chamomind/jws-backend
chamomind/jws-backend
6
0
Fork 0
Code Issues Projects 1 Releases Packages 1 Wiki Activity Actions

feat: do not allow sale to delete data
All checks were successful
Spell Check / Spell Check with Typos (push) Successful in 5s
Details

Browse source
This commit is contained in:
Methapon2001 2025-07-04 13:31:01 +07:00
parent ced55b9518
commit 2b255ff355
3 changed files with 4 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/controllers/04-invoice-controller.ts
View file

@ -38,8 +38,6 @@ const MANAGE_ROLES = [
"branch_admin", "branch_admin",
"branch_manager", "branch_manager",
"branch_accountant", "branch_accountant",
"head_of_sale",
"sale",
]; ];
function globalAllow(user: RequestWithUser["user"]) { function globalAllow(user: RequestWithUser["user"]) {
@ -195,7 +193,7 @@ export class InvoiceController extends Controller {
@Post() @Post()
@OperationId("createInvoice") @OperationId("createInvoice")
@Security("keycloak", MANAGE_ROLES) @Security("keycloak", MANAGE_ROLES.concat(["head_of_sale", "sale"]))
async createInvoice(@Request() req: RequestWithUser, @Body() body: InvoicePayload) { async createInvoice(@Request() req: RequestWithUser, @Body() body: InvoicePayload) {
const [quotation] = await prisma.$transaction([ const [quotation] = await prisma.$transaction([
prisma.quotation.findUnique({ prisma.quotation.findUnique({

4
src/controllers/05-payment-controller.ts
View file

@ -35,8 +35,6 @@ const MANAGE_ROLES = [
"branch_admin", "branch_admin",
"branch_manager", "branch_manager",
"branch_accountant", "branch_accountant",
"head_of_sale",
"sale",
]; ];
function globalAllow(user: RequestWithUser["user"]) { function globalAllow(user: RequestWithUser["user"]) {
@ -112,7 +110,7 @@ export class QuotationPayment extends Controller {
} }
@Put("{paymentId}") @Put("{paymentId}")
@Security("keycloak") @Security("keycloak", MANAGE_ROLES.concat(["head_of_sale", "sale"]))
async updatePayment( async updatePayment(
@Path() paymentId: string, @Path() paymentId: string,
@Body() body: { amount?: number; date?: Date; paymentStatus?: PaymentStatus }, @Body() body: { amount?: number; date?: Date; paymentStatus?: PaymentStatus },

6
src/controllers/05-quotation-controller.ts
View file

@ -155,8 +155,6 @@ const MANAGE_ROLES = [
"branch_admin", "branch_admin",
"branch_manager", "branch_manager",
"branch_accountant", "branch_accountant",
"head_of_sale",
"sale",
]; ];
function globalAllow(user: RequestWithUser["user"]) { function globalAllow(user: RequestWithUser["user"]) {
@ -418,7 +416,7 @@ export class QuotationController extends Controller {
} }
@Post() @Post()
@Security("keycloak", MANAGE_ROLES) @Security("keycloak", MANAGE_ROLES.concat(["head_of_sale", "sale"]))
async createQuotation(@Request() req: RequestWithUser, @Body() body: QuotationCreate) { async createQuotation(@Request() req: RequestWithUser, @Body() body: QuotationCreate) {
const ids = { const ids = {
employee: body.worker.filter((v) => typeof v === "string"), employee: body.worker.filter((v) => typeof v === "string"),
@ -669,7 +667,7 @@ export class QuotationController extends Controller {
} }
@Put("{quotationId}") @Put("{quotationId}")
@Security("keycloak") @Security("keycloak", MANAGE_ROLES.concat(["head_of_sale", "sale"]))
async editQuotation( async editQuotation(
@Request() req: RequestWithUser, @Request() req: RequestWithUser,
@Path() quotationId: string, @Path() quotationId: string,