feat: permmission branch
This commit is contained in:
Methapon2001
parent
c464da6228
commit
9618c261e3
1 changed files with 61 additions and 5 deletions
|
|
@ -80,9 +80,9 @@ function branchImageLoc(id: string) {
|
|||
|
||||
@Route("api/v1/branch")
|
||||
@Tags("Branch")
|
||||
@Security("keycloak")
|
||||
export class BranchController extends Controller {
|
||||
@Get("stats")
|
||||
@Security("keycloak")
|
||||
async getStats() {
|
||||
const list = await prisma.branch.groupBy({
|
||||
_count: true,
|
||||
|
|
@ -99,14 +99,27 @@ export class BranchController extends Controller {
|
|||
}
|
||||
|
||||
@Get("user-stats")
|
||||
async getUserStat(@Query() userType?: UserType) {
|
||||
@Security("keycloak")
|
||||
async getUserStat(@Request() req: RequestWithUser, @Query() userType?: UserType) {
|
||||
const list = await prisma.branchUser.groupBy({
|
||||
_count: true,
|
||||
where: { user: { userType } },
|
||||
where: {
|
||||
userId: !["system", "head_of_admin", "admin"].some((v) => req.user.role?.includes(v))
|
||||
? req.user.sub
|
||||
: undefined,
|
||||
user: {
|
||||
userType,
|
||||
},
|
||||
},
|
||||
by: "branchId",
|
||||
});
|
||||
|
||||
const record = await prisma.branch.findMany({
|
||||
where: {
|
||||
user: !["system", "head_of_admin", "admin"].some((v) => req.user.role?.includes(v))
|
||||
? { some: { userId: req.user.sub } }
|
||||
: undefined,
|
||||
},
|
||||
select: {
|
||||
id: true,
|
||||
headOfficeId: true,
|
||||
|
|
@ -136,7 +149,9 @@ export class BranchController extends Controller {
|
|||
}
|
||||
|
||||
@Get()
|
||||
@Security("keycloak")
|
||||
async getBranch(
|
||||
@Request() req: RequestWithUser,
|
||||
@Query() zipCode?: string,
|
||||
@Query() filter?: "head" | "sub",
|
||||
@Query() headOfficeId?: string,
|
||||
|
|
@ -147,6 +162,9 @@ export class BranchController extends Controller {
|
|||
) {
|
||||
const where = {
|
||||
AND: {
|
||||
user: !["system", "head_of_admin", "admin"].some((v) => req.user.role?.includes(v))
|
||||
? { some: { userId: req.user.sub } }
|
||||
: undefined,
|
||||
headOfficeId: headOfficeId ?? (filter === "head" || tree ? null : undefined),
|
||||
NOT: { headOfficeId: filter === "sub" && !headOfficeId ? null : undefined },
|
||||
},
|
||||
|
|
@ -187,6 +205,7 @@ export class BranchController extends Controller {
|
|||
}
|
||||
|
||||
@Get("{branchId}")
|
||||
@Security("keycloak")
|
||||
async getBranchById(
|
||||
@Path() branchId: string,
|
||||
@Query() includeSubBranch?: boolean,
|
||||
|
|
@ -222,6 +241,7 @@ export class BranchController extends Controller {
|
|||
}
|
||||
|
||||
@Post()
|
||||
@Security("keycloak", ["system", "head_of_admin", "admin"])
|
||||
async createBranch(@Request() req: RequestWithUser, @Body() body: BranchCreate) {
|
||||
const [province, district, subDistrict, head] = await prisma.$transaction([
|
||||
prisma.province.findFirst({ where: { id: body.provinceId || undefined } }),
|
||||
|
|
@ -336,6 +356,7 @@ export class BranchController extends Controller {
|
|||
}
|
||||
|
||||
@Put("{branchId}")
|
||||
@Security("keycloak", ["system", "head_of_admin", "admin", "branch_admin", "branch_manager"])
|
||||
async editBranch(
|
||||
@Request() req: RequestWithUser,
|
||||
@Body() body: BranchUpdate,
|
||||
|
|
@ -383,10 +404,30 @@ export class BranchController extends Controller {
|
|||
|
||||
const { provinceId, districtId, subDistrictId, headOfficeId, contact, ...rest } = body;
|
||||
|
||||
if (!(await prisma.branch.findUnique({ where: { id: branchId } }))) {
|
||||
const branch = await prisma.branch.findUnique({
|
||||
include: {
|
||||
user: { where: { id: req.user.sub } },
|
||||
},
|
||||
where: { id: branchId },
|
||||
});
|
||||
|
||||
if (!branch) {
|
||||
throw new HttpError(HttpStatus.NOT_FOUND, "Branch cannot be found.", "branchNotFound");
|
||||
}
|
||||
|
||||
if (!["system", "head_of_admin", "admin"].some((v) => req.user.role?.includes(v))) {
|
||||
if (
|
||||
branch?.createdByUserId !== req.user.sub &&
|
||||
!branch?.user.find((v) => v.userId === req.user.sub)
|
||||
) {
|
||||
throw new HttpError(
|
||||
HttpStatus.FORBIDDEN,
|
||||
"You do not have permission to perform this action.",
|
||||
"noPermission",
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
const record = await prisma.branch.update({
|
||||
include: { province: true, district: true, subDistrict: true },
|
||||
data: {
|
||||
|
|
@ -442,7 +483,8 @@ export class BranchController extends Controller {
|
|||
}
|
||||
|
||||
@Delete("{branchId}")
|
||||
async deleteBranch(@Path() branchId: string) {
|
||||
@Security("keycloak", ["system", "head_of_admin", "admin", "branch_manager"])
|
||||
async deleteBranch(@Request() req: RequestWithUser, @Path() branchId: string) {
|
||||
const record = await prisma.branch.findFirst({
|
||||
include: {
|
||||
province: true,
|
||||
|
|
@ -450,10 +492,24 @@ export class BranchController extends Controller {
|
|||
subDistrict: true,
|
||||
createdBy: true,
|
||||
updatedBy: true,
|
||||
user: { where: { id: req.user.sub } },
|
||||
},
|
||||
where: { id: branchId },
|
||||
});
|
||||
|
||||
if (!["system", "head_of_admin", "admin"].some((v) => req.user.role?.includes(v))) {
|
||||
if (
|
||||
record?.createdByUserId !== req.user.sub &&
|
||||
!record?.user.find((v) => v.userId === req.user.sub)
|
||||
) {
|
||||
throw new HttpError(
|
||||
HttpStatus.FORBIDDEN,
|
||||
"You do not have permission to perform this action.",
|
||||
"noPermission",
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
if (!record) {
|
||||
throw new HttpError(HttpStatus.NOT_FOUND, "Branch cannot be found.", "branchNotFound");
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue