diff --git a/src/controllers/branch-controller.ts b/src/controllers/branch-controller.ts index 3e04d43..9f62b98 100644 --- a/src/controllers/branch-controller.ts +++ b/src/controllers/branch-controller.ts @@ -119,10 +119,24 @@ function mapImageLoc(id: string) { export class BranchController extends Controller { @Get("stats") @Security("keycloak") - async getStats() { + async getStats(@Request() req: RequestWithUser) { const list = await prisma.branch.groupBy({ _count: true, by: "isHeadOffice", + where: { + AND: isSystem(req.user) + ? undefined + : [ + { + user: { some: { userId: req.user.sub } }, + }, + { + headOffice: globalAllow(req.user) + ? { user: { some: { userId: req.user.sub } } } + : undefined, + }, + ], + }, }); return list.reduce>( diff --git a/src/controllers/user-controller.ts b/src/controllers/user-controller.ts index 8e415fe..7d98743 100644 --- a/src/controllers/user-controller.ts +++ b/src/controllers/user-controller.ts @@ -177,14 +177,28 @@ function imageLocation(id: string) { export class UserController extends Controller { @Get("type-stats") @Security("keycloak") - async getUserTypeStats() { + async getUserTypeStats(@Request() req: RequestWithUser) { const list = await prisma.user.groupBy({ by: "userType", _count: true, where: { - AND: { - userRole: { not: "system" }, - }, + userRole: { not: "system" }, + branch: isSystem(req.user) + ? undefined + : { + some: { + branch: { + OR: [ + { user: { some: { userId: req.user.sub } } }, + { + headOffice: !globalAllow(req.user) + ? { user: { some: { userId: req.user.sub } } } + : undefined, + }, + ], + }, + }, + }, }, });