diff --git a/prisma/migrations/20241015100831_update_quotation_structure/migration.sql b/prisma/migrations/20241015100831_update_quotation_structure/migration.sql new file mode 100644 index 0000000..25dd27c --- /dev/null +++ b/prisma/migrations/20241015100831_update_quotation_structure/migration.sql @@ -0,0 +1,11 @@ +/* + Warnings: + + - Added the required column `registeredBranchId` to the `Quotation` table without a default value. This is not possible if the table is not empty. + +*/ +-- AlterTable +ALTER TABLE "Quotation" ADD COLUMN "registeredBranchId" TEXT NOT NULL; + +-- AddForeignKey +ALTER TABLE "Quotation" ADD CONSTRAINT "Quotation_registeredBranchId_fkey" FOREIGN KEY ("registeredBranchId") REFERENCES "Branch"("id") ON DELETE RESTRICT ON UPDATE CASCADE; diff --git a/prisma/schema.prisma b/prisma/schema.prisma index 239aa77..b3c0925 100644 --- a/prisma/schema.prisma +++ b/prisma/schema.prisma @@ -258,6 +258,7 @@ model Branch { customerRegistration Customer[] productGroup ProductGroup[] + quotation Quotation[] } model BranchBank { @@ -1090,6 +1091,9 @@ enum PayCondition { model Quotation { id String @id @default(cuid()) + registeredBranch Branch @relation(fields: [registeredBranchId], references: [id]) + registeredBranchId String + customerBranchId String customerBranch CustomerBranch @relation(fields: [customerBranchId], references: [id]) diff --git a/src/controllers/05-quotation-controller.ts b/src/controllers/05-quotation-controller.ts index 5d4ba70..725cf5e 100644 --- a/src/controllers/05-quotation-controller.ts +++ b/src/controllers/05-quotation-controller.ts @@ -26,6 +26,7 @@ import { isUsedError, notFoundError, relationError } from "../utils/error"; import { precisionRound } from "../utils/arithmetic"; type QuotationCreate = { + registeredBranchId: string; status?: Status; workName: string; @@ -80,6 +81,7 @@ type QuotationCreate = { }; type QuotationUpdate = { + registeredBranchId?: string; status?: "ACTIVE" | "INACTIVE"; workName?: string; @@ -150,6 +152,7 @@ function globalAllow(user: RequestWithUser["user"]) { return allowList.some((v) => user.roles?.includes(v)); } +const permissionCheckCompany = createPermCheck((_) => true); const permissionCheck = createPermCheck(globalAllow); const permissionCond = createPermCondition(globalAllow); @@ -163,11 +166,7 @@ export class QuotationController extends Controller { _count: true, by: "payCondition", where: { - customerBranch: { - customer: { - registeredBranch: isSystem(req.user) ? undefined : { OR: permissionCond(req.user) }, - }, - }, + registeredBranch: isSystem(req.user) ? undefined : { OR: permissionCond(req.user) }, }, }); @@ -186,11 +185,7 @@ export class QuotationController extends Controller { ) { const where = { payCondition, - customerBranch: { - customer: { - registeredBranch: isSystem(req.user) ? undefined : { OR: permissionCond(req.user) }, - }, - }, + registeredBranch: isSystem(req.user) ? undefined : { OR: permissionCond(req.user) }, } satisfies Prisma.QuotationWhereInput; const [result, total] = await prisma.$transaction([ @@ -228,6 +223,7 @@ export class QuotationController extends Controller { _count: { select: { worker: true }, }, + registeredBranch: true, customerBranch: true, worker: { include: { employee: true }, @@ -317,7 +313,7 @@ export class QuotationController extends Controller { throw relationError("Service"); } - await permissionCheck(req.user, customerBranch.customer.registeredBranch); + await permissionCheckCompany(req.user, customerBranch.customer.registeredBranch); const { productServiceList: _productServiceList, worker: _worker, ...rest } = body; @@ -490,6 +486,7 @@ export class QuotationController extends Controller { ) { const record = await prisma.quotation.findUnique({ include: { + registeredBranch: { include: branchRelationPermInclude(req.user) }, customerBranch: { include: { customer: { @@ -505,6 +502,8 @@ export class QuotationController extends Controller { if (!record) throw notFoundError("Quotation"); + await permissionCheck(req.user, record.registeredBranch); + const ids = { employee: body.worker?.filter((v) => typeof v === "string"), product: body.productServiceList @@ -552,9 +551,9 @@ export class QuotationController extends Controller { throw relationError("Service"); } - await permissionCheck(req.user, record.customerBranch.customer.registeredBranch); + await permissionCheckCompany(req.user, record.customerBranch.customer.registeredBranch); if (customerBranch && record.customerBranchId !== body.customerBranchId) { - await permissionCheck(req.user, customerBranch.customer.registeredBranch); + await permissionCheckCompany(req.user, customerBranch.customer.registeredBranch); } const { productServiceList: _productServiceList, worker: _worker, ...rest } = body; @@ -722,22 +721,14 @@ export class QuotationController extends Controller { async deleteQuotationById(@Request() req: RequestWithUser, @Path() quotationId: string) { const record = await prisma.quotation.findUnique({ include: { - customerBranch: { - include: { - customer: { - include: { - registeredBranch: { include: branchRelationPermInclude(req.user) }, - }, - }, - }, - }, + registeredBranch: { include: branchRelationPermInclude(req.user) }, }, where: { id: quotationId }, }); if (!record) throw notFoundError("Quotation"); - await permissionCheck(req.user, record.customerBranch.customer.registeredBranch); + await permissionCheck(req.user, record.registeredBranch); if (record.status !== Status.CREATED) throw isUsedError("Quotation");