From cae2ab7ba3ebe748f8ccaa3dfa9cf94fe8ed3270 Mon Sep 17 00:00:00 2001 From: Methapon Metanipat Date: Tue, 3 Sep 2024 09:24:27 +0700 Subject: [PATCH] refactor: roles --- src/controllers/branch-controller.ts | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/src/controllers/branch-controller.ts b/src/controllers/branch-controller.ts index 6ee8707..989ddc5 100644 --- a/src/controllers/branch-controller.ts +++ b/src/controllers/branch-controller.ts @@ -25,6 +25,7 @@ if (!process.env.MINIO_BUCKET) { } const MINIO_BUCKET = process.env.MINIO_BUCKET; +const MANAGE_ROLES = ["system", "head_of_admin", "admin"]; type BranchCreate = { status?: Status; @@ -176,6 +177,7 @@ export class BranchController extends Controller { @Get() @Security("keycloak") async getBranch( + @Request() req: RequestWithUser, @Query() zipCode?: string, @Query() filter?: "head" | "sub", @Query() headOfficeId?: string, @@ -189,6 +191,9 @@ export class BranchController extends Controller { AND: { zipCode, headOfficeId: headOfficeId ?? (filter === "head" || tree ? null : undefined), + user: !MANAGE_ROLES.some((v) => req.user.roles?.includes(v)) + ? { some: { userId: req.user.sub } } + : undefined, NOT: { headOfficeId: filter === "sub" && !headOfficeId ? null : undefined }, }, OR: [ @@ -280,7 +285,7 @@ export class BranchController extends Controller { } @Post() - @Security("keycloak", ["system", "head_of_admin", "admin"]) + @Security("keycloak", MANAGE_ROLES) async createBranch(@Request() req: RequestWithUser, @Body() body: BranchCreate) { const [province, district, subDistrict, head] = await prisma.$transaction([ prisma.province.findFirst({ where: { id: body.provinceId || undefined } }), @@ -415,7 +420,7 @@ export class BranchController extends Controller { } @Put("{branchId}") - @Security("keycloak", ["system", "head_of_admin", "admin", "branch_admin", "branch_manager"]) + @Security("keycloak", MANAGE_ROLES.concat("branch_manager")) async editBranch( @Request() req: RequestWithUser, @Body() body: BranchUpdate, @@ -538,7 +543,7 @@ export class BranchController extends Controller { } @Delete("{branchId}") - @Security("keycloak", ["system", "head_of_admin", "admin", "branch_manager"]) + @Security("keycloak", MANAGE_ROLES) async deleteBranch(@Request() req: RequestWithUser, @Path() branchId: string) { const record = await prisma.branch.findFirst({ include: { @@ -616,7 +621,7 @@ export class BranchController extends Controller { } @Put("{branchId}/line-image") - @Security("keycloak", ["system", "head_of_admin", "admin", "branch_admin", "branch_manager"]) + @Security("keycloak", MANAGE_ROLES.concat("branch_manager")) async setLineImageByBranchId(@Request() req: RequestWithUser, @Path() branchId: string) { const record = await prisma.branch.findUnique({ include: { @@ -657,7 +662,7 @@ export class BranchController extends Controller { } @Put("{branchId}/branch-image") - @Security("keycloak", ["system", "head_of_admin", "admin", "branch_admin", "branch_manager"]) + @Security("keycloak", MANAGE_ROLES.concat("branch_manager")) async setBranchImageByBranchId(@Request() req: RequestWithUser, @Path() branchId: string) { const record = await prisma.branch.findUnique({ include: { @@ -698,7 +703,7 @@ export class BranchController extends Controller { } @Put("{branchId}/map-image") - @Security("keycloak", ["system", "head_of_admin", "admin", "branch_admin", "branch_manager"]) + @Security("keycloak", MANAGE_ROLES.concat("branch_manager")) async setMapImageByBranchId(@Request() req: RequestWithUser, @Path() branchId: string) { const record = await prisma.branch.findUnique({ include: {