refactor: view condition and permission

2024-09-04 13:48:59 +07:00 · 2024-09-04 13:48:59 +07:00 · e61111cac7
commit e61111cac7
parent 9f426d9b08
3 changed files with 118 additions and 117 deletions
--- a/src/controllers/branch-controller.ts
+++ b/src/controllers/branch-controller.ts
@ -27,6 +27,10 @@ if (!process.env.MINIO_BUCKET) {
 const MINIO_BUCKET = process.env.MINIO_BUCKET;
 const MANAGE_ROLES = ["system", "head_of_admin"];

+function globalAllow(user: RequestWithUser["user"]) {
+  return MANAGE_ROLES.some((v) => user.roles?.includes(v));
+}
+
 type BranchCreate = {
  status?: Status;
  code: string;
@ -191,10 +195,17 @@ export class BranchController extends Controller {
      AND: {
        zipCode,
        headOfficeId: headOfficeId ?? (filter === "head" || tree ? null : undefined),
-        user: !MANAGE_ROLES.some((v) => req.user.roles?.includes(v))
-          ? { some: { userId: req.user.sub } }
-          : undefined,
        NOT: { headOfficeId: filter === "sub" && !headOfficeId ? null : undefined },
+        OR: globalAllow(req.user)
+          ? undefined
+          : [
+              { user: !globalAllow(req.user) ? { some: { userId: req.user.sub } } : undefined },
+              {
+                headOffice: !globalAllow(req.user)
+                  ? { user: { some: { userId: req.user.sub } } }
+                  : undefined,
+              },
+            ],
      },
      OR: [
        { nameEN: { contains: query } },