From 4946e3900db86a0e46db2ebd756dc14568bc3d03 Mon Sep 17 00:00:00 2001 From: Methapon Metanipat Date: Thu, 5 Sep 2024 15:06:23 +0700 Subject: [PATCH] feat: customer branch permission --- .../03-customer-branch-controller.ts | 133 +++++++++++++++++- 1 file changed, 130 insertions(+), 3 deletions(-) diff --git a/src/controllers/03-customer-branch-controller.ts b/src/controllers/03-customer-branch-controller.ts index f84efac..8b8fcf7 100644 --- a/src/controllers/03-customer-branch-controller.ts +++ b/src/controllers/03-customer-branch-controller.ts @@ -18,6 +18,7 @@ import prisma from "../db"; import HttpStatus from "../interfaces/http-status"; import HttpError from "../interfaces/http-error"; import minio from "../services/minio"; +import { isSystem } from "../utils/keycloak"; if (!process.env.MINIO_BUCKET) { throw Error("Require MinIO bucket."); @@ -311,6 +312,20 @@ export class CustomerBranchController extends Controller { prisma.customer.findFirst({ where: { id: body.customerId || undefined }, include: { + registeredBranch: { + include: { + user: { + where: { userId: req.user.sub }, + }, + headOffice: { + include: { + user: { + where: { userId: req.user.sub }, + }, + }, + }, + }, + }, branch: { take: 1, orderBy: { createdAt: "asc" }, @@ -343,6 +358,30 @@ export class CustomerBranchController extends Controller { "relationCustomerNotFound", ); + if (!isSystem(req.user)) { + const _branch = customer.registeredBranch; + const affilationBranch = _branch && _branch.user.length !== 0; + const affilationHeadBranch = + _branch && _branch.headOffice && _branch.headOffice.user.length !== 0; + if (!globalAllow(req.user)) { + if (!affilationBranch) { + throw new HttpError( + HttpStatus.FORBIDDEN, + "You do not have permission to perform this action.", + "noPermission", + ); + } + } else { + if (!affilationBranch || !affilationHeadBranch) { + throw new HttpError( + HttpStatus.FORBIDDEN, + "You do not have permission to perform this action.", + "noPermission", + ); + } + } + } + const { provinceId, districtId, subDistrictId, customerId, ...rest } = body; const record = await prisma.$transaction( @@ -421,12 +460,32 @@ export class CustomerBranchController extends Controller { throw new HttpError(HttpStatus.NOT_FOUND, "Branch cannot be found.", "branchNotFound"); } + if (!body.customerId) body.customerId = branch.customerId; + if (body.provinceId || body.districtId || body.subDistrictId || body.customerId) { const [province, district, subDistrict, customer] = await prisma.$transaction([ prisma.province.findFirst({ where: { id: body.provinceId || undefined } }), prisma.district.findFirst({ where: { id: body.districtId || undefined } }), prisma.subDistrict.findFirst({ where: { id: body.subDistrictId || undefined } }), - prisma.customer.findFirst({ where: { id: body.customerId || undefined } }), + prisma.customer.findFirst({ + where: { id: body.customerId || undefined }, + include: { + registeredBranch: { + include: { + user: { + where: { userId: req.user.sub }, + }, + headOffice: { + include: { + user: { + where: { userId: req.user.sub }, + }, + }, + }, + }, + }, + }, + }), ]); if (body.provinceId && !province) throw new HttpError( @@ -446,12 +505,35 @@ export class CustomerBranchController extends Controller { "Sub-district cannot be found.", "relationSubDistrictNotFound", ); - if (body.customerId && !customer) + if (!customer) throw new HttpError( HttpStatus.BAD_REQUEST, "Customer cannot be found.", "relationCustomerNotFound", ); + if (!isSystem(req.user)) { + const _branch = customer.registeredBranch; + const affilationBranch = _branch && _branch.user.length !== 0; + const affilationHeadBranch = + _branch && _branch.headOffice && _branch.headOffice.user.length !== 0; + if (!globalAllow(req.user)) { + if (!affilationBranch) { + throw new HttpError( + HttpStatus.FORBIDDEN, + "You do not have permission to perform this action.", + "noPermission", + ); + } + } else { + if (!affilationBranch || !affilationHeadBranch) { + throw new HttpError( + HttpStatus.FORBIDDEN, + "You do not have permission to perform this action.", + "noPermission", + ); + } + } + } } const { provinceId, districtId, subDistrictId, customerId, ...rest } = body; @@ -488,9 +570,29 @@ export class CustomerBranchController extends Controller { @Delete("{branchId}") @Security("keycloak", MANAGE_ROLES) - async delete(@Path() branchId: string) { + async delete(@Request() req: RequestWithUser, @Path() branchId: string) { const record = await prisma.customerBranch.findFirst({ where: { id: branchId }, + include: { + customer: { + include: { + registeredBranch: { + include: { + user: { + where: { userId: req.user.sub }, + }, + headOffice: { + include: { + user: { + where: { userId: req.user.sub }, + }, + }, + }, + }, + }, + }, + }, + }, }); if (!record) { @@ -501,6 +603,31 @@ export class CustomerBranchController extends Controller { ); } + if (!isSystem(req.user)) { + const _branch = record.customer.registeredBranch; + const affilationBranch = _branch && _branch.user.length !== 0; + const affilationHeadBranch = + _branch && _branch.headOffice && _branch.headOffice.user.length !== 0; + + if (!globalAllow(req.user)) { + if (!affilationBranch) { + throw new HttpError( + HttpStatus.FORBIDDEN, + "You do not have permission to perform this action.", + "noPermission", + ); + } + } else { + if (!affilationBranch || !affilationHeadBranch) { + throw new HttpError( + HttpStatus.FORBIDDEN, + "You do not have permission to perform this action.", + "noPermission", + ); + } + } + } + if (record.status !== Status.CREATED) { throw new HttpError( HttpStatus.FORBIDDEN,