feat: upload file

src/controllers/06-request-list-controller.ts

@@ -1,10 +1,31 @@
 import { Prisma, RequestDataStatus, RequestWorkStatus } from "@prisma/client";
-import { Body, Controller, Get, Path, Put, Query, Request, Route, Security, Tags } from "tsoa";
+import {
+  Body,
+  Controller,
+  Delete,
+  Get,
+  Head,
+  Path,
+  Put,
+  Query,
+  Request,
+  Route,
+  Security,
+  Tags,
+} from "tsoa";
 import { RequestWithUser } from "../interfaces/user";
 import prisma from "../db";
-import { createPermCondition } from "../services/permission";
+import {
+  branchRelationPermInclude,
+  createPermCheck,
+  createPermCondition,
+} from "../services/permission";
 import { queryOrNot } from "../utils/relation";
 import { notFoundError } from "../utils/error";
+import { deleteFile, fileLocation, getFile, getPresigned, listFile, setFile } from "../utils/minio";
+
+// User in company can edit.
+const permissionCheck = createPermCheck((_) => true);
 
 // User in company can see.
 const permissionCond = createPermCondition((_) => true);
@@ -221,6 +242,7 @@ export class RequestListController extends Controller {
   }
 
   @Get("{requestWorkId}")
+  @Security("keycloak")
   async getRequestWorkById(@Path() requestWorkId: string) {
     const record = await prisma.requestWork.findFirst({
       include: {
@@ -362,4 +384,82 @@ export class RequestListController extends Controller {
   }
 }
 
-export class RequestListAttachmentController extends Controller {}
+@Route("api/v1/request-work/{requestId}/step-status/{step}")
+@Tags("Request List")
+export class RequestListFileController extends Controller {
+  private async checkPermission(user: RequestWithUser["user"], id: string) {
+    const data = await prisma.requestWork.findUnique({
+      where: { id },
+      include: {
+        request: {
+          include: {
+            quotation: {
+              include: { registeredBranch: { include: branchRelationPermInclude(user) } },
+            },
+          },
+        },
+      },
+    });
+    if (!data) throw notFoundError("Request Work");
+    await permissionCheck(user, data.request.quotation.registeredBranch);
+  }
+
+  @Get("attachment")
+  @Security("keycloak")
+  async listAttachment(
+    @Request() req: RequestWithUser,
+    @Path() requestId: string,
+    @Path() step: number,
+  ) {
+    await this.checkPermission(req.user, requestId);
+    return await listFile(fileLocation.request.attachment(requestId, step));
+  }
+
+  @Get("attachment/{name}")
+  @Security("keycloak")
+  async getAttachment(
+    @Request() req: RequestWithUser,
+    @Path() requestId: string,
+    @Path() step: number,
+    @Path() name: string,
+  ) {
+    await this.checkPermission(req.user, requestId);
+    return await getFile(fileLocation.request.attachment(requestId, step, name));
+  }
+
+  @Head("attachment/{name}")
+  @Security("keycloak")
+  async headAttachment(
+    @Request() req: RequestWithUser,
+    @Path() requestId: string,
+    @Path() step: number,
+    @Path() name: string,
+  ) {
+    await this.checkPermission(req.user, requestId);
+    return await getPresigned("head", fileLocation.request.attachment(requestId, step, name));
+  }
+
+  @Put("attachment/{name}")
+  @Security("keycloak")
+  async putAttachment(
+    @Request() req: RequestWithUser,
+    @Path() requestId: string,
+    @Path() step: number,
+    @Path() name: string,
+  ) {
+    await this.checkPermission(req.user, requestId);
+    return await setFile(fileLocation.request.attachment(requestId, step, name));
+  }
+
+  @Delete("attachment/{name}")
+  @Security("keycloak")
+  async delAttachment(
+    @Request() req: RequestWithUser,
+    @Path() requestId: string,
+    @Path() step: number,
+    @Path() name: string,
+  ) {
+    await this.checkPermission(req.user, requestId);
+    return await deleteFile(fileLocation.request.attachment(requestId, step, name));
+  }
+}