chamomind/jws-backend
chamomind/jws-backend
7
0
Fork 0
Code Issues Projects 1 Releases Packages 1 Wiki Activity Actions

feat(perm): update api account related permission
All checks were successful
Spell Check / Spell Check with Typos (push) Successful in 4s
Details

Browse source
This commit is contained in:
Methapon2001 2025-07-03 14:33:00 +07:00
parent d08327afb6
commit 68025aad08
5 changed files with 44 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

19
src/controllers/04-invoice-controller.ts
View file

@ -29,14 +29,23 @@ type InvoicePayload = {
installmentNo: number[]; installmentNo: number[];
}; };
const MANAGE_ROLES = ["system", "head_of_admin", "admin", "head_of_accountant", "accountant"]; const MANAGE_ROLES = [
"system",
"head_of_admin",
"admin",
"executive",
"accountant",
"branch_admin",
"branch_manager",
"branch_accountant",
];
function globalAllow(user: RequestWithUser["user"]) { function globalAllow(user: RequestWithUser["user"]) {
const allowList = ["system", "head_of_admin", "head_of_accountant"]; const listAllowed = ["system", "head_of_admin", "admin", "executive", "accountant"];
return allowList.some((v) => user.roles?.includes(v)); return user.roles?.some((v) => listAllowed.includes(v)) || false;
} }
const permissionCondCompany = createPermCondition((_) => true); const permissionCondCompany = createPermCondition(globalAllow);
const permissionCheck = createPermCheck(globalAllow); const permissionCheck = createPermCheck(globalAllow);
@Route("/api/v1/invoice") @Route("/api/v1/invoice")
@ -229,7 +238,7 @@ export class InvoiceController extends Controller {
title: "ใบแจ้งหนี้ใหม่ / New Invoice", title: "ใบแจ้งหนี้ใหม่ / New Invoice",
detail: "รหัส / code : " + record.code, detail: "รหัส / code : " + record.code,
registeredBranchId: record.registeredBranchId, registeredBranchId: record.registeredBranchId,
groupReceiver: { create: { name: "accountant" } }, groupReceiver: { create: { name: "branch_accountant" } },
}, },
}); });

15
src/controllers/05-payment-controller.ts
View file

@ -26,11 +26,20 @@ import flowAccount from "../services/flowaccount";
import HttpError from "../interfaces/http-error"; import HttpError from "../interfaces/http-error";
import HttpStatus from "../interfaces/http-status"; import HttpStatus from "../interfaces/http-status";
const MANAGE_ROLES = ["system", "head_of_admin", "admin", "head_of_accountant", "accountant"]; const MANAGE_ROLES = [
"system",
"head_of_admin",
"admin",
"executive",
"accountant",
"branch_admin",
"branch_manager",
"branch_accountant",
];
function globalAllow(user: RequestWithUser["user"]) { function globalAllow(user: RequestWithUser["user"]) {
const allowList = ["system", "head_of_admin", "head_of_accountant"]; const listAllowed = ["system", "head_of_admin", "admin", "executive", "accountant"];
return allowList.some((v) => user.roles?.includes(v)); return user.roles?.some((v) => listAllowed.includes(v)) || false;
} }
const permissionCondCompany = createPermCondition((_) => true); const permissionCondCompany = createPermCondition((_) => true);

4
src/controllers/05-quotation-controller.ts
View file

@ -150,14 +150,14 @@ const MANAGE_ROLES = [
"system", "system",
"head_of_admin", "head_of_admin",
"admin", "admin",
"head_of_accountant",
"accountant", "accountant",
"branch_accountant",
"head_of_sale", "head_of_sale",
"sale", "sale",
]; ];
function globalAllow(user: RequestWithUser["user"]) { function globalAllow(user: RequestWithUser["user"]) {
const allowList = ["system", "head_of_admin", "head_of_accountant", "head_of_sale"]; const allowList = ["system", "head_of_admin", "accountant", "head_of_sale"];
return allowList.some((v) => user.roles?.includes(v)); return allowList.some((v) => user.roles?.includes(v));
} }

20
src/controllers/08-credit-note-controller.ts
View file

@ -42,22 +42,20 @@ const MANAGE_ROLES = [
"system", "system",
"head_of_admin", "head_of_admin",
"admin", "admin",
"head_of_accountant", "executive",
"accountant", "accountant",
"head_of_sale", "branch_admin",
"sale", "branch_manager",
"branch_accountant",
]; ];
function globalAllow(user: RequestWithUser["user"]) { function globalAllow(user: RequestWithUser["user"]) {
const allowList = ["system", "head_of_admin", "head_of_accountant", "head_of_sale"]; const listAllowed = ["system", "head_of_admin", "admin", "executive", "accountant"];
return allowList.some((v) => user.roles?.includes(v)); return user.roles?.some((v) => listAllowed.includes(v)) || false;
} }
// NOTE: permission condition/check in requestWork -> requestData -> quotation -> registeredBranch
const permissionCond = createPermCondition(globalAllow); const permissionCond = createPermCondition(globalAllow);
const permissionCondCompany = createPermCondition((_) => true);
const permissionCheck = createPermCheck(globalAllow); const permissionCheck = createPermCheck(globalAllow);
const permissionCheckCompany = createPermCheck((_) => true);
type CreditNoteCreate = { type CreditNoteCreate = {
requestWorkId: string[]; requestWorkId: string[];
@ -94,7 +92,7 @@ export class CreditNoteController extends Controller {
request: { request: {
quotationId, quotationId,
quotation: { quotation: {
registeredBranch: { OR: permissionCondCompany(req.user) }, registeredBranch: { OR: permissionCond(req.user) },
}, },
}, },
}, },
@ -200,7 +198,7 @@ export class CreditNoteController extends Controller {
request: { request: {
quotationId, quotationId,
quotation: { quotation: {
registeredBranch: { OR: permissionCondCompany(req.user) }, registeredBranch: { OR: permissionCond(req.user) },
}, },
}, },
}, },
@ -243,7 +241,7 @@ export class CreditNoteController extends Controller {
some: { some: {
request: { request: {
quotation: { quotation: {
registeredBranch: { OR: permissionCondCompany(req.user) }, registeredBranch: { OR: permissionCond(req.user) },
}, },
}, },
}, },

16
src/controllers/09-debit-note-controller.ts
View file

@ -44,22 +44,20 @@ const MANAGE_ROLES = [
"system", "system",
"head_of_admin", "head_of_admin",
"admin", "admin",
"head_of_accountant", "executive",
"accountant", "accountant",
"head_of_sale", "branch_admin",
"sale", "branch_manager",
"branch_accountant",
]; ];
function globalAllow(user: RequestWithUser["user"]) { function globalAllow(user: RequestWithUser["user"]) {
const allowList = ["system", "head_of_admin", "head_of_accountant", "head_of_sale"]; const listAllowed = ["system", "head_of_admin", "admin", "executive", "accountant"];
return allowList.some((v) => user.roles?.includes(v)); return user.roles?.some((v) => listAllowed.includes(v)) || false;
} }
// NOTE: permission condition/check in registeredBranch
const permissionCond = createPermCondition(globalAllow); const permissionCond = createPermCondition(globalAllow);
const permissionCondCompany = createPermCondition((_) => true);
const permissionCheck = createPermCheck(globalAllow); const permissionCheck = createPermCheck(globalAllow);
const permissionCheckCompany = createPermCheck((_) => true);
type DebitNoteCreate = { type DebitNoteCreate = {
quotationId: string; quotationId: string;
@ -605,7 +603,7 @@ export class DebitNoteController extends Controller {
if (!record) throw notFoundError("Debit Note"); if (!record) throw notFoundError("Debit Note");
await permissionCheckCompany(req.user, record.registeredBranch); await permissionCheck(req.user, record.registeredBranch);
const { productServiceList: _productServiceList, ...rest } = body; const { productServiceList: _productServiceList, ...rest } = body;
const ids = { const ids = {