chamomind/jws-backend
chamomind/jws-backend
7
0
Fork 0
Code Issues Projects 1 Releases Packages 1 Wiki Activity Actions

feat: customer branch permission

Browse source
This commit is contained in:
Methapon Metanipat 2024-09-05 15:06:23 +07:00
parent 185de6eda8
commit 4946e3900d
1 changed files with 130 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

133
src/controllers/03-customer-branch-controller.ts
View file

@ -18,6 +18,7 @@ import prisma from "../db";
import HttpStatus from "../interfaces/http-status";
import HttpError from "../interfaces/http-error";
import minio from "../services/minio";
import { isSystem } from "../utils/keycloak";
if (!process.env.MINIO_BUCKET) {
throw Error("Require MinIO bucket.");
@ -311,6 +312,20 @@ export class CustomerBranchController extends Controller {
prisma.customer.findFirst({
where: { id: body.customerId || undefined },
include: {
registeredBranch: {
include: {
user: {
where: { userId: req.user.sub },
},
headOffice: {
include: {
user: {
where: { userId: req.user.sub },
},
},
},
},
},
branch: {
take: 1,
orderBy: { createdAt: "asc" },
@ -343,6 +358,30 @@ export class CustomerBranchController extends Controller {
"relationCustomerNotFound",
);
if (!isSystem(req.user)) {
const _branch = customer.registeredBranch;
const affilationBranch = _branch && _branch.user.length !== 0;
const affilationHeadBranch =
_branch && _branch.headOffice && _branch.headOffice.user.length !== 0;
if (!globalAllow(req.user)) {
if (!affilationBranch) {
throw new HttpError(
HttpStatus.FORBIDDEN,
"You do not have permission to perform this action.",
"noPermission",
);
}
} else {
if (!affilationBranch || !affilationHeadBranch) {
throw new HttpError(
HttpStatus.FORBIDDEN,
"You do not have permission to perform this action.",
"noPermission",
);
}
}
}
const { provinceId, districtId, subDistrictId, customerId, ...rest } = body;
const record = await prisma.$transaction(
@ -421,12 +460,32 @@ export class CustomerBranchController extends Controller {
throw new HttpError(HttpStatus.NOT_FOUND, "Branch cannot be found.", "branchNotFound");
}
if (!body.customerId) body.customerId = branch.customerId;
if (body.provinceId || body.districtId || body.subDistrictId || body.customerId) {
const [province, district, subDistrict, customer] = await prisma.$transaction([
prisma.province.findFirst({ where: { id: body.provinceId || undefined } }),
prisma.district.findFirst({ where: { id: body.districtId || undefined } }),
prisma.subDistrict.findFirst({ where: { id: body.subDistrictId || undefined } }),
prisma.customer.findFirst({ where: { id: body.customerId || undefined } }),
prisma.customer.findFirst({
where: { id: body.customerId || undefined },
include: {
registeredBranch: {
include: {
user: {
where: { userId: req.user.sub },
},
headOffice: {
include: {
user: {
where: { userId: req.user.sub },
},
},
},
},
},
},
}),
]);
if (body.provinceId && !province)
throw new HttpError(
@ -446,12 +505,35 @@ export class CustomerBranchController extends Controller {
"Sub-district cannot be found.",
"relationSubDistrictNotFound",
);
if (body.customerId && !customer)
if (!customer)
throw new HttpError(
HttpStatus.BAD_REQUEST,
"Customer cannot be found.",
"relationCustomerNotFound",
);
if (!isSystem(req.user)) {
const _branch = customer.registeredBranch;
const affilationBranch = _branch && _branch.user.length !== 0;
const affilationHeadBranch =
_branch && _branch.headOffice && _branch.headOffice.user.length !== 0;
if (!globalAllow(req.user)) {
if (!affilationBranch) {
throw new HttpError(
HttpStatus.FORBIDDEN,
"You do not have permission to perform this action.",
"noPermission",
);
}
} else {
if (!affilationBranch || !affilationHeadBranch) {
throw new HttpError(
HttpStatus.FORBIDDEN,
"You do not have permission to perform this action.",
"noPermission",
);
}
}
}
}
const { provinceId, districtId, subDistrictId, customerId, ...rest } = body;
@ -488,9 +570,29 @@ export class CustomerBranchController extends Controller {
@Delete("{branchId}")
@Security("keycloak", MANAGE_ROLES)
async delete(@Path() branchId: string) {
async delete(@Request() req: RequestWithUser, @Path() branchId: string) {
const record = await prisma.customerBranch.findFirst({
where: { id: branchId },
include: {
customer: {
include: {
registeredBranch: {
include: {
user: {
where: { userId: req.user.sub },
},
headOffice: {
include: {
user: {
where: { userId: req.user.sub },
},
},
},
},
},
},
},
},
});
if (!record) {
@ -501,6 +603,31 @@ export class CustomerBranchController extends Controller {
);
}
if (!isSystem(req.user)) {
const _branch = record.customer.registeredBranch;
const affilationBranch = _branch && _branch.user.length !== 0;
const affilationHeadBranch =
_branch && _branch.headOffice && _branch.headOffice.user.length !== 0;
if (!globalAllow(req.user)) {
if (!affilationBranch) {
throw new HttpError(
HttpStatus.FORBIDDEN,
"You do not have permission to perform this action.",
"noPermission",
);
}
} else {
if (!affilationBranch || !affilationHeadBranch) {
throw new HttpError(
HttpStatus.FORBIDDEN,
"You do not have permission to perform this action.",
"noPermission",
);
}
}
}
if (record.status !== Status.CREATED) {
throw new HttpError(
HttpStatus.FORBIDDEN,