feat: remove scoped branch (change soon)

This commit is contained in:
Methapon2001 2024-07-02 16:21:27 +07:00
parent 4f1afea7fb
commit 6ee2e9c4da

View file

@ -151,7 +151,6 @@ export class BranchController extends Controller {
@Get() @Get()
@Security("keycloak") @Security("keycloak")
async getBranch( async getBranch(
@Request() req: RequestWithUser,
@Query() zipCode?: string, @Query() zipCode?: string,
@Query() filter?: "head" | "sub", @Query() filter?: "head" | "sub",
@Query() headOfficeId?: string, @Query() headOfficeId?: string,
@ -162,9 +161,6 @@ export class BranchController extends Controller {
) { ) {
const where = { const where = {
AND: { AND: {
user: !["system", "head_of_admin", "admin"].some((v) => req.user.role?.includes(v))
? { some: { userId: req.user.sub } }
: undefined,
headOfficeId: headOfficeId ?? (filter === "head" || tree ? null : undefined), headOfficeId: headOfficeId ?? (filter === "head" || tree ? null : undefined),
NOT: { headOfficeId: filter === "sub" && !headOfficeId ? null : undefined }, NOT: { headOfficeId: filter === "sub" && !headOfficeId ? null : undefined },
}, },
@ -415,17 +411,15 @@ export class BranchController extends Controller {
throw new HttpError(HttpStatus.NOT_FOUND, "Branch cannot be found.", "branchNotFound"); throw new HttpError(HttpStatus.NOT_FOUND, "Branch cannot be found.", "branchNotFound");
} }
if (!["system", "head_of_admin", "admin"].some((v) => req.user.role?.includes(v))) { if (
if ( !["system", "head_of_admin", "admin"].some((v) => req.user.role?.includes(v)) &&
branch?.createdByUserId !== req.user.sub && !branch?.user.find((v) => v.userId === req.user.sub)
!branch?.user.find((v) => v.userId === req.user.sub) ) {
) { throw new HttpError(
throw new HttpError( HttpStatus.FORBIDDEN,
HttpStatus.FORBIDDEN, "You do not have permission to perform this action.",
"You do not have permission to perform this action.", "noPermission",
"noPermission", );
);
}
} }
const record = await prisma.branch.update({ const record = await prisma.branch.update({