diff --git a/src/controllers/01-branch-controller.ts b/src/controllers/01-branch-controller.ts index 1ad2859..e64e1c0 100644 --- a/src/controllers/01-branch-controller.ts +++ b/src/controllers/01-branch-controller.ts @@ -157,7 +157,7 @@ export class BranchController extends Controller { async getStats(@Request() req: RequestWithUser, @Query() headOfficeId?: string) { const where = { AND: { - OR: permissionCond(req.user, true), + OR: permissionCond(req.user, { alwaysIncludeHead: true }), }, }; @@ -255,7 +255,7 @@ export class BranchController extends Controller { ...filterStatus(status), headOfficeId: headOfficeId ?? (filter === "head" || tree ? null : undefined), NOT: { headOfficeId: filter === "sub" && !headOfficeId ? null : undefined }, - OR: permissionCond(req.user, withHead), + OR: permissionCond(req.user, { alwaysIncludeHead: withHead }), }, OR: queryOrNot(query, [ { code: { contains: query, mode: "insensitive" } }, diff --git a/src/services/permission.ts b/src/services/permission.ts index 88e9b79..8607aa3 100644 --- a/src/services/permission.ts +++ b/src/services/permission.ts @@ -1,3 +1,4 @@ +import { Prisma } from "@prisma/client"; import prisma from "../db"; import HttpError from "../interfaces/http-error"; import HttpStatus from "../interfaces/http-status"; @@ -18,7 +19,10 @@ export function branchRelationPermInclude(user: RequestWithUser["user"]) { } export function createPermCondition(globalAllow: (user: RequestWithUser["user"]) => boolean) { - return (user: RequestWithUser["user"], alwaysIncludeHead?: boolean) => + return ( + user: RequestWithUser["user"], + opts?: { alwaysIncludeHead?: boolean; includeInActive?: boolean }, + ) => isSystem(user) ? undefined : [ @@ -27,7 +31,7 @@ export function createPermCondition(globalAllow: (user: RequestWithUser["user"]) }, { branch: - alwaysIncludeHead || globalAllow(user) + opts?.alwaysIncludeHead || globalAllow(user) ? { some: { user: { some: { userId: user.sub } } } } : undefined, },