diff --git a/src/services/permission.ts b/src/services/permission.ts
index 89a289e..6a11212 100644
--- a/src/services/permission.ts
+++ b/src/services/permission.ts
@@ -16,6 +16,28 @@ export function branchRelationPermInclude(user: RequestWithUser["user"]) {
   };
 }
 
+export function createPermCondition(globalAllow: (user: RequestWithUser["user"]) => boolean) {
+  return (user: RequestWithUser["user"]) =>
+    isSystem(user)
+      ? undefined
+      : [
+          {
+            user: { some: { userId: user.sub } },
+          },
+          {
+            branch: { some: { user: { some: { userId: user.sub } } } },
+          },
+          {
+            headOffice: globalAllow(user)
+              ? { branch: { some: { user: { some: { userId: user.sub } } } } }
+              : undefined,
+          },
+          {
+            headOffice: globalAllow(user) ? { user: { some: { userId: user.sub } } } : undefined,
+          },
+        ];
+}
+
 export async function getBranchPermissionCheck(user: RequestWithUser["user"], branchId: string) {
   return await prisma.branch.findUnique({
     include: {