From d2d918149325ade05dc368de277c80afd2746602 Mon Sep 17 00:00:00 2001
From: Methapon Metanipat <methapon@frappet.com>
Date: Tue, 22 Oct 2024 09:35:38 +0700
Subject: [PATCH] fix(employee): missing permission check

---
 src/controllers/03-employee-controller.ts | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/controllers/03-employee-controller.ts b/src/controllers/03-employee-controller.ts
index 0ed4020..32e6c22 100644
--- a/src/controllers/03-employee-controller.ts
+++ b/src/controllers/03-employee-controller.ts
@@ -739,7 +739,12 @@ export class EmployeeFileController extends Controller {
   @Get("file-in-country-notice/{noticeId}")
   @Security("keycloak")
   @Tags("Employee In Country Notice")
-  async getNotice(@Path() employeeId: string, @Path() noticeId: string) {
+  async getNotice(
+    @Request() req: RequestWithUser,
+    @Path() employeeId: string,
+    @Path() noticeId: string,
+  ) {
+    await this.checkPermission(req.user, employeeId);
     return await getFile(fileLocation.employee.inCountryNotice(employeeId, noticeId));
   }