feat(perm): update api account related permission
All checks were successful
Spell Check / Spell Check with Typos (push) Successful in 4s
All checks were successful
Spell Check / Spell Check with Typos (push) Successful in 4s
This commit is contained in:
Methapon2001
parent
d08327afb6
commit
68025aad08
5 changed files with 44 additions and 30 deletions
|
|
@ -42,22 +42,20 @@ const MANAGE_ROLES = [
|
|||
"system",
|
||||
"head_of_admin",
|
||||
"admin",
|
||||
"head_of_accountant",
|
||||
"executive",
|
||||
"accountant",
|
||||
"head_of_sale",
|
||||
"sale",
|
||||
"branch_admin",
|
||||
"branch_manager",
|
||||
"branch_accountant",
|
||||
];
|
||||
|
||||
function globalAllow(user: RequestWithUser["user"]) {
|
||||
const allowList = ["system", "head_of_admin", "head_of_accountant", "head_of_sale"];
|
||||
return allowList.some((v) => user.roles?.includes(v));
|
||||
const listAllowed = ["system", "head_of_admin", "admin", "executive", "accountant"];
|
||||
return user.roles?.some((v) => listAllowed.includes(v)) || false;
|
||||
}
|
||||
|
||||
// NOTE: permission condition/check in requestWork -> requestData -> quotation -> registeredBranch
|
||||
const permissionCond = createPermCondition(globalAllow);
|
||||
const permissionCondCompany = createPermCondition((_) => true);
|
||||
const permissionCheck = createPermCheck(globalAllow);
|
||||
const permissionCheckCompany = createPermCheck((_) => true);
|
||||
|
||||
type CreditNoteCreate = {
|
||||
requestWorkId: string[];
|
||||
|
|
@ -94,7 +92,7 @@ export class CreditNoteController extends Controller {
|
|||
request: {
|
||||
quotationId,
|
||||
quotation: {
|
||||
registeredBranch: { OR: permissionCondCompany(req.user) },
|
||||
registeredBranch: { OR: permissionCond(req.user) },
|
||||
},
|
||||
},
|
||||
},
|
||||
|
|
@ -200,7 +198,7 @@ export class CreditNoteController extends Controller {
|
|||
request: {
|
||||
quotationId,
|
||||
quotation: {
|
||||
registeredBranch: { OR: permissionCondCompany(req.user) },
|
||||
registeredBranch: { OR: permissionCond(req.user) },
|
||||
},
|
||||
},
|
||||
},
|
||||
|
|
@ -243,7 +241,7 @@ export class CreditNoteController extends Controller {
|
|||
some: {
|
||||
request: {
|
||||
quotation: {
|
||||
registeredBranch: { OR: permissionCondCompany(req.user) },
|
||||
registeredBranch: { OR: permissionCond(req.user) },
|
||||
},
|
||||
},
|
||||
},
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue