refactor: permission
This commit is contained in:
Methapon Metanipat
parent
cae2ab7ba3
commit
4f84330cbc
1 changed files with 12 additions and 14 deletions
|
|
@ -25,7 +25,7 @@ if (!process.env.MINIO_BUCKET) {
|
|||
}
|
||||
|
||||
const MINIO_BUCKET = process.env.MINIO_BUCKET;
|
||||
const MANAGE_ROLES = ["system", "head_of_admin", "admin"];
|
||||
const MANAGE_ROLES = ["system", "head_of_admin"];
|
||||
|
||||
type BranchCreate = {
|
||||
status?: Status;
|
||||
|
|
@ -130,9 +130,7 @@ export class BranchController extends Controller {
|
|||
const list = await prisma.branchUser.groupBy({
|
||||
_count: true,
|
||||
where: {
|
||||
userId: !["system", "head_of_admin", "admin"].some((v) => req.user.roles?.includes(v))
|
||||
? req.user.sub
|
||||
: undefined,
|
||||
userId: !MANAGE_ROLES.some((v) => req.user.roles?.includes(v)) ? req.user.sub : undefined,
|
||||
user: {
|
||||
userType,
|
||||
},
|
||||
|
|
@ -142,7 +140,7 @@ export class BranchController extends Controller {
|
|||
|
||||
const record = await prisma.branch.findMany({
|
||||
where: {
|
||||
user: !["system", "head_of_admin", "admin"].some((v) => req.user.roles?.includes(v))
|
||||
user: !MANAGE_ROLES.some((v) => req.user.roles?.includes(v))
|
||||
? { some: { userId: req.user.sub } }
|
||||
: undefined,
|
||||
},
|
||||
|
|
@ -420,7 +418,7 @@ export class BranchController extends Controller {
|
|||
}
|
||||
|
||||
@Put("{branchId}")
|
||||
@Security("keycloak", MANAGE_ROLES.concat("branch_manager"))
|
||||
@Security("keycloak", MANAGE_ROLES.concat("admin", "branch_manager"))
|
||||
async editBranch(
|
||||
@Request() req: RequestWithUser,
|
||||
@Body() body: BranchUpdate,
|
||||
|
|
@ -480,7 +478,7 @@ export class BranchController extends Controller {
|
|||
}
|
||||
|
||||
if (
|
||||
!["system", "head_of_admin", "admin"].some((v) => req.user.roles?.includes(v)) &&
|
||||
!MANAGE_ROLES.some((v) => req.user.roles?.includes(v)) &&
|
||||
!branch?.user.find((v) => v.userId === req.user.sub)
|
||||
) {
|
||||
throw new HttpError(
|
||||
|
|
@ -557,7 +555,7 @@ export class BranchController extends Controller {
|
|||
where: { id: branchId },
|
||||
});
|
||||
|
||||
if (!["system", "head_of_admin", "admin"].some((v) => req.user.roles?.includes(v))) {
|
||||
if (!MANAGE_ROLES.some((v) => req.user.roles?.includes(v))) {
|
||||
if (
|
||||
record?.createdByUserId !== req.user.sub &&
|
||||
!record?.user.find((v) => v.userId === req.user.sub)
|
||||
|
|
@ -621,7 +619,7 @@ export class BranchController extends Controller {
|
|||
}
|
||||
|
||||
@Put("{branchId}/line-image")
|
||||
@Security("keycloak", MANAGE_ROLES.concat("branch_manager"))
|
||||
@Security("keycloak", MANAGE_ROLES.concat("admin", "branch_manager"))
|
||||
async setLineImageByBranchId(@Request() req: RequestWithUser, @Path() branchId: string) {
|
||||
const record = await prisma.branch.findUnique({
|
||||
include: {
|
||||
|
|
@ -635,7 +633,7 @@ export class BranchController extends Controller {
|
|||
}
|
||||
|
||||
if (
|
||||
!["system", "head_of_admin", "admin"].some((v) => req.user.roles?.includes(v)) &&
|
||||
!MANAGE_ROLES.some((v) => req.user.roles?.includes(v)) &&
|
||||
!record?.user.find((v) => v.userId === req.user.sub)
|
||||
) {
|
||||
throw new HttpError(
|
||||
|
|
@ -662,7 +660,7 @@ export class BranchController extends Controller {
|
|||
}
|
||||
|
||||
@Put("{branchId}/branch-image")
|
||||
@Security("keycloak", MANAGE_ROLES.concat("branch_manager"))
|
||||
@Security("keycloak", MANAGE_ROLES.concat("admin", "branch_manager"))
|
||||
async setBranchImageByBranchId(@Request() req: RequestWithUser, @Path() branchId: string) {
|
||||
const record = await prisma.branch.findUnique({
|
||||
include: {
|
||||
|
|
@ -676,7 +674,7 @@ export class BranchController extends Controller {
|
|||
}
|
||||
|
||||
if (
|
||||
!["system", "head_of_admin", "admin"].some((v) => req.user.roles?.includes(v)) &&
|
||||
!MANAGE_ROLES.some((v) => req.user.roles?.includes(v)) &&
|
||||
!record?.user.find((v) => v.userId === req.user.sub)
|
||||
) {
|
||||
throw new HttpError(
|
||||
|
|
@ -703,7 +701,7 @@ export class BranchController extends Controller {
|
|||
}
|
||||
|
||||
@Put("{branchId}/map-image")
|
||||
@Security("keycloak", MANAGE_ROLES.concat("branch_manager"))
|
||||
@Security("keycloak", MANAGE_ROLES.concat("admin", "branch_manager"))
|
||||
async setMapImageByBranchId(@Request() req: RequestWithUser, @Path() branchId: string) {
|
||||
const record = await prisma.branch.findUnique({
|
||||
include: {
|
||||
|
|
@ -717,7 +715,7 @@ export class BranchController extends Controller {
|
|||
}
|
||||
|
||||
if (
|
||||
!["system", "head_of_admin", "admin"].some((v) => req.user.roles?.includes(v)) &&
|
||||
!MANAGE_ROLES.some((v) => req.user.roles?.includes(v)) &&
|
||||
!record?.user.find((v) => v.userId === req.user.sub)
|
||||
) {
|
||||
throw new HttpError(
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue