feat(perm): update api account related permission

2025-07-03 14:33:00 +07:00 · 2025-07-03 14:33:00 +07:00 · 68025aad08
commit 68025aad08
parent d08327afb6
5 changed files with 44 additions and 30 deletions
--- a/src/controllers/04-invoice-controller.ts
+++ b/src/controllers/04-invoice-controller.ts
@ -29,14 +29,23 @@ type InvoicePayload = {
  installmentNo: number[];
 };

-const MANAGE_ROLES = ["system", "head_of_admin", "admin", "head_of_accountant", "accountant"];
+const MANAGE_ROLES = [
+  "system",
+  "head_of_admin",
+  "admin",
+  "executive",
+  "accountant",
+  "branch_admin",
+  "branch_manager",
+  "branch_accountant",
+];

 function globalAllow(user: RequestWithUser["user"]) {
-  const allowList = ["system", "head_of_admin", "head_of_accountant"];
-  return allowList.some((v) => user.roles?.includes(v));
+  const listAllowed = ["system", "head_of_admin", "admin", "executive", "accountant"];
+  return user.roles?.some((v) => listAllowed.includes(v)) || false;
 }

-const permissionCondCompany = createPermCondition((_) => true);
+const permissionCondCompany = createPermCondition(globalAllow);
 const permissionCheck = createPermCheck(globalAllow);

@Route("/api/v1/invoice")
@ -229,7 +238,7 @@ export class InvoiceController extends Controller {
          title: "ใบแจ้งหนี้ใหม่ / New Invoice",
          detail: "รหัส / code : " + record.code,
          registeredBranchId: record.registeredBranchId,
-          groupReceiver: { create: { name: "accountant" } },
+          groupReceiver: { create: { name: "branch_accountant" } },
        },
      });