diff --git a/src/controllers/04-product-controller.ts b/src/controllers/04-product-controller.ts index 3f2ff4e..0a3bbdd 100644 --- a/src/controllers/04-product-controller.ts +++ b/src/controllers/04-product-controller.ts @@ -35,14 +35,16 @@ const MANAGE_ROLES = [ "system", "head_of_admin", "admin", - "head_of_accountant", + "executive", "accountant", - "head_of_sale", + "branch_admin", + "branch_manager", + "branch_accountant", ]; function globalAllow(user: RequestWithUser["user"]) { - const allowList = ["system", "head_of_admin", "head_of_accountant", "head_of_sale"]; - return allowList.some((v) => user.roles?.includes(v)); + const listAllowed = ["system", "head_of_admin", "admin", "executive", "accountant"]; + return user.roles?.some((v) => listAllowed.includes(v)) || false; } const permissionCondCompany = createPermCondition((_) => true); diff --git a/src/controllers/04-product-group-controller.ts b/src/controllers/04-product-group-controller.ts index ecd4ac6..2cb47b3 100644 --- a/src/controllers/04-product-group-controller.ts +++ b/src/controllers/04-product-group-controller.ts @@ -35,7 +35,7 @@ type ProductGroupCreate = { remark: string; status?: Status; shared?: boolean; - registeredBranchId: string; + registeredBranchId?: string; }; type ProductGroupUpdate = { @@ -51,14 +51,16 @@ const MANAGE_ROLES = [ "system", "head_of_admin", "admin", - "head_of_accountant", + "executive", "accountant", - "head_of_sale", + "branch_admin", + "branch_manager", + "branch_accountant", ]; function globalAllow(user: RequestWithUser["user"]) { - const allowList = ["system", "head_of_admin", "head_of_accountant", "head_of_sale"]; - return allowList.some((v) => user.roles?.includes(v)); + const listAllowed = ["system", "head_of_admin", "admin", "executive", "accountant"]; + return user.roles?.some((v) => listAllowed.includes(v)) || false; } const permissionCond = createPermCondition((_) => true); @@ -157,7 +159,23 @@ export class ProductGroup extends Controller { @Post() @Security("keycloak", MANAGE_ROLES) async createProductGroup(@Request() req: RequestWithUser, @Body() body: ProductGroupCreate) { - let company = await permissionCheck(req.user, body.registeredBranchId).then( + const userAffiliatedBranch = await prisma.branch.findFirst({ + include: branchRelationPermInclude(req.user), + where: body.registeredBranchId + ? { id: body.registeredBranchId } + : { + user: { some: { userId: req.user.sub } }, + }, + }); + if (!userAffiliatedBranch) { + throw new HttpError( + HttpStatus.BAD_REQUEST, + "You must be affilated with at least one branch or specify branch to be registered (System permission required).", + "reqMinAffilatedBranch", + ); + } + + let company = await permissionCheck(req.user, userAffiliatedBranch).then( (v) => (v.headOffice || v).code, ); @@ -181,6 +199,7 @@ export class ProductGroup extends Controller { }, data: { ...body, + registeredBranchId: userAffiliatedBranch.id, statusOrder: +(body.status === "INACTIVE"), code: `G${last.value.toString().padStart(2, "0")}`, createdByUserId: req.user.sub, diff --git a/src/controllers/04-service-controller.ts b/src/controllers/04-service-controller.ts index ed46c18..9b9253e 100644 --- a/src/controllers/04-service-controller.ts +++ b/src/controllers/04-service-controller.ts @@ -42,14 +42,16 @@ const MANAGE_ROLES = [ "system", "head_of_admin", "admin", - "head_of_accountant", + "executive", "accountant", - "head_of_sale", + "branch_admin", + "branch_manager", + "branch_accountant", ]; function globalAllow(user: RequestWithUser["user"]) { - const allowList = ["system", "head_of_admin", "head_of_accountant", "head_of_sale"]; - return allowList.some((v) => user.roles?.includes(v)); + const listAllowed = ["system", "head_of_admin", "admin", "executive", "accountant"]; + return user.roles?.some((v) => listAllowed.includes(v)) || false; } const permissionCondCompany = createPermCondition((_) => true);