chamomind/jws-backend
chamomind/jws-backend
6
0
Fork 0
Code Issues Projects 1 Releases Packages 1 Wiki Activity Actions

feat(perm): update api branch perm

Browse source
This commit is contained in:
Methapon2001 2025-07-02 10:26:57 +07:00
parent acd6bb35e9
commit 9030fdfea8
2 changed files with 24 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

22
src/controllers/01-branch-controller.ts
View file

@ -47,16 +47,20 @@ if (!process.env.MINIO_BUCKET) {
throw Error("Require MinIO bucket."); throw Error("Require MinIO bucket.");
} }
const MANAGE_ROLES = ["system", "head_of_admin"]; const MANAGE_ROLES = [
"system",
"head_of_admin",
"admin",
"executive",
"accountant",
"branch_admin",
"branch_manager",
"branch_accountant",
];
function globalAllow(user: RequestWithUser["user"]) { function globalAllow(user: RequestWithUser["user"]) {
return MANAGE_ROLES.some((v) => user.roles?.includes(v)); const listAllowed = ["system", "head_of_admin", "admin", "executive", "accountant"];
} return user.roles?.some((v) => listAllowed.includes(v)) || false;
function globalAllowView(user: RequestWithUser["user"]) {
return MANAGE_ROLES.concat("head_of_accountant", "head_of_sale").some((v) =>
user.roles?.includes(v),
);
} }
type BranchCreate = { type BranchCreate = {
@ -147,7 +151,7 @@ type BranchUpdate = {
}[]; }[];
}; };
const permissionCond = createPermCondition(globalAllowView); const permissionCond = createPermCondition(globalAllow);
const permissionCheck = createPermCheck(globalAllow); const permissionCheck = createPermCheck(globalAllow);
@Route("api/v1/branch") @Route("api/v1/branch")

13
src/controllers/01-branch-user-controller.ts
View file

@ -20,10 +20,19 @@ import { RequestWithUser } from "../interfaces/user";
import { branchRelationPermInclude, createPermCheck } from "../services/permission"; import { branchRelationPermInclude, createPermCheck } from "../services/permission";
import { queryOrNot, whereDateQuery } from "../utils/relation"; import { queryOrNot, whereDateQuery } from "../utils/relation";
const MANAGE_ROLES = ["system", "head_of_admin", "admin", "branch_manager"]; const MANAGE_ROLES = [
"system",
"head_of_admin",
"admin",
"executive",
"accountant",
"branch_admin",
"branch_manager",
"branch_accountant",
];
function globalAllow(user: RequestWithUser["user"]) { function globalAllow(user: RequestWithUser["user"]) {
const listAllowed = ["system", "head_of_admin", "admin"]; const listAllowed = ["system", "head_of_admin", "admin", "executive", "accountant"];
return user.roles?.some((v) => listAllowed.includes(v)) || false; return user.roles?.some((v) => listAllowed.includes(v)) || false;
} }