refactor: permission
This commit is contained in:
parent
cae2ab7ba3
commit
4f84330cbc
1 changed files with 12 additions and 14 deletions
|
|
@ -25,7 +25,7 @@ if (!process.env.MINIO_BUCKET) {
|
||||||
}
|
}
|
||||||
|
|
||||||
const MINIO_BUCKET = process.env.MINIO_BUCKET;
|
const MINIO_BUCKET = process.env.MINIO_BUCKET;
|
||||||
const MANAGE_ROLES = ["system", "head_of_admin", "admin"];
|
const MANAGE_ROLES = ["system", "head_of_admin"];
|
||||||
|
|
||||||
type BranchCreate = {
|
type BranchCreate = {
|
||||||
status?: Status;
|
status?: Status;
|
||||||
|
|
@ -130,9 +130,7 @@ export class BranchController extends Controller {
|
||||||
const list = await prisma.branchUser.groupBy({
|
const list = await prisma.branchUser.groupBy({
|
||||||
_count: true,
|
_count: true,
|
||||||
where: {
|
where: {
|
||||||
userId: !["system", "head_of_admin", "admin"].some((v) => req.user.roles?.includes(v))
|
userId: !MANAGE_ROLES.some((v) => req.user.roles?.includes(v)) ? req.user.sub : undefined,
|
||||||
? req.user.sub
|
|
||||||
: undefined,
|
|
||||||
user: {
|
user: {
|
||||||
userType,
|
userType,
|
||||||
},
|
},
|
||||||
|
|
@ -142,7 +140,7 @@ export class BranchController extends Controller {
|
||||||
|
|
||||||
const record = await prisma.branch.findMany({
|
const record = await prisma.branch.findMany({
|
||||||
where: {
|
where: {
|
||||||
user: !["system", "head_of_admin", "admin"].some((v) => req.user.roles?.includes(v))
|
user: !MANAGE_ROLES.some((v) => req.user.roles?.includes(v))
|
||||||
? { some: { userId: req.user.sub } }
|
? { some: { userId: req.user.sub } }
|
||||||
: undefined,
|
: undefined,
|
||||||
},
|
},
|
||||||
|
|
@ -420,7 +418,7 @@ export class BranchController extends Controller {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Put("{branchId}")
|
@Put("{branchId}")
|
||||||
@Security("keycloak", MANAGE_ROLES.concat("branch_manager"))
|
@Security("keycloak", MANAGE_ROLES.concat("admin", "branch_manager"))
|
||||||
async editBranch(
|
async editBranch(
|
||||||
@Request() req: RequestWithUser,
|
@Request() req: RequestWithUser,
|
||||||
@Body() body: BranchUpdate,
|
@Body() body: BranchUpdate,
|
||||||
|
|
@ -480,7 +478,7 @@ export class BranchController extends Controller {
|
||||||
}
|
}
|
||||||
|
|
||||||
if (
|
if (
|
||||||
!["system", "head_of_admin", "admin"].some((v) => req.user.roles?.includes(v)) &&
|
!MANAGE_ROLES.some((v) => req.user.roles?.includes(v)) &&
|
||||||
!branch?.user.find((v) => v.userId === req.user.sub)
|
!branch?.user.find((v) => v.userId === req.user.sub)
|
||||||
) {
|
) {
|
||||||
throw new HttpError(
|
throw new HttpError(
|
||||||
|
|
@ -557,7 +555,7 @@ export class BranchController extends Controller {
|
||||||
where: { id: branchId },
|
where: { id: branchId },
|
||||||
});
|
});
|
||||||
|
|
||||||
if (!["system", "head_of_admin", "admin"].some((v) => req.user.roles?.includes(v))) {
|
if (!MANAGE_ROLES.some((v) => req.user.roles?.includes(v))) {
|
||||||
if (
|
if (
|
||||||
record?.createdByUserId !== req.user.sub &&
|
record?.createdByUserId !== req.user.sub &&
|
||||||
!record?.user.find((v) => v.userId === req.user.sub)
|
!record?.user.find((v) => v.userId === req.user.sub)
|
||||||
|
|
@ -621,7 +619,7 @@ export class BranchController extends Controller {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Put("{branchId}/line-image")
|
@Put("{branchId}/line-image")
|
||||||
@Security("keycloak", MANAGE_ROLES.concat("branch_manager"))
|
@Security("keycloak", MANAGE_ROLES.concat("admin", "branch_manager"))
|
||||||
async setLineImageByBranchId(@Request() req: RequestWithUser, @Path() branchId: string) {
|
async setLineImageByBranchId(@Request() req: RequestWithUser, @Path() branchId: string) {
|
||||||
const record = await prisma.branch.findUnique({
|
const record = await prisma.branch.findUnique({
|
||||||
include: {
|
include: {
|
||||||
|
|
@ -635,7 +633,7 @@ export class BranchController extends Controller {
|
||||||
}
|
}
|
||||||
|
|
||||||
if (
|
if (
|
||||||
!["system", "head_of_admin", "admin"].some((v) => req.user.roles?.includes(v)) &&
|
!MANAGE_ROLES.some((v) => req.user.roles?.includes(v)) &&
|
||||||
!record?.user.find((v) => v.userId === req.user.sub)
|
!record?.user.find((v) => v.userId === req.user.sub)
|
||||||
) {
|
) {
|
||||||
throw new HttpError(
|
throw new HttpError(
|
||||||
|
|
@ -662,7 +660,7 @@ export class BranchController extends Controller {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Put("{branchId}/branch-image")
|
@Put("{branchId}/branch-image")
|
||||||
@Security("keycloak", MANAGE_ROLES.concat("branch_manager"))
|
@Security("keycloak", MANAGE_ROLES.concat("admin", "branch_manager"))
|
||||||
async setBranchImageByBranchId(@Request() req: RequestWithUser, @Path() branchId: string) {
|
async setBranchImageByBranchId(@Request() req: RequestWithUser, @Path() branchId: string) {
|
||||||
const record = await prisma.branch.findUnique({
|
const record = await prisma.branch.findUnique({
|
||||||
include: {
|
include: {
|
||||||
|
|
@ -676,7 +674,7 @@ export class BranchController extends Controller {
|
||||||
}
|
}
|
||||||
|
|
||||||
if (
|
if (
|
||||||
!["system", "head_of_admin", "admin"].some((v) => req.user.roles?.includes(v)) &&
|
!MANAGE_ROLES.some((v) => req.user.roles?.includes(v)) &&
|
||||||
!record?.user.find((v) => v.userId === req.user.sub)
|
!record?.user.find((v) => v.userId === req.user.sub)
|
||||||
) {
|
) {
|
||||||
throw new HttpError(
|
throw new HttpError(
|
||||||
|
|
@ -703,7 +701,7 @@ export class BranchController extends Controller {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Put("{branchId}/map-image")
|
@Put("{branchId}/map-image")
|
||||||
@Security("keycloak", MANAGE_ROLES.concat("branch_manager"))
|
@Security("keycloak", MANAGE_ROLES.concat("admin", "branch_manager"))
|
||||||
async setMapImageByBranchId(@Request() req: RequestWithUser, @Path() branchId: string) {
|
async setMapImageByBranchId(@Request() req: RequestWithUser, @Path() branchId: string) {
|
||||||
const record = await prisma.branch.findUnique({
|
const record = await prisma.branch.findUnique({
|
||||||
include: {
|
include: {
|
||||||
|
|
@ -717,7 +715,7 @@ export class BranchController extends Controller {
|
||||||
}
|
}
|
||||||
|
|
||||||
if (
|
if (
|
||||||
!["system", "head_of_admin", "admin"].some((v) => req.user.roles?.includes(v)) &&
|
!MANAGE_ROLES.some((v) => req.user.roles?.includes(v)) &&
|
||||||
!record?.user.find((v) => v.userId === req.user.sub)
|
!record?.user.find((v) => v.userId === req.user.sub)
|
||||||
) {
|
) {
|
||||||
throw new HttpError(
|
throw new HttpError(
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue