feat: remove scoped branch (change soon)

2024-07-02 16:21:27 +07:00 · 2024-07-02 16:21:27 +07:00 · 6ee2e9c4da
commit 6ee2e9c4da
parent 4f1afea7fb
1 changed files with 9 additions and 15 deletions
--- a/src/controllers/branch-controller.ts
+++ b/src/controllers/branch-controller.ts
@ -151,7 +151,6 @@ export class BranchController extends Controller {
  @Get()
  @Security("keycloak")
  async getBranch(
-    @Request() req: RequestWithUser,
    @Query() zipCode?: string,
    @Query() filter?: "head" | "sub",
    @Query() headOfficeId?: string,
@ -162,9 +161,6 @@ export class BranchController extends Controller {
  ) {
    const where = {
      AND: {
-        user: !["system", "head_of_admin", "admin"].some((v) => req.user.role?.includes(v))
-          ? { some: { userId: req.user.sub } }
-          : undefined,
        headOfficeId: headOfficeId ?? (filter === "head" || tree ? null : undefined),
        NOT: { headOfficeId: filter === "sub" && !headOfficeId ? null : undefined },
      },
@ -415,17 +411,15 @@ export class BranchController extends Controller {
      throw new HttpError(HttpStatus.NOT_FOUND, "Branch cannot be found.", "branchNotFound");
    }

-    if (!["system", "head_of_admin", "admin"].some((v) => req.user.role?.includes(v))) {
-      if (
-        branch?.createdByUserId !== req.user.sub &&
-        !branch?.user.find((v) => v.userId === req.user.sub)
-      ) {
-        throw new HttpError(
-          HttpStatus.FORBIDDEN,
-          "You do not have permission to perform this action.",
-          "noPermission",
-        );
-      }
+    if (
+      !["system", "head_of_admin", "admin"].some((v) => req.user.role?.includes(v)) &&
+      !branch?.user.find((v) => v.userId === req.user.sub)
+    ) {
+      throw new HttpError(
+        HttpStatus.FORBIDDEN,
+        "You do not have permission to perform this action.",
+        "noPermission",
+      );
    }

    const record = await prisma.branch.update({