From 977cb5c6a4ca555fd96bc34a7bc67e8442fc9363 Mon Sep 17 00:00:00 2001 From: Methapon Metanipat Date: Tue, 10 Sep 2024 16:18:07 +0700 Subject: [PATCH] fix: always include from head branch --- src/controllers/01-branch-controller.ts | 4 ++-- src/services/permission.ts | 7 +++++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/src/controllers/01-branch-controller.ts b/src/controllers/01-branch-controller.ts index 1b821ed..179e313 100644 --- a/src/controllers/01-branch-controller.ts +++ b/src/controllers/01-branch-controller.ts @@ -118,7 +118,7 @@ export class BranchController extends Controller { async getStats(@Request() req: RequestWithUser, @Query() headOfficeId?: string) { const where = { AND: { - OR: permissionCond(req.user), + OR: permissionCond(req.user, true), }, }; @@ -217,7 +217,7 @@ export class BranchController extends Controller { zipCode, headOfficeId: headOfficeId ?? (filter === "head" || tree ? null : undefined), NOT: { headOfficeId: filter === "sub" && !headOfficeId ? null : undefined }, - OR: permissionCond(req.user), + OR: permissionCond(req.user, true), }, OR: [ { nameEN: { contains: query } }, diff --git a/src/services/permission.ts b/src/services/permission.ts index 6a11212..ff55b3f 100644 --- a/src/services/permission.ts +++ b/src/services/permission.ts @@ -17,7 +17,7 @@ export function branchRelationPermInclude(user: RequestWithUser["user"]) { } export function createPermCondition(globalAllow: (user: RequestWithUser["user"]) => boolean) { - return (user: RequestWithUser["user"]) => + return (user: RequestWithUser["user"], alwaysIncludeHead?: boolean) => isSystem(user) ? undefined : [ @@ -25,7 +25,10 @@ export function createPermCondition(globalAllow: (user: RequestWithUser["user"]) user: { some: { userId: user.sub } }, }, { - branch: { some: { user: { some: { userId: user.sub } } } }, + branch: + alwaysIncludeHead || globalAllow(user) + ? { some: { user: { some: { userId: user.sub } } } } + : undefined, }, { headOffice: globalAllow(user)