req: RequestWithUser, @Body() body: ProductGroupCreate) {
    const record = await prisma.$transaction(
      async (tx) => {
@ -163,6 +166,7 @@ export class ProductGroup extends Controller {
  }

  @Put("{groupId}")
+  @Security("keycloak", ["system", "head_of_admin", "admin", "accountant"])
  async editProductGroup(
    @Request() req: RequestWithUser,
    @Body() body: ProductGroupUpdate,
@ -189,6 +193,7 @@ export class ProductGroup extends Controller {
  }

  @Delete("{groupId}")
+  @Security("keycloak", ["system", "head_of_admin", "admin", "accountant"])
  async deleteProductGroup(@Path() groupId: string) {
    const record = await prisma.productGroup.findFirst({ where: { id: groupId } });

--- a/src/controllers/product/type-controller.ts
+++ b/src/controllers/product/type-controller.ts
@ -37,7 +37,6 @@ type ProductTypeUpdate = {

@Route("api/v1/product-type")
@Tags("Product Type")
-@Security("keycloak")
 export class ProductType extends Controller {
  @Get("stats")
  async getProductTypeStats() {
@ -45,6 +44,7 @@ export class ProductType extends Controller {
  }

  @Get()
+  @Security("keycloak")
  async getProductType(
    @Query() query: string = "",
    @Query() productGroupId?: string,
@ -87,6 +87,7 @@ export class ProductType extends Controller {
  }

  @Get("{typeId}")
+  @Security("keycloak", ["system", "head_of_admin", "admin", "accountant"])
  async getProductTypeById(@Path() typeId: string) {
    const record = await prisma.productType.findFirst({
      where: { id: typeId },
@ -103,6 +104,7 @@ export class ProductType extends Controller {
  }

  @Post()
+  @Security("keycloak", ["system", "head_of_admin", "admin", "accountant"])
  async createProductType(@Request() req: RequestWithUser, @Body() body: ProductTypeCreate) {
    const productGroup = await prisma.productGroup.findFirst({
      where: { id: body.productGroupId },
@ -159,6 +161,7 @@ export class ProductType extends Controller {
  }

  @Put("{typeId}")
+  @Security("keycloak", ["system", "head_of_admin", "admin", "accountant"])
  async editProductType(
    @Request() req: RequestWithUser,
    @Body() body: ProductTypeUpdate,
@ -207,6 +210,7 @@ export class ProductType extends Controller {
  }

  @Delete("{typeId}")
+  @Security("keycloak", ["system", "head_of_admin", "admin", "accountant"])
  async deleteProductType(@Path() typeId: string) {
    const record = await prisma.productType.findFirst({ where: { id: typeId } });