feat: do not allow sale to delete data
All checks were successful
Spell Check / Spell Check with Typos (push) Successful in 5s
All checks were successful
Spell Check / Spell Check with Typos (push) Successful in 5s
This commit is contained in:
Methapon2001
parent
ced55b9518
commit
2b255ff355
3 changed files with 4 additions and 10 deletions
|
|
@ -35,8 +35,6 @@ const MANAGE_ROLES = [
|
|||
"branch_admin",
|
||||
"branch_manager",
|
||||
"branch_accountant",
|
||||
"head_of_sale",
|
||||
"sale",
|
||||
];
|
||||
|
||||
function globalAllow(user: RequestWithUser["user"]) {
|
||||
|
|
@ -112,7 +110,7 @@ export class QuotationPayment extends Controller {
|
|||
}
|
||||
|
||||
@Put("{paymentId}")
|
||||
@Security("keycloak")
|
||||
@Security("keycloak", MANAGE_ROLES.concat(["head_of_sale", "sale"]))
|
||||
async updatePayment(
|
||||
@Path() paymentId: string,
|
||||
@Body() body: { amount?: number; date?: Date; paymentStatus?: PaymentStatus },
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue