feat(perm): update api flow template permission
This commit is contained in:
Methapon2001
parent
fa95fe46a5
commit
6d44d2979b
1 changed files with 23 additions and 3 deletions
|
|
@ -44,14 +44,30 @@ type WorkflowPayload = {
|
|||
status?: Status;
|
||||
};
|
||||
|
||||
const permissionCondCompany = createPermCondition((_) => true);
|
||||
const permissionCheckCompany = createPermCheck((_) => true);
|
||||
const MANAGE_ROLES = [
|
||||
"system",
|
||||
"head_of_admin",
|
||||
"admin",
|
||||
"executive",
|
||||
"accountant",
|
||||
"branch_admin",
|
||||
"branch_manager",
|
||||
"branch_accountant",
|
||||
];
|
||||
|
||||
function globalAllow(user: RequestWithUser["user"]) {
|
||||
const listAllowed = ["system", "head_of_admin", "admin", "executive", "accountant"];
|
||||
return user.roles?.some((v) => listAllowed.includes(v)) || false;
|
||||
}
|
||||
|
||||
const permissionCondCompany = createPermCondition(globalAllow);
|
||||
const permissionCheckCompany = createPermCheck(globalAllow);
|
||||
|
||||
@Route("api/v1/workflow-template")
|
||||
@Tags("Workflow")
|
||||
@Security("keycloak")
|
||||
export class FlowTemplateController extends Controller {
|
||||
@Get()
|
||||
@Security("keycloak")
|
||||
async getFlowTemplate(
|
||||
@Request() req: RequestWithUser,
|
||||
@Query() page: number = 1,
|
||||
|
|
@ -118,6 +134,7 @@ export class FlowTemplateController extends Controller {
|
|||
}
|
||||
|
||||
@Get("{templateId}")
|
||||
@Security("keycloak")
|
||||
async getFlowTemplateById(@Request() _req: RequestWithUser, @Path() templateId: string) {
|
||||
const record = await prisma.workflowTemplate.findFirst({
|
||||
include: {
|
||||
|
|
@ -150,6 +167,7 @@ export class FlowTemplateController extends Controller {
|
|||
}
|
||||
|
||||
@Post()
|
||||
@Security("keycloak", MANAGE_ROLES)
|
||||
async createFlowTemplate(@Request() req: RequestWithUser, @Body() body: WorkflowPayload) {
|
||||
const where = {
|
||||
OR: [
|
||||
|
|
@ -230,6 +248,7 @@ export class FlowTemplateController extends Controller {
|
|||
}
|
||||
|
||||
@Put("{templateId}")
|
||||
@Security("keycloak", MANAGE_ROLES)
|
||||
async updateFlowTemplate(
|
||||
@Request() req: RequestWithUser,
|
||||
@Path() templateId: string,
|
||||
|
|
@ -315,6 +334,7 @@ export class FlowTemplateController extends Controller {
|
|||
}
|
||||
|
||||
@Delete("{templateId}")
|
||||
@Security("keycloak", MANAGE_ROLES)
|
||||
async deleteFlowTemplateById(@Request() req: RequestWithUser, @Path() templateId: string) {
|
||||
const record = await prisma.workflowTemplate.findUnique({
|
||||
where: { id: templateId },
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue