From ea72b1a1bbe2bc7f250128520e4a480ea94f2142 Mon Sep 17 00:00:00 2001
From: Methapon Metanipat <methapon@frappet.com>
Date: Wed, 25 Sep 2024 14:26:21 +0700
Subject: [PATCH] fix: permission condition

---
 src/services/permission.ts | 13 +++----------
 1 file changed, 3 insertions(+), 10 deletions(-)

diff --git a/src/services/permission.ts b/src/services/permission.ts
index ff55b3f..88e9b79 100644
--- a/src/services/permission.ts
+++ b/src/services/permission.ts
@@ -12,6 +12,7 @@ export function branchRelationPermInclude(user: RequestWithUser["user"]) {
         user: { where: { userId: user.sub } },
       },
     },
+    branch: { where: { user: { some: { userId: user.sub } } } },
     user: { where: { userId: user.sub } },
   };
 }
@@ -43,15 +44,7 @@ export function createPermCondition(globalAllow: (user: RequestWithUser["user"])
 
 export async function getBranchPermissionCheck(user: RequestWithUser["user"], branchId: string) {
   return await prisma.branch.findUnique({
-    include: {
-      headOffice: {
-        include: {
-          branch: { where: { user: { some: { userId: user.sub } } } },
-          user: { where: { userId: user.sub } },
-        },
-      },
-      user: { where: { userId: user.sub } },
-    },
+    include: branchRelationPermInclude(user),
     where: { id: branchId },
   });
 }
@@ -78,7 +71,7 @@ export function createPermCheck(globalAllow: (user: RequestWithUser["user"]) =>
         );
       } else {
         if (
-          (branch.user.length === 0 && !branch.headOffice) ||
+          (branch.user.length === 0 && branch.branch.length === 0 && !branch.headOffice) ||
           (branch.headOffice &&
             branch.headOffice.user.length === 0 &&
             branch.headOffice.branch.length === 0)