feat: protect endpoints with role

2024-07-03 15:42:49 +07:00 · 2024-07-03 15:42:49 +07:00 · 9a310420e5
commit 9a310420e5
parent 20c7414407
4 changed files with 60 additions and 4 deletions
--- a/src/controllers/employee-other-info-controller.ts
+++ b/src/controllers/employee-other-info-controller.ts
@ -17,6 +17,16 @@ import HttpError from "../interfaces/http-error";
 import HttpStatus from "../interfaces/http-status";
 import { RequestWithUser } from "../interfaces/user";

+const MANAGE_ROLES = [
+  "system",
+  "head_of_admin",
+  "admin",
+  "branch_admin",
+  "branch_manager",
+  "head_of_sale",
+  "sale",
+];
+
 type EmployeeOtherInfoPayload = {
  citizenId?: string | null;
  fatherFirstName?: string | null;
@ -34,9 +44,9 @@ type EmployeeOtherInfoPayload = {

@Route("api/v1/employee/{employeeId}/other-info")
@Tags("Employee Other Info")
-@Security("keycloak")
 export class EmployeeOtherInfo extends Controller {
  @Get()
+  @Security("keycloak")
  async list(@Path() employeeId: string) {
    return prisma.employeeOtherInfo.findFirst({
      include: {
@ -49,6 +59,7 @@ export class EmployeeOtherInfo extends Controller {
  }

  @Post()
+  @Security("keycloak", MANAGE_ROLES)
  async create(
    @Request() req: RequestWithUser,
    @Path() employeeId: string,
@ -76,6 +87,7 @@ export class EmployeeOtherInfo extends Controller {
  }

  @Put("{otherInfoId}")
+  @Security("keycloak", MANAGE_ROLES)
  async editById(
    @Request() req: RequestWithUser,
    @Path() employeeId: string,
@ -105,6 +117,7 @@ export class EmployeeOtherInfo extends Controller {
  }

  @Delete("{otherInfoId}")
+  @Security("keycloak", MANAGE_ROLES)
  async deleteById(@Path() employeeId: string, @Path() otherInfoId: string) {
    const record = await prisma.employeeOtherInfo.findFirst({
      where: { id: otherInfoId, employeeId },