refactor: permission

This commit is contained in:
Methapon Metanipat 2024-09-03 09:47:58 +07:00
parent cae2ab7ba3
commit 4f84330cbc

View file

@ -25,7 +25,7 @@ if (!process.env.MINIO_BUCKET) {
} }
const MINIO_BUCKET = process.env.MINIO_BUCKET; const MINIO_BUCKET = process.env.MINIO_BUCKET;
const MANAGE_ROLES = ["system", "head_of_admin", "admin"]; const MANAGE_ROLES = ["system", "head_of_admin"];
type BranchCreate = { type BranchCreate = {
status?: Status; status?: Status;
@ -130,9 +130,7 @@ export class BranchController extends Controller {
const list = await prisma.branchUser.groupBy({ const list = await prisma.branchUser.groupBy({
_count: true, _count: true,
where: { where: {
userId: !["system", "head_of_admin", "admin"].some((v) => req.user.roles?.includes(v)) userId: !MANAGE_ROLES.some((v) => req.user.roles?.includes(v)) ? req.user.sub : undefined,
? req.user.sub
: undefined,
user: { user: {
userType, userType,
}, },
@ -142,7 +140,7 @@ export class BranchController extends Controller {
const record = await prisma.branch.findMany({ const record = await prisma.branch.findMany({
where: { where: {
user: !["system", "head_of_admin", "admin"].some((v) => req.user.roles?.includes(v)) user: !MANAGE_ROLES.some((v) => req.user.roles?.includes(v))
? { some: { userId: req.user.sub } } ? { some: { userId: req.user.sub } }
: undefined, : undefined,
}, },
@ -420,7 +418,7 @@ export class BranchController extends Controller {
} }
@Put("{branchId}") @Put("{branchId}")
@Security("keycloak", MANAGE_ROLES.concat("branch_manager")) @Security("keycloak", MANAGE_ROLES.concat("admin", "branch_manager"))
async editBranch( async editBranch(
@Request() req: RequestWithUser, @Request() req: RequestWithUser,
@Body() body: BranchUpdate, @Body() body: BranchUpdate,
@ -480,7 +478,7 @@ export class BranchController extends Controller {
} }
if ( if (
!["system", "head_of_admin", "admin"].some((v) => req.user.roles?.includes(v)) && !MANAGE_ROLES.some((v) => req.user.roles?.includes(v)) &&
!branch?.user.find((v) => v.userId === req.user.sub) !branch?.user.find((v) => v.userId === req.user.sub)
) { ) {
throw new HttpError( throw new HttpError(
@ -557,7 +555,7 @@ export class BranchController extends Controller {
where: { id: branchId }, where: { id: branchId },
}); });
if (!["system", "head_of_admin", "admin"].some((v) => req.user.roles?.includes(v))) { if (!MANAGE_ROLES.some((v) => req.user.roles?.includes(v))) {
if ( if (
record?.createdByUserId !== req.user.sub && record?.createdByUserId !== req.user.sub &&
!record?.user.find((v) => v.userId === req.user.sub) !record?.user.find((v) => v.userId === req.user.sub)
@ -621,7 +619,7 @@ export class BranchController extends Controller {
} }
@Put("{branchId}/line-image") @Put("{branchId}/line-image")
@Security("keycloak", MANAGE_ROLES.concat("branch_manager")) @Security("keycloak", MANAGE_ROLES.concat("admin", "branch_manager"))
async setLineImageByBranchId(@Request() req: RequestWithUser, @Path() branchId: string) { async setLineImageByBranchId(@Request() req: RequestWithUser, @Path() branchId: string) {
const record = await prisma.branch.findUnique({ const record = await prisma.branch.findUnique({
include: { include: {
@ -635,7 +633,7 @@ export class BranchController extends Controller {
} }
if ( if (
!["system", "head_of_admin", "admin"].some((v) => req.user.roles?.includes(v)) && !MANAGE_ROLES.some((v) => req.user.roles?.includes(v)) &&
!record?.user.find((v) => v.userId === req.user.sub) !record?.user.find((v) => v.userId === req.user.sub)
) { ) {
throw new HttpError( throw new HttpError(
@ -662,7 +660,7 @@ export class BranchController extends Controller {
} }
@Put("{branchId}/branch-image") @Put("{branchId}/branch-image")
@Security("keycloak", MANAGE_ROLES.concat("branch_manager")) @Security("keycloak", MANAGE_ROLES.concat("admin", "branch_manager"))
async setBranchImageByBranchId(@Request() req: RequestWithUser, @Path() branchId: string) { async setBranchImageByBranchId(@Request() req: RequestWithUser, @Path() branchId: string) {
const record = await prisma.branch.findUnique({ const record = await prisma.branch.findUnique({
include: { include: {
@ -676,7 +674,7 @@ export class BranchController extends Controller {
} }
if ( if (
!["system", "head_of_admin", "admin"].some((v) => req.user.roles?.includes(v)) && !MANAGE_ROLES.some((v) => req.user.roles?.includes(v)) &&
!record?.user.find((v) => v.userId === req.user.sub) !record?.user.find((v) => v.userId === req.user.sub)
) { ) {
throw new HttpError( throw new HttpError(
@ -703,7 +701,7 @@ export class BranchController extends Controller {
} }
@Put("{branchId}/map-image") @Put("{branchId}/map-image")
@Security("keycloak", MANAGE_ROLES.concat("branch_manager")) @Security("keycloak", MANAGE_ROLES.concat("admin", "branch_manager"))
async setMapImageByBranchId(@Request() req: RequestWithUser, @Path() branchId: string) { async setMapImageByBranchId(@Request() req: RequestWithUser, @Path() branchId: string) {
const record = await prisma.branch.findUnique({ const record = await prisma.branch.findUnique({
include: { include: {
@ -717,7 +715,7 @@ export class BranchController extends Controller {
} }
if ( if (
!["system", "head_of_admin", "admin"].some((v) => req.user.roles?.includes(v)) && !MANAGE_ROLES.some((v) => req.user.roles?.includes(v)) &&
!record?.user.find((v) => v.userId === req.user.sub) !record?.user.find((v) => v.userId === req.user.sub)
) { ) {
throw new HttpError( throw new HttpError(