diff --git a/src/controllers/04-product-controller.ts b/src/controllers/04-product-controller.ts index b71f955..2ed9a88 100644 --- a/src/controllers/04-product-controller.ts +++ b/src/controllers/04-product-controller.ts @@ -132,6 +132,18 @@ export class ProductController extends Controller { @Query() orderBy?: "asc" | "desc", @Query() activeOnly?: boolean, ) { + // NOTE: will be used to scope product within product group that is shared between branch but not company when select shared product if user is system + const targetGroup = + productGroupId && req.user.roles.includes("system") + ? await prisma.productGroup.findFirst({ + where: { id: productGroupId }, + }) + : undefined; + + if (targetGroup !== undefined && !targetGroup) throw notFoundError("Product Group"); + + const targetBranchId = targetGroup?.registeredBranchId; + const where = { OR: queryOrNot(query, [ { name: { contains: query } }, @@ -142,14 +154,7 @@ export class ProductController extends Controller { ...filterStatus(activeOnly ? Status.ACTIVE : status), productGroup: { status: activeOnly ? { not: Status.INACTIVE } : undefined, - registeredBranch: activeOnly - ? { - OR: [ - { headOffice: { status: { not: Status.INACTIVE } } }, - { headOffice: null, status: { not: Status.INACTIVE } }, - ], - } - : undefined, + registeredBranch: { OR: permissionCondCompany(req.user, { activeOnly, targetBranchId }) }, }, OR: [ ...(productGroupId @@ -162,7 +167,7 @@ export class ProductController extends Controller { shared: true, productGroup: { registeredBranch: { - OR: permissionCondCompany(req.user, { activeOnly }), + OR: permissionCondCompany(req.user, { activeOnly, targetBranchId }), }, }, }, @@ -170,7 +175,7 @@ export class ProductController extends Controller { productGroup: { shared: true, registeredBranch: { - OR: permissionCondCompany(req.user, { activeOnly }), + OR: permissionCondCompany(req.user, { activeOnly, targetBranchId }), }, }, }, @@ -179,16 +184,6 @@ export class ProductController extends Controller { : { productGroupId }, ] : []), - ...(isSystem(req.user) - ? [] - : [ - { - productGroup: { - id: productGroupId, - registeredBranch: { OR: permissionCondCompany(req.user, { activeOnly }) }, - }, - }, - ]), ], }, } satisfies Prisma.ProductWhereInput; diff --git a/src/services/permission.ts b/src/services/permission.ts index 941b08e..7ac7f66 100644 --- a/src/services/permission.ts +++ b/src/services/permission.ts @@ -33,11 +33,23 @@ export function createPermCondition( globalAllow: (user: RequestWithUser["user"]) => boolean, ): ( user: RequestWithUser["user"], - opts?: { alwaysIncludeHead?: boolean; activeOnly?: boolean }, + opts?: { alwaysIncludeHead?: boolean; activeOnly?: boolean; targetBranchId?: string }, ) => Prisma.BranchWhereInput["OR"] { return (user, opts) => isSystem(user) - ? undefined + ? opts?.targetBranchId + ? [ + { + id: opts.targetBranchId, + }, + { + headOffice: { id: opts.targetBranchId }, + }, + { + branch: { some: { id: opts.targetBranchId } }, + }, + ] + : undefined : [ { AND: opts?.activeOnly ? { status: { not: Status.INACTIVE } } : undefined,