chamomind/jws-backend
chamomind/jws-backend
7
0
Fork 0
Code Issues Projects 1 Releases Packages 1 Wiki Activity Actions

feat(perm): update api account related permission
All checks were successful
Spell Check / Spell Check with Typos (push) Successful in 4s
Details

Browse source
This commit is contained in:
Methapon2001 2025-07-03 14:33:00 +07:00
parent d08327afb6
commit 68025aad08
5 changed files with 44 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

19
src/controllers/04-invoice-controller.ts
View file

@ -29,14 +29,23 @@ type InvoicePayload = {
installmentNo: number[];
};
const MANAGE_ROLES = ["system", "head_of_admin", "admin", "head_of_accountant", "accountant"];
const MANAGE_ROLES = [
"system",
"head_of_admin",
"admin",
"executive",
"accountant",
"branch_admin",
"branch_manager",
"branch_accountant",
];
function globalAllow(user: RequestWithUser["user"]) {
const allowList = ["system", "head_of_admin", "head_of_accountant"];
return allowList.some((v) => user.roles?.includes(v));
const listAllowed = ["system", "head_of_admin", "admin", "executive", "accountant"];
return user.roles?.some((v) => listAllowed.includes(v)) || false;
}
const permissionCondCompany = createPermCondition((_) => true);
const permissionCondCompany = createPermCondition(globalAllow);
const permissionCheck = createPermCheck(globalAllow);
@Route("/api/v1/invoice")
@ -229,7 +238,7 @@ export class InvoiceController extends Controller {
title: "ใบแจ้งหนี้ใหม่ / New Invoice",
detail: "รหัส / code : " + record.code,
registeredBranchId: record.registeredBranchId,
groupReceiver: { create: { name: "accountant" } },
groupReceiver: { create: { name: "branch_accountant" } },
},
});

15
src/controllers/05-payment-controller.ts
View file

@ -26,11 +26,20 @@ import flowAccount from "../services/flowaccount";
import HttpError from "../interfaces/http-error";
import HttpStatus from "../interfaces/http-status";
const MANAGE_ROLES = ["system", "head_of_admin", "admin", "head_of_accountant", "accountant"];
const MANAGE_ROLES = [
"system",
"head_of_admin",
"admin",
"executive",
"accountant",
"branch_admin",
"branch_manager",
"branch_accountant",
];
function globalAllow(user: RequestWithUser["user"]) {
const allowList = ["system", "head_of_admin", "head_of_accountant"];
return allowList.some((v) => user.roles?.includes(v));
const listAllowed = ["system", "head_of_admin", "admin", "executive", "accountant"];
return user.roles?.some((v) => listAllowed.includes(v)) || false;
}
const permissionCondCompany = createPermCondition((_) => true);

4
src/controllers/05-quotation-controller.ts
View file

@ -150,14 +150,14 @@ const MANAGE_ROLES = [
"system",
"head_of_admin",
"admin",
"head_of_accountant",
"accountant",
"branch_accountant",
"head_of_sale",
"sale",
];
function globalAllow(user: RequestWithUser["user"]) {
const allowList = ["system", "head_of_admin", "head_of_accountant", "head_of_sale"];
const allowList = ["system", "head_of_admin", "accountant", "head_of_sale"];
return allowList.some((v) => user.roles?.includes(v));
}

20
src/controllers/08-credit-note-controller.ts
View file

@ -42,22 +42,20 @@ const MANAGE_ROLES = [
"system",
"head_of_admin",
"admin",
"head_of_accountant",
"executive",
"accountant",
"head_of_sale",
"sale",
"branch_admin",
"branch_manager",
"branch_accountant",
];
function globalAllow(user: RequestWithUser["user"]) {
const allowList = ["system", "head_of_admin", "head_of_accountant", "head_of_sale"];
return allowList.some((v) => user.roles?.includes(v));
const listAllowed = ["system", "head_of_admin", "admin", "executive", "accountant"];
return user.roles?.some((v) => listAllowed.includes(v)) || false;
}
// NOTE: permission condition/check in requestWork -> requestData -> quotation -> registeredBranch
const permissionCond = createPermCondition(globalAllow);
const permissionCondCompany = createPermCondition((_) => true);
const permissionCheck = createPermCheck(globalAllow);
const permissionCheckCompany = createPermCheck((_) => true);
type CreditNoteCreate = {
requestWorkId: string[];
@ -94,7 +92,7 @@ export class CreditNoteController extends Controller {
request: {
quotationId,
quotation: {
registeredBranch: { OR: permissionCondCompany(req.user) },
registeredBranch: { OR: permissionCond(req.user) },
},
},
},
@ -200,7 +198,7 @@ export class CreditNoteController extends Controller {
request: {
quotationId,
quotation: {
registeredBranch: { OR: permissionCondCompany(req.user) },
registeredBranch: { OR: permissionCond(req.user) },
},
},
},
@ -243,7 +241,7 @@ export class CreditNoteController extends Controller {
some: {
request: {
quotation: {
registeredBranch: { OR: permissionCondCompany(req.user) },
registeredBranch: { OR: permissionCond(req.user) },
},
},
},

16
src/controllers/09-debit-note-controller.ts
View file

@ -44,22 +44,20 @@ const MANAGE_ROLES = [
"system",
"head_of_admin",
"admin",
"head_of_accountant",
"executive",
"accountant",
"head_of_sale",
"sale",
"branch_admin",
"branch_manager",
"branch_accountant",
];
function globalAllow(user: RequestWithUser["user"]) {
const allowList = ["system", "head_of_admin", "head_of_accountant", "head_of_sale"];
return allowList.some((v) => user.roles?.includes(v));
const listAllowed = ["system", "head_of_admin", "admin", "executive", "accountant"];
return user.roles?.some((v) => listAllowed.includes(v)) || false;
}
// NOTE: permission condition/check in registeredBranch
const permissionCond = createPermCondition(globalAllow);
const permissionCondCompany = createPermCondition((_) => true);
const permissionCheck = createPermCheck(globalAllow);
const permissionCheckCompany = createPermCheck((_) => true);
type DebitNoteCreate = {
quotationId: string;
@ -605,7 +603,7 @@ export class DebitNoteController extends Controller {
if (!record) throw notFoundError("Debit Note");
await permissionCheckCompany(req.user, record.registeredBranch);
await permissionCheck(req.user, record.registeredBranch);
const { productServiceList: _productServiceList, ...rest } = body;
const ids = {