feat: scope permission in separated customer branch endpoint

2024-07-03 17:51:48 +07:00 · 2024-07-03 17:51:48 +07:00 · 390b27716b
commit 390b27716b
parent 1ac03f3f02
1 changed files with 26 additions and 5 deletions
--- a/src/controllers/customer-branch-controller.ts
+++ b/src/controllers/customer-branch-controller.ts
@ -24,6 +24,15 @@ if (!process.env.MINIO_BUCKET) {
 }

 const MINIO_BUCKET = process.env.MINIO_BUCKET;
+const MANAGE_ROLES = [
+  "system",
+  "head_of_admin",
+  "admin",
+  "branch_admin",
+  "branch_manager",
+  "head_of_sale",
+  "sale",
+];

 function imageLocation(id: string) {
  return `employee/profile-img-${id}`;
@ -40,6 +49,7 @@ export type CustomerBranchCreate = {

  legalPersonNo: string;

+  branchNo: number;
  taxNo: string | null;
  name: string;
  nameEN: string;
@ -105,9 +115,9 @@ export type CustomerBranchUpdate = {

@Route("api/v1/customer-branch")
@Tags("Customer Branch")
-@Security("keycloak")
 export class CustomerBranchController extends Controller {
  @Get()
+  @Security("keycloak")
  async list(
    @Query() zipCode?: string,
    @Query() customerId?: string,
@ -173,6 +183,7 @@ export class CustomerBranchController extends Controller {
  }

  @Get("{branchId}")
+  @Security("keycloak")
  async getById(@Path() branchId: string) {
    const record = await prisma.customerBranch.findFirst({
      include: {
@ -193,6 +204,7 @@ export class CustomerBranchController extends Controller {
  }

  @Get("{branchId}/employee")
+  @Security("keycloak")
  async listEmployee(
    @Path() branchId: string,
    @Query() zipCode?: string,
@ -245,6 +257,7 @@ export class CustomerBranchController extends Controller {
  }

  @Post()
+  @Security("keycloak", MANAGE_ROLES)
  async create(@Request() req: RequestWithUser, @Body() body: CustomerBranchCreate) {
    const [province, district, subDistrict, customer] = await prisma.$transaction([
      prisma.province.findFirst({ where: { id: body.provinceId || undefined } }),
@ -281,9 +294,16 @@ export class CustomerBranchController extends Controller {

    const record = await prisma.$transaction(
      async (tx) => {
-        const count = await tx.customerBranch.count({
-          where: { customerId },
+        const conflict = await tx.customerBranch.findFirst({
+          where: { customerId, branchNo: rest.branchNo },
        });
+        if (conflict) {
+          throw new HttpError(
+            HttpStatus.BAD_REQUEST,
+            "Branch with current no already exists.",
+            "branchSameNoExist",
+          );
+        }

        return await tx.customerBranch.create({
          include: {
@ -296,8 +316,7 @@ export class CustomerBranchController extends Controller {
          data: {
            ...rest,
            statusOrder: +(rest.status === "INACTIVE"),
-            branchNo: count + 1,
-            code: `${customer.code}-${(count + 1).toString().padStart(2, "0")}`,
+            code: `${customer.code}-${rest.branchNo.toString().padStart(2, "0")}`,
            customer: { connect: { id: customerId } },
            province: { connect: provinceId ? { id: provinceId } : undefined },
            district: { connect: districtId ? { id: districtId } : undefined },
@ -321,6 +340,7 @@ export class CustomerBranchController extends Controller {
  }

  @Put("{branchId}")
+  @Security("keycloak", MANAGE_ROLES)
  async editById(
    @Request() req: RequestWithUser,
    @Body() body: CustomerBranchUpdate,
@ -400,6 +420,7 @@ export class CustomerBranchController extends Controller {
  }

  @Delete("{branchId}")
+  @Security("keycloak", MANAGE_ROLES)
  async delete(@Path() branchId: string) {
    const record = await prisma.customerBranch.findFirst({
      where: { id: branchId },