From ebb5261b8de7806233369696b1d85bdb1fd50da5 Mon Sep 17 00:00:00 2001
From: Methapon Metanipat <methapon@frappet.com>
Date: Fri, 6 Sep 2024 13:22:04 +0700
Subject: [PATCH] feat: add delete image endpoint

---
 src/controllers/01-branch-controller.ts | 135 +++++++++++++++++++++---
 1 file changed, 118 insertions(+), 17 deletions(-)

diff --git a/src/controllers/01-branch-controller.ts b/src/controllers/01-branch-controller.ts
index 898cbce..bffa7c4 100644
--- a/src/controllers/01-branch-controller.ts
+++ b/src/controllers/01-branch-controller.ts
@@ -20,7 +20,7 @@ import HttpStatus from "../interfaces/http-status";
 import { RequestWithUser } from "../interfaces/user";
 import minio, { presignedGetObjectIfExist } from "../services/minio";
 import { isSystem } from "../utils/keycloak";
-import { fileLocation } from "../utils/minio";
+import { deleteFile, fileLocation } from "../utils/minio";
 
 if (!process.env.MINIO_BUCKET) {
   throw Error("Require MinIO bucket.");
@@ -683,10 +683,7 @@ export class BranchController extends Controller {
       throw new HttpError(HttpStatus.NOT_FOUND, "Branch cannot be found.", "branchNotFound");
     }
 
-    if (
-      !MANAGE_ROLES.some((v) => req.user.roles?.includes(v)) &&
-      !record?.user.find((v) => v.userId === req.user.sub)
-    ) {
+    if (!globalAllow(req.user) && !record?.user.find((v) => v.userId === req.user.sub)) {
       throw new HttpError(
         HttpStatus.FORBIDDEN,
         "You do not have permission to perform this action.",
@@ -703,6 +700,32 @@ export class BranchController extends Controller {
     );
   }
 
+  @Delete("{branchId}/line-image")
+  async deleteLineImage(@Request() req: RequestWithUser, @Path() branchId: string) {
+    const record = await prisma.branch.findUnique({
+      include: {
+        user: { where: { userId: req.user.sub } },
+      },
+      where: {
+        id: branchId,
+      },
+    });
+
+    if (!record) {
+      throw new HttpError(HttpStatus.NOT_FOUND, "Branch cannot be found.", "branchNotFound");
+    }
+
+    if (!globalAllow(req.user) && !record?.user.find((v) => v.userId === req.user.sub)) {
+      throw new HttpError(
+        HttpStatus.FORBIDDEN,
+        "You do not have permission to perform this action.",
+        "noPermission",
+      );
+    }
+
+    await deleteFile(fileLocation.branch.line(branchId));
+  }
+
   @Get("{branchId}/branch-image")
   async getBranchImageByBranchId(@Request() req: RequestWithUser, @Path() branchId: string) {
     const url = await presignedGetObjectIfExist(
@@ -732,10 +755,7 @@ export class BranchController extends Controller {
       throw new HttpError(HttpStatus.NOT_FOUND, "Branch cannot be found.", "branchNotFound");
     }
 
-    if (
-      !MANAGE_ROLES.some((v) => req.user.roles?.includes(v)) &&
-      !record?.user.find((v) => v.userId === req.user.sub)
-    ) {
+    if (!globalAllow(req.user) && !record?.user.find((v) => v.userId === req.user.sub)) {
       throw new HttpError(
         HttpStatus.FORBIDDEN,
         "You do not have permission to perform this action.",
@@ -752,6 +772,32 @@ export class BranchController extends Controller {
     );
   }
 
+  @Delete("{branchId}/branch-image")
+  async deleteBranchImage(@Request() req: RequestWithUser, @Path() branchId: string) {
+    const record = await prisma.branch.findUnique({
+      include: {
+        user: { where: { userId: req.user.sub } },
+      },
+      where: {
+        id: branchId,
+      },
+    });
+
+    if (!record) {
+      throw new HttpError(HttpStatus.NOT_FOUND, "Branch cannot be found.", "branchNotFound");
+    }
+
+    if (!globalAllow(req.user) && !record?.user.find((v) => v.userId === req.user.sub)) {
+      throw new HttpError(
+        HttpStatus.FORBIDDEN,
+        "You do not have permission to perform this action.",
+        "noPermission",
+      );
+    }
+
+    await deleteFile(fileLocation.branch.image(branchId));
+  }
+
   @Get("{branchId}/map-image")
   async getMapImageByBranchId(@Request() req: RequestWithUser, @Path() branchId: string) {
     const url = await presignedGetObjectIfExist(
@@ -781,10 +827,7 @@ export class BranchController extends Controller {
       throw new HttpError(HttpStatus.NOT_FOUND, "Branch cannot be found.", "branchNotFound");
     }
 
-    if (
-      !MANAGE_ROLES.some((v) => req.user.roles?.includes(v)) &&
-      !record?.user.find((v) => v.userId === req.user.sub)
-    ) {
+    if (!globalAllow(req.user) && !record?.user.find((v) => v.userId === req.user.sub)) {
       throw new HttpError(
         HttpStatus.FORBIDDEN,
         "You do not have permission to perform this action.",
@@ -801,6 +844,32 @@ export class BranchController extends Controller {
     );
   }
 
+  @Delete("{branchId}/map-image")
+  async deleteMapImage(@Request() req: RequestWithUser, @Path() branchId: string) {
+    const record = await prisma.branch.findUnique({
+      include: {
+        user: { where: { userId: req.user.sub } },
+      },
+      where: {
+        id: branchId,
+      },
+    });
+
+    if (!record) {
+      throw new HttpError(HttpStatus.NOT_FOUND, "Branch cannot be found.", "branchNotFound");
+    }
+
+    if (!globalAllow(req.user) && !record?.user.find((v) => v.userId === req.user.sub)) {
+      throw new HttpError(
+        HttpStatus.FORBIDDEN,
+        "You do not have permission to perform this action.",
+        "noPermission",
+      );
+    }
+
+    await deleteFile(fileLocation.branch.map(branchId));
+  }
+
   @Get("{branchId}/bank-qr/{bankId}")
   async getBankQRByBranchIdAndBankId(
     @Request() req: RequestWithUser,
@@ -845,10 +914,7 @@ export class BranchController extends Controller {
       );
     }
 
-    if (
-      !MANAGE_ROLES.some((v) => req.user.roles?.includes(v)) &&
-      !record?.user.find((v) => v.userId === req.user.sub)
-    ) {
+    if (!globalAllow(req.user) && !record?.user.find((v) => v.userId === req.user.sub)) {
       throw new HttpError(
         HttpStatus.FORBIDDEN,
         "You do not have permission to perform this action.",
@@ -864,4 +930,39 @@ export class BranchController extends Controller {
       ),
     );
   }
+
+  @Delete("{branchId}/bank-qr/{bankId}")
+  async deleteImage(
+    @Request() req: RequestWithUser,
+    @Path() branchId: string,
+    @Path() bankId: string,
+  ) {
+    const record = await prisma.branch.findUnique({
+      include: {
+        user: { where: { userId: req.user.sub } },
+      },
+      where: {
+        id: branchId,
+        bank: { some: { id: bankId } },
+      },
+    });
+
+    if (!record) {
+      throw new HttpError(
+        HttpStatus.NOT_FOUND,
+        "Branch Bank cannot be found.",
+        "branchBankNotFound",
+      );
+    }
+
+    if (!globalAllow(req.user) && !record?.user.find((v) => v.userId === req.user.sub)) {
+      throw new HttpError(
+        HttpStatus.FORBIDDEN,
+        "You do not have permission to perform this action.",
+        "noPermission",
+      );
+    }
+
+    await deleteFile(fileLocation.branch.bank(branchId, bankId));
+  }
 }