chamomind/jws-backend
chamomind/jws-backend
7
0
Fork 0
Code Issues Projects 1 Releases Packages 1 Wiki Activity Actions

fix: system user query shared product get mixed company

Browse source
This commit is contained in:
Methapon2001 2024-12-19 16:13:12 +07:00
parent 6b4e13e94d
commit 58389ed47f
2 changed files with 29 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

35
src/controllers/04-product-controller.ts
View file

@ -132,6 +132,18 @@ export class ProductController extends Controller {
@Query() orderBy?: "asc" | "desc", @Query() orderBy?: "asc" | "desc",
@Query() activeOnly?: boolean, @Query() activeOnly?: boolean,
) { ) {
// NOTE: will be used to scope product within product group that is shared between branch but not company when select shared product if user is system
const targetGroup =
productGroupId && req.user.roles.includes("system")
? await prisma.productGroup.findFirst({
where: { id: productGroupId },
})
: undefined;
if (targetGroup !== undefined && !targetGroup) throw notFoundError("Product Group");
const targetBranchId = targetGroup?.registeredBranchId;
const where = { const where = {
OR: queryOrNot<Prisma.ProductWhereInput[]>(query, [ OR: queryOrNot<Prisma.ProductWhereInput[]>(query, [
{ name: { contains: query } }, { name: { contains: query } },
@ -142,14 +154,7 @@ export class ProductController extends Controller {
...filterStatus(activeOnly ? Status.ACTIVE : status), ...filterStatus(activeOnly ? Status.ACTIVE : status),
productGroup: { productGroup: {
status: activeOnly ? { not: Status.INACTIVE } : undefined, status: activeOnly ? { not: Status.INACTIVE } : undefined,
registeredBranch: activeOnly registeredBranch: { OR: permissionCondCompany(req.user, { activeOnly, targetBranchId }) },
? {
OR: [
{ headOffice: { status: { not: Status.INACTIVE } } },
{ headOffice: null, status: { not: Status.INACTIVE } },
],
}
: undefined,
}, },
OR: [ OR: [
...(productGroupId ...(productGroupId
@ -162,7 +167,7 @@ export class ProductController extends Controller {
shared: true, shared: true,
productGroup: { productGroup: {
registeredBranch: { registeredBranch: {
OR: permissionCondCompany(req.user, { activeOnly }), OR: permissionCondCompany(req.user, { activeOnly, targetBranchId }),
}, },
}, },
}, },
@ -170,7 +175,7 @@ export class ProductController extends Controller {
productGroup: { productGroup: {
shared: true, shared: true,
registeredBranch: { registeredBranch: {
OR: permissionCondCompany(req.user, { activeOnly }), OR: permissionCondCompany(req.user, { activeOnly, targetBranchId }),
}, },
}, },
}, },
@ -179,16 +184,6 @@ export class ProductController extends Controller {
: { productGroupId }, : { productGroupId },
] ]
: []), : []),
...(isSystem(req.user)
? []
: [
{
productGroup: {
id: productGroupId,
registeredBranch: { OR: permissionCondCompany(req.user, { activeOnly }) },
},
},
]),
], ],
}, },
} satisfies Prisma.ProductWhereInput; } satisfies Prisma.ProductWhereInput;

16
src/services/permission.ts
View file

@ -33,11 +33,23 @@ export function createPermCondition(
globalAllow: (user: RequestWithUser["user"]) => boolean, globalAllow: (user: RequestWithUser["user"]) => boolean,
): ( ): (
user: RequestWithUser["user"], user: RequestWithUser["user"],
opts?: { alwaysIncludeHead?: boolean; activeOnly?: boolean }, opts?: { alwaysIncludeHead?: boolean; activeOnly?: boolean; targetBranchId?: string },
) => Prisma.BranchWhereInput["OR"] { ) => Prisma.BranchWhereInput["OR"] {
return (user, opts) => return (user, opts) =>
isSystem(user) isSystem(user)
? undefined ? opts?.targetBranchId
? [
{
id: opts.targetBranchId,
},
{
headOffice: { id: opts.targetBranchId },
},
{
branch: { some: { id: opts.targetBranchId } },
},
]
: undefined
: [ : [
{ {
AND: opts?.activeOnly ? { status: { not: Status.INACTIVE } } : undefined, AND: opts?.activeOnly ? { status: { not: Status.INACTIVE } } : undefined,