chamomind/jws-backend
chamomind/jws-backend
7
0
Fork 0
Code Issues Projects 1 Releases Packages 1 Wiki Activity Actions

feat: permission check employee

Browse source
This commit is contained in:
Methapon Metanipat 2024-09-06 10:54:17 +07:00
parent 16d640f293
commit 806968e3dd
4 changed files with 142 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

25
src/controllers/03-employee-checkup-controller.ts
View file

@ -3,6 +3,7 @@ import {
Controller,
Delete,
Get,
Middlewares,
Path,
Post,
Put,
@ -15,8 +16,29 @@ import { RequestWithUser } from "../interfaces/user";
import prisma from "../db";
import HttpStatus from "../interfaces/http-status";
import HttpError from "../interfaces/http-error";
import { permissionCheck } from "../middlewares/employee";
const MANAGE_ROLES = ["system", "head_of_admin", "admin", "branch_manager", "head_of_sale", "sale"];
const MANAGE_ROLES = [
"system",
"head_of_admin",
"admin",
"branch_manager",
"head_of_sale",
"sale",
"head_of_account",
"account",
];
function globalAllow(user: RequestWithUser["user"]) {
const allowList = [
"system",
"head_of_admin",
"admin",
"branch_manager",
"head_of_sale",
"head_of_account",
];
return allowList.some((v) => user.roles?.includes(v));
}
type EmployeeCheckupPayload = {
checkupType?: string | null;
@ -34,6 +56,7 @@ type EmployeeCheckupPayload = {
@Route("api/v1/employee/{employeeId}/checkup")
@Tags("Employee Checkup")
@Middlewares(permissionCheck(globalAllow))
export class EmployeeCheckupController extends Controller {
@Get()
@Security("keycloak")

25
src/controllers/03-employee-other-info-controller.ts
View file

@ -10,14 +10,36 @@ import {
Route,
Security,
Tags,
Middlewares,
} from "tsoa";
import prisma from "../db";
import HttpError from "../interfaces/http-error";
import HttpStatus from "../interfaces/http-status";
import { RequestWithUser } from "../interfaces/user";
import { permissionCheck } from "../middlewares/employee";
const MANAGE_ROLES = ["system", "head_of_admin", "admin", "branch_manager", "head_of_sale", "sale"];
const MANAGE_ROLES = [
"system",
"head_of_admin",
"admin",
"branch_manager",
"head_of_sale",
"sale",
"head_of_account",
"account",
];
function globalAllow(user: RequestWithUser["user"]) {
const allowList = [
"system",
"head_of_admin",
"admin",
"branch_manager",
"head_of_sale",
"head_of_account",
];
return allowList.some((v) => user.roles?.includes(v));
}
type EmployeeOtherInfoPayload = {
citizenId?: string | null;
@ -36,6 +58,7 @@ type EmployeeOtherInfoPayload = {
@Route("api/v1/employee/{employeeId}/other-info")
@Tags("Employee Other Info")
@Middlewares(permissionCheck(globalAllow))
export class EmployeeOtherInfo extends Controller {
@Get()
@Security("keycloak")

25
src/controllers/03-employee-work-controller.ts
View file

@ -3,6 +3,7 @@ import {
Controller,
Delete,
Get,
Middlewares,
Path,
Post,
Put,
@ -15,8 +16,29 @@ import { RequestWithUser } from "../interfaces/user";
import prisma from "../db";
import HttpStatus from "../interfaces/http-status";
import HttpError from "../interfaces/http-error";
import { permissionCheck } from "../middlewares/employee";
const MANAGE_ROLES = ["system", "head_of_admin", "admin", "branch_manager", "head_of_sale", "sale"];
const MANAGE_ROLES = [
"system",
"head_of_admin",
"admin",
"branch_manager",
"head_of_sale",
"sale",
"head_of_account",
"account",
];
function globalAllow(user: RequestWithUser["user"]) {
const allowList = [
"system",
"head_of_admin",
"admin",
"branch_manager",
"head_of_sale",
"head_of_account",
];
return allowList.some((v) => user.roles?.includes(v));
}
type EmployeeWorkPayload = {
ownerName?: string | null;
@ -32,6 +54,7 @@ type EmployeeWorkPayload = {
@Route("api/v1/employee/{employeeId}/work")
@Tags("Employee Work")
@Middlewares(permissionCheck(globalAllow))
export class EmployeeWorkController extends Controller {
@Get()
@Security("keycloak")