feat: do not allow sale to delete data
All checks were successful
Spell Check / Spell Check with Typos (push) Successful in 5s
All checks were successful
Spell Check / Spell Check with Typos (push) Successful in 5s
This commit is contained in:
Methapon2001
parent
ced55b9518
commit
2b255ff355
3 changed files with 4 additions and 10 deletions
|
|
@ -38,8 +38,6 @@ const MANAGE_ROLES = [
|
|||
"branch_admin",
|
||||
"branch_manager",
|
||||
"branch_accountant",
|
||||
"head_of_sale",
|
||||
"sale",
|
||||
];
|
||||
|
||||
function globalAllow(user: RequestWithUser["user"]) {
|
||||
|
|
@ -195,7 +193,7 @@ export class InvoiceController extends Controller {
|
|||
|
||||
@Post()
|
||||
@OperationId("createInvoice")
|
||||
@Security("keycloak", MANAGE_ROLES)
|
||||
@Security("keycloak", MANAGE_ROLES.concat(["head_of_sale", "sale"]))
|
||||
async createInvoice(@Request() req: RequestWithUser, @Body() body: InvoicePayload) {
|
||||
const [quotation] = await prisma.$transaction([
|
||||
prisma.quotation.findUnique({
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue