From f9c4d579c4d33573fb82dca7a7749eff35957e3c Mon Sep 17 00:00:00 2001 From: Methapon2001 <61303214+Methapon2001@users.noreply.github.com> Date: Tue, 8 Jul 2025 17:17:07 +0700 Subject: [PATCH] feat: allow manage role to update any product under same head --- src/controllers/04-product-controller.ts | 2 +- src/controllers/04-product-group-controller.ts | 2 +- src/controllers/04-service-controller.ts | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/controllers/04-product-controller.ts b/src/controllers/04-product-controller.ts index 0a3bbdd..b50462c 100644 --- a/src/controllers/04-product-controller.ts +++ b/src/controllers/04-product-controller.ts @@ -43,7 +43,7 @@ const MANAGE_ROLES = [ ]; function globalAllow(user: RequestWithUser["user"]) { - const listAllowed = ["system", "head_of_admin", "admin", "executive", "accountant"]; + const listAllowed = MANAGE_ROLES; return user.roles?.some((v) => listAllowed.includes(v)) || false; } diff --git a/src/controllers/04-product-group-controller.ts b/src/controllers/04-product-group-controller.ts index 2cb47b3..e71bd7a 100644 --- a/src/controllers/04-product-group-controller.ts +++ b/src/controllers/04-product-group-controller.ts @@ -59,7 +59,7 @@ const MANAGE_ROLES = [ ]; function globalAllow(user: RequestWithUser["user"]) { - const listAllowed = ["system", "head_of_admin", "admin", "executive", "accountant"]; + const listAllowed = MANAGE_ROLES; return user.roles?.some((v) => listAllowed.includes(v)) || false; } diff --git a/src/controllers/04-service-controller.ts b/src/controllers/04-service-controller.ts index 9b9253e..82ab2ea 100644 --- a/src/controllers/04-service-controller.ts +++ b/src/controllers/04-service-controller.ts @@ -50,7 +50,7 @@ const MANAGE_ROLES = [ ]; function globalAllow(user: RequestWithUser["user"]) { - const listAllowed = ["system", "head_of_admin", "admin", "executive", "accountant"]; + const listAllowed = MANAGE_ROLES; return user.roles?.some((v) => listAllowed.includes(v)) || false; }