diff --git a/src/controllers/branch-controller.ts b/src/controllers/branch-controller.ts index 989ddc5..31023d4 100644 --- a/src/controllers/branch-controller.ts +++ b/src/controllers/branch-controller.ts @@ -25,7 +25,7 @@ if (!process.env.MINIO_BUCKET) { } const MINIO_BUCKET = process.env.MINIO_BUCKET; -const MANAGE_ROLES = ["system", "head_of_admin", "admin"]; +const MANAGE_ROLES = ["system", "head_of_admin"]; type BranchCreate = { status?: Status; @@ -130,9 +130,7 @@ export class BranchController extends Controller { const list = await prisma.branchUser.groupBy({ _count: true, where: { - userId: !["system", "head_of_admin", "admin"].some((v) => req.user.roles?.includes(v)) - ? req.user.sub - : undefined, + userId: !MANAGE_ROLES.some((v) => req.user.roles?.includes(v)) ? req.user.sub : undefined, user: { userType, }, @@ -142,7 +140,7 @@ export class BranchController extends Controller { const record = await prisma.branch.findMany({ where: { - user: !["system", "head_of_admin", "admin"].some((v) => req.user.roles?.includes(v)) + user: !MANAGE_ROLES.some((v) => req.user.roles?.includes(v)) ? { some: { userId: req.user.sub } } : undefined, }, @@ -420,7 +418,7 @@ export class BranchController extends Controller { } @Put("{branchId}") - @Security("keycloak", MANAGE_ROLES.concat("branch_manager")) + @Security("keycloak", MANAGE_ROLES.concat("admin", "branch_manager")) async editBranch( @Request() req: RequestWithUser, @Body() body: BranchUpdate, @@ -480,7 +478,7 @@ export class BranchController extends Controller { } if ( - !["system", "head_of_admin", "admin"].some((v) => req.user.roles?.includes(v)) && + !MANAGE_ROLES.some((v) => req.user.roles?.includes(v)) && !branch?.user.find((v) => v.userId === req.user.sub) ) { throw new HttpError( @@ -557,7 +555,7 @@ export class BranchController extends Controller { where: { id: branchId }, }); - if (!["system", "head_of_admin", "admin"].some((v) => req.user.roles?.includes(v))) { + if (!MANAGE_ROLES.some((v) => req.user.roles?.includes(v))) { if ( record?.createdByUserId !== req.user.sub && !record?.user.find((v) => v.userId === req.user.sub) @@ -621,7 +619,7 @@ export class BranchController extends Controller { } @Put("{branchId}/line-image") - @Security("keycloak", MANAGE_ROLES.concat("branch_manager")) + @Security("keycloak", MANAGE_ROLES.concat("admin", "branch_manager")) async setLineImageByBranchId(@Request() req: RequestWithUser, @Path() branchId: string) { const record = await prisma.branch.findUnique({ include: { @@ -635,7 +633,7 @@ export class BranchController extends Controller { } if ( - !["system", "head_of_admin", "admin"].some((v) => req.user.roles?.includes(v)) && + !MANAGE_ROLES.some((v) => req.user.roles?.includes(v)) && !record?.user.find((v) => v.userId === req.user.sub) ) { throw new HttpError( @@ -662,7 +660,7 @@ export class BranchController extends Controller { } @Put("{branchId}/branch-image") - @Security("keycloak", MANAGE_ROLES.concat("branch_manager")) + @Security("keycloak", MANAGE_ROLES.concat("admin", "branch_manager")) async setBranchImageByBranchId(@Request() req: RequestWithUser, @Path() branchId: string) { const record = await prisma.branch.findUnique({ include: { @@ -676,7 +674,7 @@ export class BranchController extends Controller { } if ( - !["system", "head_of_admin", "admin"].some((v) => req.user.roles?.includes(v)) && + !MANAGE_ROLES.some((v) => req.user.roles?.includes(v)) && !record?.user.find((v) => v.userId === req.user.sub) ) { throw new HttpError( @@ -703,7 +701,7 @@ export class BranchController extends Controller { } @Put("{branchId}/map-image") - @Security("keycloak", MANAGE_ROLES.concat("branch_manager")) + @Security("keycloak", MANAGE_ROLES.concat("admin", "branch_manager")) async setMapImageByBranchId(@Request() req: RequestWithUser, @Path() branchId: string) { const record = await prisma.branch.findUnique({ include: { @@ -717,7 +715,7 @@ export class BranchController extends Controller { } if ( - !["system", "head_of_admin", "admin"].some((v) => req.user.roles?.includes(v)) && + !MANAGE_ROLES.some((v) => req.user.roles?.includes(v)) && !record?.user.find((v) => v.userId === req.user.sub) ) { throw new HttpError(