feat(perm): update api branch perm

2025-07-02 10:26:57 +07:00 · 2025-07-02 10:26:57 +07:00 · 2756fcb655
commit 2756fcb655
parent acd6bb35e9
2 changed files with 23 additions and 10 deletions
--- a/src/controllers/01-branch-controller.ts
+++ b/src/controllers/01-branch-controller.ts
@ -47,16 +47,20 @@ if (!process.env.MINIO_BUCKET) {
  throw Error("Require MinIO bucket.");
 }

-const MANAGE_ROLES = ["system", "head_of_admin"];
+const MANAGE_ROLES = [
+  "system",
+  "head_of_admin",
+  "admin",
+  "executive",
+  "accountant",
+  "branch_admin",
+  "branch_manager",
+  "branch_accountant",
+];

 function globalAllow(user: RequestWithUser["user"]) {
-  return MANAGE_ROLES.some((v) => user.roles?.includes(v));
-}
-
-function globalAllowView(user: RequestWithUser["user"]) {
-  return MANAGE_ROLES.concat("head_of_accountant", "head_of_sale").some((v) =>
-    user.roles?.includes(v),
-  );
+  const listAllowed = ["system", "head_of_admin", "admin", "executive", "accountant"];
+  return user.roles?.some((v) => listAllowed.includes(v)) || false;
 }

 type BranchCreate = {
--- a/src/controllers/01-branch-user-controller.ts
+++ b/src/controllers/01-branch-user-controller.ts
@ -20,10 +20,19 @@ import { RequestWithUser } from "../interfaces/user";
 import { branchRelationPermInclude, createPermCheck } from "../services/permission";
 import { queryOrNot, whereDateQuery } from "../utils/relation";

-const MANAGE_ROLES = ["system", "head_of_admin", "admin", "branch_manager"];
+const MANAGE_ROLES = [
+  "system",
+  "head_of_admin",
+  "admin",
+  "executive",
+  "accountant",
+  "branch_admin",
+  "branch_manager",
+  "branch_accountant",
+];

 function globalAllow(user: RequestWithUser["user"]) {
-  const listAllowed = ["system", "head_of_admin", "admin"];
+  const listAllowed = ["system", "head_of_admin", "admin", "executive", "accountant"];
  return user.roles?.some((v) => listAllowed.includes(v)) || false;
 }