fix: system user query shared product get mixed company
This commit is contained in:
Methapon2001
parent
6b4e13e94d
commit
58389ed47f
2 changed files with 29 additions and 22 deletions
|
|
@ -132,6 +132,18 @@ export class ProductController extends Controller {
|
|||
@Query() orderBy?: "asc" | "desc",
|
||||
@Query() activeOnly?: boolean,
|
||||
) {
|
||||
// NOTE: will be used to scope product within product group that is shared between branch but not company when select shared product if user is system
|
||||
const targetGroup =
|
||||
productGroupId && req.user.roles.includes("system")
|
||||
? await prisma.productGroup.findFirst({
|
||||
where: { id: productGroupId },
|
||||
})
|
||||
: undefined;
|
||||
|
||||
if (targetGroup !== undefined && !targetGroup) throw notFoundError("Product Group");
|
||||
|
||||
const targetBranchId = targetGroup?.registeredBranchId;
|
||||
|
||||
const where = {
|
||||
OR: queryOrNot<Prisma.ProductWhereInput[]>(query, [
|
||||
{ name: { contains: query } },
|
||||
|
|
@ -142,14 +154,7 @@ export class ProductController extends Controller {
|
|||
...filterStatus(activeOnly ? Status.ACTIVE : status),
|
||||
productGroup: {
|
||||
status: activeOnly ? { not: Status.INACTIVE } : undefined,
|
||||
registeredBranch: activeOnly
|
||||
? {
|
||||
OR: [
|
||||
{ headOffice: { status: { not: Status.INACTIVE } } },
|
||||
{ headOffice: null, status: { not: Status.INACTIVE } },
|
||||
],
|
||||
}
|
||||
: undefined,
|
||||
registeredBranch: { OR: permissionCondCompany(req.user, { activeOnly, targetBranchId }) },
|
||||
},
|
||||
OR: [
|
||||
...(productGroupId
|
||||
|
|
@ -162,7 +167,7 @@ export class ProductController extends Controller {
|
|||
shared: true,
|
||||
productGroup: {
|
||||
registeredBranch: {
|
||||
OR: permissionCondCompany(req.user, { activeOnly }),
|
||||
OR: permissionCondCompany(req.user, { activeOnly, targetBranchId }),
|
||||
},
|
||||
},
|
||||
},
|
||||
|
|
@ -170,7 +175,7 @@ export class ProductController extends Controller {
|
|||
productGroup: {
|
||||
shared: true,
|
||||
registeredBranch: {
|
||||
OR: permissionCondCompany(req.user, { activeOnly }),
|
||||
OR: permissionCondCompany(req.user, { activeOnly, targetBranchId }),
|
||||
},
|
||||
},
|
||||
},
|
||||
|
|
@ -179,16 +184,6 @@ export class ProductController extends Controller {
|
|||
: { productGroupId },
|
||||
]
|
||||
: []),
|
||||
...(isSystem(req.user)
|
||||
? []
|
||||
: [
|
||||
{
|
||||
productGroup: {
|
||||
id: productGroupId,
|
||||
registeredBranch: { OR: permissionCondCompany(req.user, { activeOnly }) },
|
||||
},
|
||||
},
|
||||
]),
|
||||
],
|
||||
},
|
||||
} satisfies Prisma.ProductWhereInput;
|
||||
|
|
|
|||
|
|
@ -33,11 +33,23 @@ export function createPermCondition(
|
|||
globalAllow: (user: RequestWithUser["user"]) => boolean,
|
||||
): (
|
||||
user: RequestWithUser["user"],
|
||||
opts?: { alwaysIncludeHead?: boolean; activeOnly?: boolean },
|
||||
opts?: { alwaysIncludeHead?: boolean; activeOnly?: boolean; targetBranchId?: string },
|
||||
) => Prisma.BranchWhereInput["OR"] {
|
||||
return (user, opts) =>
|
||||
isSystem(user)
|
||||
? undefined
|
||||
? opts?.targetBranchId
|
||||
? [
|
||||
{
|
||||
id: opts.targetBranchId,
|
||||
},
|
||||
{
|
||||
headOffice: { id: opts.targetBranchId },
|
||||
},
|
||||
{
|
||||
branch: { some: { id: opts.targetBranchId } },
|
||||
},
|
||||
]
|
||||
: undefined
|
||||
: [
|
||||
{
|
||||
AND: opts?.activeOnly ? { status: { not: Status.INACTIVE } } : undefined,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue