feat: remove scoped branch (change soon)
This commit is contained in:
parent
4f1afea7fb
commit
6ee2e9c4da
1 changed files with 9 additions and 15 deletions
|
|
@ -151,7 +151,6 @@ export class BranchController extends Controller {
|
||||||
@Get()
|
@Get()
|
||||||
@Security("keycloak")
|
@Security("keycloak")
|
||||||
async getBranch(
|
async getBranch(
|
||||||
@Request() req: RequestWithUser,
|
|
||||||
@Query() zipCode?: string,
|
@Query() zipCode?: string,
|
||||||
@Query() filter?: "head" | "sub",
|
@Query() filter?: "head" | "sub",
|
||||||
@Query() headOfficeId?: string,
|
@Query() headOfficeId?: string,
|
||||||
|
|
@ -162,9 +161,6 @@ export class BranchController extends Controller {
|
||||||
) {
|
) {
|
||||||
const where = {
|
const where = {
|
||||||
AND: {
|
AND: {
|
||||||
user: !["system", "head_of_admin", "admin"].some((v) => req.user.role?.includes(v))
|
|
||||||
? { some: { userId: req.user.sub } }
|
|
||||||
: undefined,
|
|
||||||
headOfficeId: headOfficeId ?? (filter === "head" || tree ? null : undefined),
|
headOfficeId: headOfficeId ?? (filter === "head" || tree ? null : undefined),
|
||||||
NOT: { headOfficeId: filter === "sub" && !headOfficeId ? null : undefined },
|
NOT: { headOfficeId: filter === "sub" && !headOfficeId ? null : undefined },
|
||||||
},
|
},
|
||||||
|
|
@ -415,17 +411,15 @@ export class BranchController extends Controller {
|
||||||
throw new HttpError(HttpStatus.NOT_FOUND, "Branch cannot be found.", "branchNotFound");
|
throw new HttpError(HttpStatus.NOT_FOUND, "Branch cannot be found.", "branchNotFound");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!["system", "head_of_admin", "admin"].some((v) => req.user.role?.includes(v))) {
|
if (
|
||||||
if (
|
!["system", "head_of_admin", "admin"].some((v) => req.user.role?.includes(v)) &&
|
||||||
branch?.createdByUserId !== req.user.sub &&
|
!branch?.user.find((v) => v.userId === req.user.sub)
|
||||||
!branch?.user.find((v) => v.userId === req.user.sub)
|
) {
|
||||||
) {
|
throw new HttpError(
|
||||||
throw new HttpError(
|
HttpStatus.FORBIDDEN,
|
||||||
HttpStatus.FORBIDDEN,
|
"You do not have permission to perform this action.",
|
||||||
"You do not have permission to perform this action.",
|
"noPermission",
|
||||||
"noPermission",
|
);
|
||||||
);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
const record = await prisma.branch.update({
|
const record = await prisma.branch.update({
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue