refactor: use helper function

2024-09-10 15:17:48 +07:00 · 2024-09-10 15:17:48 +07:00 · 615ba4e214
commit 615ba4e214
parent 9584f3c5b3
1 changed files with 37 additions and 61 deletions
--- a/src/controllers/02-user-controller.ts
+++ b/src/controllers/02-user-controller.ts
@ -146,63 +146,6 @@ type UserUpdate = {
 const permissionCond = createPermCondition(globalAllow);
 const permissionCheck = createPermCheck(globalAllow);

-async function permissionCheckGetUser(user: RequestWithUser["user"], userId: string) {
-  const record = await prisma.user.findFirst({
-    include: {
-      province: true,
-      district: true,
-      subDistrict: true,
-      createdBy: true,
-      updatedBy: true,
-      branch: {
-        include: {
-          branch: {
-            include: {
-              headOffice: {
-                include: {
-                  branch: { where: { user: { some: { userId: user.sub } } } },
-                  user: { where: { userId: user.sub } },
-                },
-              },
-              user: { where: { userId: user.sub } },
-            },
-          },
-        },
-      },
-    },
-    where: { id: userId },
-  });
-
-  if (!record) {
-    throw new HttpError(HttpStatus.NOT_FOUND, "User cannot be found.", "userNotFound");
-  }
-
-  if (!isSystem(user)) {
-    record.branch.forEach(({ branch }) => {
-      if (!globalAllow(user) && branch.user.length === 0) {
-        throw new HttpError(
-          HttpStatus.FORBIDDEN,
-          "You do not have permission to perform this action.",
-          "noPermission",
-        );
-      } else {
-        if (
-          (branch.user.length === 0 && !branch.headOffice) ||
-          (branch.headOffice &&
-            branch.headOffice.user.length === 0 &&
-            branch.headOffice.branch.length === 0)
-        ) {
-          throw new HttpError(
-            HttpStatus.FORBIDDEN,
-            "You do not have permission to perform this action.",
-            "noPermission",
-          );
-        }
-      }
-    });
-  }
-}
-
 async function userBranchCodeGen(user: User, branch: Branch) {
  return await prisma.$transaction(
    async (tx) => {
@ -743,6 +686,39 @@ export class UserController extends Controller {
  }
 }

+async function getUserCheckPerm(user: RequestWithUser["user"], userId: string) {
+  const record = await prisma.user.findFirst({
+    include: {
+      province: true,
+      district: true,
+      subDistrict: true,
+      createdBy: true,
+      updatedBy: true,
+      branch: {
+        include: {
+          branch: {
+            include: {
+              headOffice: {
+                include: {
+                  branch: { where: { user: { some: { userId: user.sub } } } },
+                  user: { where: { userId: user.sub } },
+                },
+              },
+              user: { where: { userId: user.sub } },
+            },
+          },
+        },
+      },
+    },
+    where: { id: userId },
+  });
+
+  if (!record) {
+    throw new HttpError(HttpStatus.NOT_FOUND, "User cannot be found.", "userNotFound");
+  }
+
+  await Promise.all(record.branch.map(async ({ branch }) => await permissionCheck(user, branch)));
+}
@Route("api/v1/user/{userId}/profile-image")
@Tags("User")
 export class UserProfileController extends Controller {
@ -774,7 +750,7 @@ export class UserProfileController extends Controller {
  @Put("{name}")
  @Security("keycloak")
  async putImage(@Request() req: RequestWithUser, @Path() userId: string, @Path() name: string) {
-    await permissionCheckGetUser(req.user, userId);
+    await getUserCheckPerm(req.user, userId);
    return req.res?.redirect(
      await minio.presignedPutObject(
        MINIO_BUCKET,
@ -787,7 +763,7 @@ export class UserProfileController extends Controller {
  @Delete("{name}")
  @Security("keycloak")
  async deleteImage(@Request() req: RequestWithUser, @Path() userId: string, @Path() name: string) {
-    await permissionCheckGetUser(req.user, userId);
+    await getUserCheckPerm(req.user, userId);
    await minio.removeObject(MINIO_BUCKET, fileLocation.user.profile(userId, name), {
      forceDelete: true,
    });
@ -828,7 +804,7 @@ export class UserAttachmentController extends Controller {
    @Path() userId: string,
    @Body() payload: { file: string[] },
  ) {
-    await permissionCheckGetUser(req.user, userId);
+    await getUserCheckPerm(req.user, userId);

    return await Promise.all(
      payload.file.map(async (v) => ({
@ -849,7 +825,7 @@ export class UserAttachmentController extends Controller {
    @Path() userId: string,
    @Body() payload: { file: string[] },
  ) {
-    await permissionCheckGetUser(req.user, userId);
+    await getUserCheckPerm(req.user, userId);
    await Promise.all(
      payload.file.map(async (v) => {
        await minio.removeObject(MINIO_BUCKET, fileLocation.user.attachment(userId, v), {