fix: update Dockerfile

Dockerfile

@@ -1,34 +1,22 @@
-FROM node:23-slim AS base
+FROM node:20-slim
 
-ENV PNPM_HOME="/pnpm"
+RUN apt-get update -y \
-ENV PATH="$PNPM_HOME:$PATH"
+    && apt-get install -y openssl \
-
+    && npm install -g pnpm \
-RUN corepack enable
+    && apt-get clean \
-RUN apt-get update && apt-get install -y openssl fontconfig
+    && rm -rf /var/lib/apt/lists/*
-RUN fc-cache -f -v
-RUN pnpm i -g prisma prisma-kysely
 
 WORKDIR /app
 
+COPY package.json pnpm-lock.yaml ./
+RUN pnpm install --frozen-lockfile
+
 COPY . .
 
-FROM base AS deps
-RUN --mount=type=cache,id=pnpm,target=/pnpm/store pnpm install --prod --frozen-lockfile
-RUN pnpm prisma generate
-
-FROM base AS build
-RUN --mount=type=cache,id=pnpm,target=/pnpm/store pnpm install --frozen-lockfile
 RUN pnpm prisma generate
 RUN pnpm run build
 
-FROM base AS prod
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
 
-ENV NODE_ENV="production"
+ENTRYPOINT ["/entrypoint.sh"]
-
-COPY --from=deps /app/node_modules /app/node_modules
-COPY --from=build /app/dist /app/dist
-COPY --from=base /app/static /app/static
-
-RUN chmod u+x ./entrypoint.sh
-
-ENTRYPOINT ["./entrypoint.sh"]

package.json

@@ -7,6 +7,7 @@
     "start": "node ./dist/app.js",
     "dev": "nodemon",
     "check": "tsc --noEmit",
+    "test": "vitest",
     "format": "prettier --write .",
     "debug": "nodemon",
     "build": "tsoa spec-and-routes && tsc",
@@ -27,22 +28,26 @@
     "@types/multer": "^1.4.12",
     "@types/node": "^20.17.10",
     "@types/nodemailer": "^6.4.17",
+    "@vitest/ui": "^3.1.4",
     "nodemon": "^3.1.9",
     "prettier": "^3.4.2",
-    "prisma": "^6.3.0",
+    "prisma": "6.16.2",
     "prisma-kysely": "^1.8.0",
     "ts-node": "^10.9.2",
-    "typescript": "^5.7.2"
+    "typescript": "^5.7.2",
+    "vitest": "^3.1.4"
   },
   "dependencies": {
     "@elastic/elasticsearch": "^8.17.0",
     "@fast-csv/parse": "^5.0.2",
-    "@prisma/client": "^6.3.0",
+    "@prisma/client": "6.16.2",
     "@scalar/express-api-reference": "^0.4.182",
     "@tsoa/runtime": "^6.6.0",
+    "@types/html-to-text": "^9.0.4",
     "canvas": "^3.1.0",
     "cors": "^2.8.5",
     "cron": "^3.3.1",
+    "csv-parse": "^6.1.0",
     "dayjs": "^1.11.13",
     "dayjs-plugin-utc": "^0.1.2",
     "docx-templates": "^4.13.0",
@@ -50,6 +55,7 @@
     "exceljs": "^4.4.0",
     "express": "^4.21.2",
     "fast-jwt": "^5.0.5",
+    "html-to-text": "^9.0.5",
     "jsbarcode": "^3.11.6",
     "json-2-csv": "^5.5.8",
     "kysely": "^0.27.5",
@@ -57,6 +63,7 @@
     "morgan": "^1.10.0",
     "multer": "^1.4.5-lts.2",
     "nodemailer": "^6.10.0",
+    "pnpm": "^10.18.3",
     "prisma-extension-kysely": "^3.0.0",
     "promise.any": "^2.0.6",
     "thai-baht-text": "^2.0.5",

prisma/migrations/20250630091430_update_constraint/migration.sql

@@ -0,0 +1,5 @@
+-- DropForeignKey
+ALTER TABLE "UserImportNationality" DROP CONSTRAINT "UserImportNationality_userId_fkey";
+
+-- AddForeignKey
+ALTER TABLE "UserImportNationality" ADD CONSTRAINT "UserImportNationality_userId_fkey" FOREIGN KEY ("userId") REFERENCES "User"("id") ON DELETE CASCADE ON UPDATE CASCADE;

prisma/migrations/20250704070342_add_relation_seller_in_quotation/migration.sql

@@ -0,0 +1,5 @@
+-- AlterTable
+ALTER TABLE "Quotation" ADD COLUMN     "sellerId" TEXT;
+
+-- AddForeignKey
+ALTER TABLE "Quotation" ADD CONSTRAINT "Quotation_sellerId_fkey" FOREIGN KEY ("sellerId") REFERENCES "User"("id") ON DELETE CASCADE ON UPDATE CASCADE;

prisma/migrations/20250709082027_add_business_type_add_delect_customer_name/migration.sql

@@ -0,0 +1,36 @@
+/*
+  Warnings:
+
+  - You are about to drop the column `businessType` on the `CustomerBranch` table. All the data in the column will be lost.
+  - You are about to drop the column `customerName` on the `CustomerBranch` table. All the data in the column will be lost.
+
+*/
+-- AlterTable
+ALTER TABLE "CustomerBranch" DROP COLUMN "businessType",
+DROP COLUMN "customerName",
+ADD COLUMN     "businessTypeId" TEXT;
+
+-- AlterTable
+ALTER TABLE "EmployeeVisa" ADD COLUMN     "reportDate" DATE;
+
+-- CreateTable
+CREATE TABLE "BusinessType" (
+    "id" TEXT NOT NULL,
+    "name" TEXT NOT NULL,
+    "nameEN" TEXT NOT NULL,
+    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "createdByUserId" TEXT,
+    "updatedAt" TIMESTAMP(3) NOT NULL,
+    "updatedByUserId" TEXT,
+
+    CONSTRAINT "BusinessType_pkey" PRIMARY KEY ("id")
+);
+
+-- AddForeignKey
+ALTER TABLE "CustomerBranch" ADD CONSTRAINT "CustomerBranch_businessTypeId_fkey" FOREIGN KEY ("businessTypeId") REFERENCES "BusinessType"("id") ON DELETE SET NULL ON UPDATE CASCADE;
+
+-- AddForeignKey
+ALTER TABLE "BusinessType" ADD CONSTRAINT "BusinessType_createdByUserId_fkey" FOREIGN KEY ("createdByUserId") REFERENCES "User"("id") ON DELETE SET NULL ON UPDATE CASCADE;
+
+-- AddForeignKey
+ALTER TABLE "BusinessType" ADD CONSTRAINT "BusinessType_updatedByUserId_fkey" FOREIGN KEY ("updatedByUserId") REFERENCES "User"("id") ON DELETE SET NULL ON UPDATE CASCADE;

prisma/migrations/20250716023822_allow_foreign_address/migration.sql

@@ -0,0 +1,6 @@
+-- AlterTable
+ALTER TABLE "User" ADD COLUMN     "addressForeign" BOOLEAN NOT NULL DEFAULT false,
+ADD COLUMN     "districtText" TEXT,
+ADD COLUMN     "provinceText" TEXT,
+ADD COLUMN     "subDistrictText" TEXT,
+ADD COLUMN     "zipCodeText" TEXT;

prisma/migrations/20250716024423_add_address_text_en/migration.sql

@@ -0,0 +1,4 @@
+-- AlterTable
+ALTER TABLE "User" ADD COLUMN     "districtTextEN" TEXT,
+ADD COLUMN     "provinceTextEN" TEXT,
+ADD COLUMN     "subDistrictTextEN" TEXT;

prisma/migrations/20250814060937_add_updated_at_to_work_step/migration.sql

@@ -0,0 +1,2 @@
+-- AlterTable
+ALTER TABLE "RequestWorkStepStatus" ADD COLUMN     "updatedAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP;

prisma/migrations/20250911021745_add_more_payment_metadata/migration.sql

@@ -0,0 +1,4 @@
+-- AlterTable
+ALTER TABLE "Payment" ADD COLUMN     "account" TEXT,
+ADD COLUMN     "channel" TEXT,
+ADD COLUMN     "reference" TEXT;

prisma/migrations/20250911092303_add_flow_account_product_id_sell_price_and_flow_account_product_id_agent_price_field_in_product_table/migration.sql

@@ -0,0 +1,3 @@
+-- AlterTable
+ALTER TABLE "public"."Product" ADD COLUMN     "flowAccountProductIdAgentPrice" TEXT,
+ADD COLUMN     "flowAccountProductIdSellPrice" TEXT;

prisma/schema.prisma

@@ -370,7 +370,7 @@ model UserImportNationality {
   id   String @id @default(cuid())
   name String
 
-  user   User   @relation(fields: [userId], references: [id])
+  user   User   @relation(fields: [userId], references: [id], onDelete: Cascade)
   userId String
 }
 
@@ -398,15 +398,25 @@ model User {
   street   String?
   streetEN String?
 
+  addressForeign Boolean @default(false)
+
+  provinceText   String?
+  provinceTextEN String?
   province       Province? @relation(fields: [provinceId], references: [id], onDelete: SetNull)
   provinceId     String?
 
+  districtText   String?
+  districtTextEN String?
   district       District? @relation(fields: [districtId], references: [id], onDelete: SetNull)
   districtId     String?
 
+  subDistrictText   String?
+  subDistrictTextEN String?
   subDistrict       SubDistrict? @relation(fields: [subDistrictId], references: [id], onDelete: SetNull)
   subDistrictId     String?
 
+  zipCodeText String?
+
   email       String
   telephoneNo String
 
@@ -501,6 +511,8 @@ model User {
   creditNoteCreated        CreditNote[]        @relation("CreditNoteCreatedByUser")
   institutionCreated       Institution[]       @relation("InstitutionCreatedByUser")
   institutionUpdated       Institution[]       @relation("InstitutionUpdatedByUser")
+  businessTypeCreated      BusinessType[]      @relation("BusinessTypeCreatedByUser")
+  businessTypeUpdated      BusinessType[]      @relation("BusinessTypeUpdatedByUser")
 
   requestWorkStepStatus RequestWorkStepStatus[]
   userTask              UserTask[]
@@ -511,6 +523,7 @@ model User {
 
   contactName String?
   contactTel  String?
+  quotation   Quotation[]
 }
 
 model UserResponsibleArea {
@@ -552,7 +565,6 @@ model CustomerBranch {
   id         String   @id @default(cuid())
   customer   Customer @relation(fields: [customerId], references: [id], onDelete: Cascade)
   customerId String
-  customerName String?
 
   code         String
   codeCustomer String
@@ -614,7 +626,8 @@ model CustomerBranch {
   agentUser   User?   @relation(fields: [agentUserId], references: [id], onDelete: SetNull)
 
   // NOTE: Business
-  businessType   String
+  businessTypeId String?
+  businessType   BusinessType? @relation(fields: [businessTypeId], references: [id], onDelete: SetNull)
   jobPosition    String
   jobDescription String
   payDate        String
@@ -773,6 +786,21 @@ model CustomerBranchVatRegis {
   customerBranch   CustomerBranch @relation(fields: [customerBranchId], references: [id], onDelete: Cascade)
 }
 
+model BusinessType {
+  id     String @id @default(cuid())
+  name   String
+  nameEN String
+
+  createdAt       DateTime @default(now())
+  createdBy       User?    @relation(name: "BusinessTypeCreatedByUser", fields: [createdByUserId], references: [id], onDelete: SetNull)
+  createdByUserId String?
+  updatedAt       DateTime @updatedAt
+  updatedBy       User?    @relation(name: "BusinessTypeUpdatedByUser", fields: [updatedByUserId], references: [id], onDelete: SetNull)
+  updatedByUserId String?
+
+  customerBranch CustomerBranch[]
+}
+
 model Employee {
   id String @id @default(cuid())
 
@@ -896,6 +924,7 @@ model EmployeeVisa {
   issuePlace   String
   issueDate    DateTime  @db.Date
   expireDate   DateTime  @db.Date
+  reportDate   DateTime? @db.Date
   mrz          String?
   remark       String?
 
@@ -1214,6 +1243,9 @@ model Product {
   productGroup   ProductGroup @relation(fields: [productGroupId], references: [id], onDelete: Cascade)
   productGroupId String
 
+  flowAccountProductIdSellPrice  String?
+  flowAccountProductIdAgentPrice String?
+
   workProduct                 WorkProduct[]
   quotationProductServiceList QuotationProductServiceList[]
   taskProduct                 TaskProduct[]
@@ -1386,6 +1418,9 @@ model Quotation {
 
   invoice    Invoice[]
   creditNote CreditNote[]
+
+  seller   User?   @relation(fields: [sellerId], references: [id], onDelete: Cascade)
+  sellerId String?
 }
 
 model QuotationPaySplit {
@@ -1494,6 +1529,9 @@ model Payment {
 
   amount    Float
   date      DateTime?
+  channel   String?
+  account   String?
+  reference String?
 
   createdAt       DateTime @default(now())
   createdBy       User?    @relation(name: "PaymentCreatedByUser", fields: [createdByUserId], references: [id], onDelete: SetNull)
@@ -1580,6 +1618,7 @@ model RequestWork {
 model RequestWorkStepStatus {
   step       Int
   workStatus RequestWorkStatus @default(Pending)
+  updatedAt  DateTime          @default(now()) @updatedAt
 
   requestWork   RequestWork @relation(fields: [requestWorkId], references: [id], onDelete: Cascade)
   requestWorkId String

src/controllers/00-doc-template-controller.ts

@@ -34,8 +34,14 @@ const quotationData = (id: string) =>
         },
       },
       customerBranch: {
+        omit: {
+          otpCode: true,
+          otpExpires: true,
+          userId: true,
+        },
         include: {
           customer: true,
+          businessType: true,
           province: true,
           district: true,
           subDistrict: true,
@@ -287,6 +293,7 @@ function replaceEmptyField<T>(data: T): T {
 }
 
 type FullAddress = {
+  addressForeign?: boolean;
   address: string;
   addressEN: string;
   moo?: string;
@@ -295,8 +302,14 @@ type FullAddress = {
   soiEN?: string;
   street?: string;
   streetEN?: string;
+  provinceText?: string | null;
+  provinceTextEN?: string | null;
   province?: Province | null;
+  districtText?: string | null;
+  districtTextEN?: string | null;
   district?: District | null;
+  subDistrictText?: string | null;
+  subDistrictTextEN?: string | null;
   subDistrict?: SubDistrict | null;
   en?: boolean;
 };
@@ -330,13 +343,22 @@ function addressFull(addr: FullAddress, lang: "th" | "en" = "en") {
       if (addr.soi) fragments.push(`ซอย ${addr.soi},`);
       if (addr.street) fragments.push(`ถนน${addr.street},`);
 
-      if (addr.subDistrict) {
+      if (!addr.addressForeign && addr.subDistrict) {
-        fragments.push(`${addr.province?.id === "10" ? "แขวง" : "ตำบล"}${addr.subDistrict.name},`);
+        fragments.push(`${addr.province?.id === "10" ? "แขวง" : "ตำบล"}${addr.subDistrict.name}`);
       }
-      if (addr.district) {
+      if (addr.addressForeign && addr.subDistrictText) {
-        fragments.push(`${addr.province?.id === "10" ? "เขต" : "อำเภอ"}${addr.district.name},`);
+        fragments.push(`ตำบล${addr.subDistrictText}`);
       }
-      if (addr.province) fragments.push(`จังหวัด${addr.province.name},`);
+
+      if (!addr.addressForeign && addr.district) {
+        fragments.push(`${addr.province?.id === "10" ? "เขต" : "อำเภอ"}${addr.district.name}`);
+      }
+      if (addr.addressForeign && addr.districtText) {
+        fragments.push(`อำเภอ${addr.districtText}`);
+      }
+
+      if (!addr.addressForeign && addr.province) fragments.push(`จังหวัด${addr.province.name}`);
+      if (addr.addressForeign && addr.provinceText) fragments.push(`จังหวัด${addr.provinceText}`);
 
       break;
     default:
@@ -345,14 +367,31 @@ function addressFull(addr: FullAddress, lang: "th" | "en" = "en") {
       if (addr.soiEN) fragments.push(`Soi ${addr.soiEN},`);
       if (addr.streetEN) fragments.push(`${addr.streetEN} Rd.`);
 
-      if (addr.subDistrict) {
+      if (!addr.addressForeign && addr.subDistrict) {
         fragments.push(`${addr.subDistrict.nameEN} sub-district,`);
       }
-      if (addr.district) fragments.push(`${addr.district.nameEN} district,`);
+      if (addr.addressForeign && addr.subDistrictTextEN) {
-      if (addr.province) fragments.push(`${addr.province.nameEN},`);
+        fragments.push(`${addr.subDistrictTextEN} sub-district,`);
+      }
+
+      if (!addr.addressForeign && addr.district) {
+        fragments.push(`${addr.district.nameEN} district,`);
+      }
+      if (addr.addressForeign && addr.districtTextEN) {
+        fragments.push(`${addr.districtTextEN} district,`);
+      }
+
+      if (!addr.addressForeign && addr.province) {
+        fragments.push(`${addr.province.nameEN},`);
+      }
+      if (addr.addressForeign && addr.provinceTextEN) {
+        fragments.push(`${addr.provinceTextEN} district,`);
+      }
       break;
   }
 
+  if (addr.subDistrict) fragments.push(addr.subDistrict.zipCode);
+
   return fragments.join(" ");
 }
 
@@ -365,6 +404,9 @@ function gender(text: string, lang: "th" | "en" = "en") {
   }
 }
 
+/**
+ * @deprecated
+ */
 function businessType(text: string, lang: "th" | "en" = "en") {
   switch (lang) {
     case "th":

src/controllers/00-stats-controller.ts

@@ -618,9 +618,22 @@ export class StatsController extends Controller {
         startDate = dayjs(startDate).startOf("month").add(1, "month").toDate();
       }
 
+      const invoices = await tx.invoice.findMany({
+        select: { id: true },
+        where: {
+          quotation: {
+            quotationStatus: { notIn: [QuotationStatus.Canceled] },
+            registeredBranch: { OR: permissionCondCompany(req.user) },
+          },
+        },
+      });
+
+      if (invoices.length === 0) return [];
+
       return await Promise.all(
         months.map(async (v) => {
           const date = dayjs(v);
+
           return {
             month: date.format("MM"),
             year: date.format("YYYY"),
@@ -629,11 +642,7 @@ export class StatsController extends Controller {
                 _sum: { amount: true },
                 where: {
                   createdAt: { gte: v, lte: date.endOf("month").toDate() },
-                  invoice: {
+                  invoiceId: { in: invoices.map((v) => v.id) },
-                    quotation: {
-                      registeredBranch: { OR: permissionCondCompany(req.user) },
-                    },
-                  },
                 },
                 by: "paymentStatus",
               })

src/controllers/01-branch-controller.ts

@@ -47,16 +47,20 @@ if (!process.env.MINIO_BUCKET) {
   throw Error("Require MinIO bucket.");
 }
 
-const MANAGE_ROLES = ["system", "head_of_admin"];
+const MANAGE_ROLES = [
+  "system",
+  "head_of_admin",
+  "admin",
+  "executive",
+  "accountant",
+  "branch_admin",
+  "branch_manager",
+  "branch_accountant",
+];
 
 function globalAllow(user: RequestWithUser["user"]) {
-  return MANAGE_ROLES.some((v) => user.roles?.includes(v));
+  const listAllowed = ["system", "head_of_admin", "admin", "executive", "accountant"];
-}
+  return user.roles?.some((v) => listAllowed.includes(v)) || false;
-
-function globalAllowView(user: RequestWithUser["user"]) {
-  return MANAGE_ROLES.concat("head_of_accountant", "head_of_sale").some((v) =>
-    user.roles?.includes(v),
-  );
 }
 
 type BranchCreate = {
@@ -147,7 +151,7 @@ type BranchUpdate = {
   }[];
 };
 
-const permissionCond = createPermCondition(globalAllowView);
+const permissionCond = createPermCondition(globalAllow);
 const permissionCheck = createPermCheck(globalAllow);
 
 @Route("api/v1/branch")
@@ -326,7 +330,7 @@ export class BranchController extends Controller {
                   district: true,
                   subDistrict: true,
                 },
-                orderBy: { code: "asc" },
+                orderBy: [{ statusOrder: "asc" }, { code: "asc" }],
               }
             : false,
           bank: true,
@@ -370,7 +374,7 @@ export class BranchController extends Controller {
             bank: true,
             contact: includeContact,
           },
-          orderBy: { code: "asc" },
+          orderBy: [{ statusOrder: "asc" }, { code: "asc" }],
         },
         bank: true,
         contact: includeContact,
@@ -383,6 +387,14 @@ export class BranchController extends Controller {
     return record;
   }
 
+  @Get("{branchId}/bank")
+  @Security("keycloak")
+  async getBranchBankById(@Path() branchId: string) {
+    return await prisma.branchBank.findMany({
+      where: { branchId },
+    });
+  }
+
   @Post()
   @Security("keycloak", MANAGE_ROLES)
   async createBranch(@Request() req: RequestWithUser, @Body() body: BranchCreate) {

src/controllers/01-branch-user-controller.ts

@@ -20,10 +20,19 @@ import { RequestWithUser } from "../interfaces/user";
 import { branchRelationPermInclude, createPermCheck } from "../services/permission";
 import { queryOrNot, whereDateQuery } from "../utils/relation";
 
-const MANAGE_ROLES = ["system", "head_of_admin", "admin", "branch_manager"];
+const MANAGE_ROLES = [
+  "system",
+  "head_of_admin",
+  "admin",
+  "executive",
+  "accountant",
+  "branch_admin",
+  "branch_manager",
+  "branch_accountant",
+];
 
 function globalAllow(user: RequestWithUser["user"]) {
-  const listAllowed = ["system", "head_of_admin", "admin"];
+  const listAllowed = ["system", "head_of_admin", "admin", "executive", "accountant"];
   return user.roles?.some((v) => listAllowed.includes(v)) || false;
 }
 

src/controllers/02-user-controller.ts

@@ -61,10 +61,17 @@ if (!process.env.MINIO_BUCKET) {
   throw Error("Require MinIO bucket.");
 }
 
-const MANAGE_ROLES = ["system", "head_of_admin", "admin", "branch_manager"];
+const MANAGE_ROLES = [
+  "system",
+  "head_of_admin",
+  "admin",
+  "executive",
+  "branch_admin",
+  "branch_manager",
+];
 
 function globalAllow(user: RequestWithUser["user"]) {
-  const listAllowed = ["system", "head_of_admin"];
+  const listAllowed = ["system", "head_of_admin", "admin", "executive"];
   return user.roles?.some((v) => listAllowed.includes(v)) || false;
 }
 
@@ -104,6 +111,7 @@ type UserCreate = {
   responsibleArea?: string[] | null;
   birthDate?: Date | null;
 
+  addressForeign?: boolean;
   address: string;
   addressEN: string;
   soi?: string | null;
@@ -115,9 +123,16 @@ type UserCreate = {
   email: string;
   telephoneNo: string;
 
+  subDistrictText?: string | null;
+  subDistrictTextEN?: string | null;
   subDistrictId?: string | null;
+  districtText?: string | null;
+  districtTextEN?: string | null;
   districtId?: string | null;
+  provinceText?: string | null;
+  provinceTextEN?: string | null;
   provinceId?: string | null;
+  zipCodeText?: string | null;
 
   selectedImage?: string;
 
@@ -144,9 +159,9 @@ type UserUpdate = {
 
   namePrefix?: string | null;
   firstName?: string;
-  firstNameEN: string;
+  firstNameEN?: string;
   middleName?: string | null;
-  middleNameEN: string | null;
+  middleNameEN?: string | null;
   lastName?: string;
   lastNameEN?: string;
   gender?: string;
@@ -166,6 +181,7 @@ type UserUpdate = {
   responsibleArea?: string[] | null;
   birthDate?: Date | null;
 
+  addressForeign?: boolean;
   address?: string;
   addressEN?: string;
   soi?: string | null;
@@ -179,9 +195,16 @@ type UserUpdate = {
 
   selectedImage?: string;
 
+  subDistrictText?: string | null;
+  subDistrictTextEN?: string | null;
   subDistrictId?: string | null;
+  districtText?: string | null;
+  districtTextEN?: string | null;
   districtId?: string | null;
+  provinceText?: string | null;
+  provinceTextEN?: string | null;
   provinceId?: string | null;
+  zipCodeText?: string | null;
 
   branchId?: string | string[];
 

src/controllers/03-customer-branch-citizen-controller.ts

@@ -23,15 +23,16 @@ const MANAGE_ROLES = [
   "system",
   "head_of_admin",
   "admin",
-  "head_of_accountant",
+  "executive",
   "accountant",
-  "head_of_sale",
+  "branch_admin",
-  "sale",
+  "branch_manager",
+  "branch_accountant",
 ];
 
 function globalAllow(user: RequestWithUser["user"]) {
-  const allowList = ["system", "head_of_admin", "admin", "head_of_accountant", "head_of_sale"];
+  const listAllowed = MANAGE_ROLES;
-  return allowList.some((v) => user.roles?.includes(v));
+  return user.roles?.some((v) => listAllowed.includes(v)) || false;
 }
 
 type CustomerBranchCitizenPayload = {

src/controllers/03-customer-branch-controller.ts

@@ -47,15 +47,18 @@ const MANAGE_ROLES = [
   "system",
   "head_of_admin",
   "admin",
-  "head_of_accountant",
+  "executive",
   "accountant",
+  "branch_admin",
+  "branch_manager",
+  "branch_accountant",
   "head_of_sale",
   "sale",
 ];
 
 function globalAllow(user: RequestWithUser["user"]) {
-  const allowList = ["system", "head_of_admin", "head_of_accountant", "head_of_sale"];
+  const listAllowed = MANAGE_ROLES;
-  return allowList.some((v) => user.roles?.includes(v));
+  return user.roles?.some((v) => listAllowed.includes(v)) || false;
 }
 
 const permissionCondCompany = createPermCondition((_) => true);
@@ -84,7 +87,6 @@ export type CustomerBranchCreate = {
   authorizedCapital?: string;
   authorizedName?: string;
   authorizedNameEN?: string;
-  customerName?: string;
 
   telephoneNo: string;
 
@@ -108,7 +110,7 @@ export type CustomerBranchCreate = {
   contactName: string;
   agentUserId?: string;
 
-  businessType: string;
+  businessTypeId?: string;
   jobPosition: string;
   jobDescription: string;
   payDate: string;
@@ -142,7 +144,6 @@ export type CustomerBranchUpdate = {
   authorizedCapital?: string;
   authorizedName?: string;
   authorizedNameEN?: string;
-  customerName?: string;
 
   telephoneNo: string;
 
@@ -166,7 +167,7 @@ export type CustomerBranchUpdate = {
   contactName?: string;
   agentUserId?: string;
 
-  businessType?: string;
+  businessTypeId?: string;
   jobPosition?: string;
   jobDescription?: string;
   payDate?: string;
@@ -201,7 +202,6 @@ export class CustomerBranchController extends Controller {
   ) {
     const where = {
       OR: queryOrNot<Prisma.CustomerBranchWhereInput[]>(query, [
-        { customerName: { contains: query, mode: "insensitive" } },
         { registerName: { contains: query, mode: "insensitive" } },
         { registerNameEN: { contains: query, mode: "insensitive" } },
         { email: { contains: query, mode: "insensitive" } },
@@ -238,6 +238,11 @@ export class CustomerBranchController extends Controller {
     const [result, total] = await prisma.$transaction([
       prisma.customerBranch.findMany({
         orderBy: [{ code: "asc" }, { statusOrder: "asc" }, { createdAt: "asc" }],
+        omit: {
+          otpCode: true,
+          otpExpires: true,
+          userId: true,
+        },
         include: {
           customer: includeCustomer,
           province: true,
@@ -246,6 +251,7 @@ export class CustomerBranchController extends Controller {
           createdBy: true,
           updatedBy: true,
           _count: true,
+          businessType: true,
         },
         where,
         take: pageSize,
@@ -261,6 +267,11 @@ export class CustomerBranchController extends Controller {
   @Security("keycloak")
   async getById(@Path() branchId: string) {
     const record = await prisma.customerBranch.findFirst({
+      omit: {
+        otpCode: true,
+        otpExpires: true,
+        userId: true,
+      },
       include: {
         customer: true,
         province: true,
@@ -268,6 +279,7 @@ export class CustomerBranchController extends Controller {
         subDistrict: true,
         createdBy: true,
         updatedBy: true,
+        businessType: true,
       },
       where: { id: branchId },
     });
@@ -350,6 +362,11 @@ export class CustomerBranchController extends Controller {
             include: branchRelationPermInclude(req.user),
           },
           branch: {
+            omit: {
+              otpCode: true,
+              otpExpires: true,
+              userId: true,
+            },
             take: 1,
             orderBy: { createdAt: "asc" },
           },
@@ -378,7 +395,15 @@ export class CustomerBranchController extends Controller {
       (v) => (v.headOffice || v).code,
     );
 
-    const { provinceId, districtId, subDistrictId, customerId, agentUserId, ...rest } = body;
+    const {
+      provinceId,
+      districtId,
+      subDistrictId,
+      customerId,
+      agentUserId,
+      businessTypeId,
+      ...rest
+    } = body;
 
     const record = await prisma.$transaction(
       async (tx) => {
@@ -421,6 +446,7 @@ export class CustomerBranchController extends Controller {
             subDistrict: true,
             createdBy: true,
             updatedBy: true,
+            businessType: true,
           },
           data: {
             ...rest,
@@ -432,6 +458,7 @@ export class CustomerBranchController extends Controller {
             province: connectOrNot(provinceId),
             district: connectOrNot(districtId),
             subDistrict: connectOrNot(subDistrictId),
+            businessType: connectOrNot(businessTypeId),
             createdBy: { connect: { id: req.user.sub } },
             updatedBy: { connect: { id: req.user.sub } },
           },
@@ -462,6 +489,7 @@ export class CustomerBranchController extends Controller {
             },
           },
         },
+        businessType: true,
       },
     });
 
@@ -506,7 +534,15 @@ export class CustomerBranchController extends Controller {
       await permissionCheck(req.user, customer.registeredBranch);
     }
 
-    const { provinceId, districtId, subDistrictId, customerId, agentUserId, ...rest } = body;
+    const {
+      provinceId,
+      districtId,
+      subDistrictId,
+      customerId,
+      agentUserId,
+      businessTypeId,
+      ...rest
+    } = body;
 
     return await prisma.customerBranch.update({
       where: { id: branchId },
@@ -516,6 +552,7 @@ export class CustomerBranchController extends Controller {
         subDistrict: true,
         createdBy: true,
         updatedBy: true,
+        businessType: true,
       },
       data: {
         ...rest,
@@ -525,6 +562,7 @@ export class CustomerBranchController extends Controller {
         province: connectOrDisconnect(provinceId),
         district: connectOrDisconnect(districtId),
         subDistrict: connectOrDisconnect(subDistrictId),
+        businessType: connectOrNot(businessTypeId),
         updatedBy: { connect: { id: req.user.sub } },
       },
     });
@@ -543,6 +581,7 @@ export class CustomerBranchController extends Controller {
             },
           },
         },
+        businessType: true,
       },
     });
 
@@ -595,10 +634,11 @@ export class CustomerBranchFileController extends Controller {
             },
           },
         },
+        businessType: true,
       },
     });
     if (!data) throw notFoundError("Customer Branch");
-    await permissionCheck(user, data.customer.registeredBranch);
+    await permissionCheckCompany(user, data.customer.registeredBranch);
   }
 
   @Get("attachment")

src/controllers/03-customer-controller.ts

@@ -37,20 +37,24 @@ import {
 } from "../utils/minio";
 import { isUsedError, notFoundError, relationError } from "../utils/error";
 import { connectOrNot, queryOrNot, whereDateQuery } from "../utils/relation";
+import { json2csv } from "json-2-csv";
 
 const MANAGE_ROLES = [
   "system",
   "head_of_admin",
   "admin",
-  "head_of_accountant",
+  "executive",
   "accountant",
+  "branch_admin",
+  "branch_manager",
+  "branch_accountant",
   "head_of_sale",
   "sale",
 ];
 
 function globalAllow(user: RequestWithUser["user"]) {
-  const allowList = ["system", "head_of_admin", "head_of_accountant", "head_of_sale"];
+  const listAllowed = MANAGE_ROLES;
-  return allowList.some((v) => user.roles?.includes(v));
+  return user.roles?.some((v) => listAllowed.includes(v)) || false;
 }
 
 const permissionCondCompany = createPermCondition((_) => true);
@@ -82,7 +86,6 @@ export type CustomerCreate = {
     authorizedCapital?: string;
     authorizedName?: string;
     authorizedNameEN?: string;
-    customerName?: string;
 
     telephoneNo: string;
 
@@ -106,7 +109,7 @@ export type CustomerCreate = {
     contactName: string;
     agentUserId?: string;
 
-    businessType: string;
+    businessTypeId?: string | null;
     jobPosition: string;
     jobDescription: string;
     payDate: string;
@@ -167,11 +170,14 @@ export class CustomerController extends Controller {
     @Query() activeBranchOnly?: boolean,
     @Query() startDate?: Date,
     @Query() endDate?: Date,
+    @Query() businessTypeId?: string,
+    @Query() provinceId?: string,
+    @Query() districtId?: string,
+    @Query() subDistrictId?: string,
   ) {
     const where = {
       OR: queryOrNot<Prisma.CustomerWhereInput[]>(query, [
         { branch: { some: { namePrefix: { contains: query, mode: "insensitive" } } } },
-        { branch: { some: { customerName: { contains: query, mode: "insensitive" } } } },
         { branch: { some: { registerName: { contains: query, mode: "insensitive" } } } },
         { branch: { some: { registerNameEN: { contains: query, mode: "insensitive" } } } },
         { branch: { some: { firstName: { contains: query, mode: "insensitive" } } } },
@@ -190,6 +196,35 @@ export class CustomerController extends Controller {
                 : permissionCond(req.user, { activeOnly: activeBranchOnly }),
             },
       },
+      branch: {
+        some: {
+          AND: [
+            businessTypeId
+              ? {
+                  OR: [{ businessType: { id: businessTypeId } }],
+                }
+              : {},
+
+            provinceId
+              ? {
+                  OR: [{ province: { id: provinceId } }],
+                }
+              : {},
+
+            districtId
+              ? {
+                  OR: [{ district: { id: districtId } }],
+                }
+              : {},
+
+            subDistrictId
+              ? {
+                  OR: [{ subDistrict: { id: subDistrictId } }],
+                }
+              : {},
+          ],
+        },
+      },
       ...whereDateQuery(startDate, endDate),
     } satisfies Prisma.CustomerWhereInput;
 
@@ -200,10 +235,16 @@ export class CustomerController extends Controller {
           branch: includeBranch
             ? {
                 include: {
+                  businessType: true,
                   province: true,
                   district: true,
                   subDistrict: true,
                 },
+                omit: {
+                  otpCode: true,
+                  otpExpires: true,
+                  userId: true,
+                },
                 orderBy: [{ statusOrder: "asc" }, { createdAt: "asc" }],
               }
             : {
@@ -212,11 +253,17 @@ export class CustomerController extends Controller {
                   district: true,
                   subDistrict: true,
                 },
+                omit: {
+                  otpCode: true,
+                  otpExpires: true,
+                  userId: true,
+                },
                 take: 1,
                 orderBy: { createdAt: "asc" },
               },
           createdBy: true,
           updatedBy: true,
+          // businessType:true
         },
         orderBy: [{ statusOrder: "asc" }, { createdAt: "asc" }],
         where,
@@ -241,6 +288,11 @@ export class CustomerController extends Controller {
               district: true,
               subDistrict: true,
             },
+            omit: {
+              otpCode: true,
+              otpExpires: true,
+              userId: true,
+            },
             orderBy: { createdAt: "asc" },
           },
           createdBy: true,
@@ -312,6 +364,11 @@ export class CustomerController extends Controller {
                 district: true,
                 subDistrict: true,
               },
+              omit: {
+                otpCode: true,
+                otpExpires: true,
+                userId: true,
+              },
             },
             createdBy: true,
             updatedBy: true,
@@ -323,6 +380,8 @@ export class CustomerController extends Controller {
                 ...v,
                 code: `${runningKey.replace(`CUSTOMER_BRANCH_${company}_`, "")}-${`${last.value - branch.length + i}`.padStart(2, "0")}`,
                 codeCustomer: runningKey.replace(`CUSTOMER_BRANCH_${company}_`, ""),
+                businessType: connectOrNot(v.businessTypeId),
+                businessTypeId: undefined,
                 agentUser: connectOrNot(v.agentUserId),
                 agentUserId: undefined,
                 province: connectOrNot(v.provinceId),
@@ -409,6 +468,11 @@ export class CustomerController extends Controller {
               district: true,
               subDistrict: true,
             },
+            omit: {
+              otpCode: true,
+              otpExpires: true,
+              userId: true,
+            },
           },
           createdBy: true,
           updatedBy: true,
@@ -447,7 +511,13 @@ export class CustomerController extends Controller {
       await deleteFolder(`customer/${customerId}`);
       const data = await tx.customer.delete({
         include: {
-          branch: true,
+          branch: {
+            omit: {
+              otpCode: true,
+              otpExpires: true,
+              userId: true,
+            },
+          },
           registeredBranch: {
             include: {
               headOffice: true,
@@ -542,3 +612,52 @@ export class CustomerImageController extends Controller {
     await deleteFile(fileLocation.customer.img(customerId, name));
   }
 }
+
+@Route("api/v1/customer-export")
+@Tags("Customer")
+export class CustomerExportController extends CustomerController {
+  @Get()
+  @Security("keycloak")
+  async exportCustomer(
+    @Request() req: RequestWithUser,
+    @Query() customerType?: CustomerType,
+    @Query() query: string = "",
+    @Query() status?: Status,
+    @Query() page: number = 1,
+    @Query() pageSize: number = 30,
+    @Query() includeBranch: boolean = false,
+    @Query() company: boolean = false,
+    @Query() activeBranchOnly?: boolean,
+    @Query() startDate?: Date,
+    @Query() endDate?: Date,
+    @Query() businessTypeId?: string,
+    @Query() provinceId?: string,
+    @Query() districtId?: string,
+    @Query() subDistrictId?: string,
+  ) {
+    const ret = await this.list(
+      req,
+      customerType,
+      query,
+      status,
+      page,
+      pageSize,
+      includeBranch,
+      company,
+      activeBranchOnly,
+      startDate,
+      endDate,
+      businessTypeId,
+      provinceId,
+      districtId,
+      subDistrictId,
+    );
+
+    this.setHeader("Content-Type", "text/csv");
+
+    return json2csv(
+      ret.result.map((v) => Object.assign(v, { branch: v.branch.at(0) ?? null })),
+      { useDateIso8601Format: true, expandNestedObjects: true },
+    );
+  }
+}

src/controllers/03-employee-checkup-controller.ts

@@ -23,14 +23,18 @@ const MANAGE_ROLES = [
   "system",
   "head_of_admin",
   "admin",
-  "head_of_accountant",
+  "executive",
   "accountant",
+  "branch_admin",
+  "branch_manager",
+  "branch_accountant",
   "head_of_sale",
+  "sale",
 ];
 
 function globalAllow(user: RequestWithUser["user"]) {
-  const allowList = ["system", "head_of_admin", "head_of_accountant", "head_of_sale"];
+  const listAllowed = MANAGE_ROLES;
-  return allowList.some((v) => user.roles?.includes(v));
+  return user.roles?.some((v) => listAllowed.includes(v)) || false;
 }
 
 type EmployeeCheckupPayload = {

src/controllers/03-employee-controller.ts

@@ -42,6 +42,7 @@ import {
   listFile,
   setFile,
 } from "../utils/minio";
+import { json2csv } from "json-2-csv";
 
 if (!process.env.MINIO_BUCKET) {
   throw Error("Require MinIO bucket.");
@@ -51,17 +52,23 @@ const MANAGE_ROLES = [
   "system",
   "head_of_admin",
   "admin",
-  "head_of_accountant",
+  "executive",
   "accountant",
+  "branch_admin",
+  "branch_manager",
+  "branch_accountant",
   "head_of_sale",
+  "sale",
 ];
 
 function globalAllow(user: RequestWithUser["user"]) {
-  const allowList = ["system", "head_of_admin", "head_of_accountant", "head_of_sale"];
+  const listAllowed = MANAGE_ROLES;
-  return allowList.some((v) => user.roles?.includes(v));
+  return user.roles?.some((v) => listAllowed.includes(v)) || false;
 }
 
+const permissionCondCompany = createPermCondition((_) => true);
 const permissionCond = createPermCondition(globalAllow);
+const permissionCheckCompany = createPermCheck((_) => true);
 const permissionCheck = createPermCheck(globalAllow);
 
 type EmployeeCreate = {
@@ -108,7 +115,7 @@ type EmployeeUpdate = {
 
   nrcNo?: string | null;
 
-  dateOfBirth?: Date;
+  dateOfBirth?: Date | null;
   gender?: string;
   nationality?: string;
   otherNationality?: string | null;
@@ -144,9 +151,18 @@ type EmployeeUpdate = {
 export class EmployeeController extends Controller {
   @Get("stats")
   @Security("keycloak")
-  async getEmployeeStats(@Query() customerBranchId?: string) {
+  async getEmployeeStats(@Request() req: RequestWithUser, @Query() customerBranchId?: string) {
     return await prisma.employee.count({
-      where: { customerBranchId },
+      where: {
+        customerBranchId,
+        customerBranch: {
+          customer: isSystem(req.user)
+            ? undefined
+            : {
+                registeredBranch: { OR: permissionCond(req.user) },
+              },
+        },
+      },
     });
   }
 
@@ -234,7 +250,6 @@ export class EmployeeController extends Controller {
       endDate,
     );
   }
-
   @Post("list")
   @Security("keycloak")
   async listByCriteria(
@@ -656,7 +671,7 @@ export class EmployeeFileController extends Controller {
       },
     });
     if (!data) throw notFoundError("Employee");
-    await permissionCheck(user, data.customerBranch.customer.registeredBranch);
+    await permissionCheckCompany(user, data.customerBranch.customer.registeredBranch);
   }
 
   @Get("image")
@@ -912,3 +927,55 @@ export class EmployeeFileController extends Controller {
     return await deleteFile(fileLocation.employee.inCountryNotice(employeeId, noticeId));
   }
 }
+
+@Route("api/v1/employee-export")
+@Tags("Employee")
+export class EmployeeExportController extends EmployeeController {
+  @Get()
+  @Security("keycloak")
+  async exportEmployee(
+    @Request() req: RequestWithUser,
+    @Query() zipCode?: string,
+    @Query() gender?: string,
+    @Query() status?: Status,
+    @Query() visa?: boolean,
+    @Query() passport?: boolean,
+    @Query() customerId?: string,
+    @Query() customerBranchId?: string,
+    @Query() query: string = "",
+    @Query() page: number = 1,
+    @Query() pageSize: number = 30,
+    @Query() activeOnly?: boolean,
+    @Query() startDate?: Date,
+    @Query() endDate?: Date,
+  ) {
+    const ret = await this.listByCriteria(
+      req,
+      zipCode,
+      gender,
+      status,
+      visa,
+      passport,
+      customerId,
+      customerBranchId,
+      query,
+      page,
+      pageSize,
+      activeOnly,
+      startDate,
+      endDate,
+    );
+
+    this.setHeader("Content-Type", "text/csv");
+
+    return json2csv(
+      ret.result.map((v) =>
+        Object.assign(v, {
+          employeePassport: v.employeePassport?.at(0) ?? null,
+          employeeVisa: v.employeeVisa?.at(0) ?? null,
+        }),
+      ),
+      { useDateIso8601Format: true },
+    );
+  }
+}

src/controllers/03-employee-other-info-controller.ts

@@ -23,14 +23,18 @@ const MANAGE_ROLES = [
   "system",
   "head_of_admin",
   "admin",
-  "head_of_accountant",
+  "executive",
   "accountant",
+  "branch_admin",
+  "branch_manager",
+  "branch_accountant",
   "head_of_sale",
+  "sale",
 ];
 
 function globalAllow(user: RequestWithUser["user"]) {
-  const allowList = ["system", "head_of_admin", "head_of_accountant", "head_of_sale"];
+  const listAllowed = MANAGE_ROLES;
-  return allowList.some((v) => user.roles?.includes(v));
+  return user.roles?.some((v) => listAllowed.includes(v)) || false;
 }
 
 type EmployeeOtherInfoPayload = {

src/controllers/03-employee-passport-controller.ts

@@ -22,14 +22,18 @@ const MANAGE_ROLES = [
   "system",
   "head_of_admin",
   "admin",
-  "head_of_accountant",
+  "executive",
   "accountant",
+  "branch_admin",
+  "branch_manager",
+  "branch_accountant",
   "head_of_sale",
+  "sale",
 ];
 
 function globalAllow(user: RequestWithUser["user"]) {
-  const allowList = ["system", "head_of_admin", "head_of_accountant", "head_of_sale"];
+  const listAllowed = MANAGE_ROLES;
-  return allowList.some((v) => user.roles?.includes(v));
+  return user.roles?.some((v) => listAllowed.includes(v)) || false;
 }
 
 type EmployeePassportPayload = {
@@ -43,7 +47,7 @@ type EmployeePassportPayload = {
 
   workerStatus: string;
   nationality: string;
-  otherNationality?: string;
+  otherNationality?: string | null;
   namePrefix?: string | null;
   firstName: string;
   firstNameEN: string;

src/controllers/03-employee-visa-controller.ts

@@ -22,14 +22,18 @@ const MANAGE_ROLES = [
   "system",
   "head_of_admin",
   "admin",
-  "head_of_accountant",
+  "executive",
   "accountant",
+  "branch_admin",
+  "branch_manager",
+  "branch_accountant",
   "head_of_sale",
+  "sale",
 ];
 
 function globalAllow(user: RequestWithUser["user"]) {
-  const allowList = ["system", "head_of_admin", "head_of_accountant", "head_of_sale"];
+  const listAllowed = MANAGE_ROLES;
-  return allowList.some((v) => user.roles?.includes(v));
+  return user.roles?.some((v) => listAllowed.includes(v)) || false;
 }
 
 type EmployeeVisaPayload = {
@@ -40,6 +44,7 @@ type EmployeeVisaPayload = {
   issuePlace: string;
   issueDate: Date;
   expireDate: Date;
+  reportDate?: Date | null;
   mrz?: string | null;
   remark?: string | null;
 

src/controllers/03-employee-work-controller.ts

@@ -22,14 +22,18 @@ const MANAGE_ROLES = [
   "system",
   "head_of_admin",
   "admin",
-  "head_of_accountant",
+  "executive",
   "accountant",
+  "branch_admin",
+  "branch_manager",
+  "branch_accountant",
   "head_of_sale",
+  "sale",
 ];
 
 function globalAllow(user: RequestWithUser["user"]) {
-  const allowList = ["system", "head_of_admin", "head_of_accountant", "head_of_sale"];
+  const listAllowed = MANAGE_ROLES;
-  return allowList.some((v) => user.roles?.includes(v));
+  return user.roles?.some((v) => listAllowed.includes(v)) || false;
 }
 
 type EmployeeWorkPayload = {

src/controllers/04-flow-template-controller.ts

@@ -44,14 +44,30 @@ type WorkflowPayload = {
   status?: Status;
 };
 
-const permissionCondCompany = createPermCondition((_) => true);
+const MANAGE_ROLES = [
-const permissionCheckCompany = createPermCheck((_) => true);
+  "system",
+  "head_of_admin",
+  "admin",
+  "executive",
+  "accountant",
+  "branch_admin",
+  "branch_manager",
+  "branch_accountant",
+];
+
+function globalAllow(user: RequestWithUser["user"]) {
+  const listAllowed = MANAGE_ROLES;
+  return user.roles?.some((v) => listAllowed.includes(v)) || false;
+}
+
+const permissionCondCompany = createPermCondition(globalAllow);
+const permissionCheckCompany = createPermCheck(globalAllow);
 
 @Route("api/v1/workflow-template")
 @Tags("Workflow")
-@Security("keycloak")
 export class FlowTemplateController extends Controller {
   @Get()
+  @Security("keycloak")
   async getFlowTemplate(
     @Request() req: RequestWithUser,
     @Query() page: number = 1,
@@ -118,6 +134,7 @@ export class FlowTemplateController extends Controller {
   }
 
   @Get("{templateId}")
+  @Security("keycloak")
   async getFlowTemplateById(@Request() _req: RequestWithUser, @Path() templateId: string) {
     const record = await prisma.workflowTemplate.findFirst({
       include: {
@@ -150,6 +167,7 @@ export class FlowTemplateController extends Controller {
   }
 
   @Post()
+  @Security("keycloak", MANAGE_ROLES)
   async createFlowTemplate(@Request() req: RequestWithUser, @Body() body: WorkflowPayload) {
     const where = {
       OR: [
@@ -230,6 +248,7 @@ export class FlowTemplateController extends Controller {
   }
 
   @Put("{templateId}")
+  @Security("keycloak", MANAGE_ROLES)
   async updateFlowTemplate(
     @Request() req: RequestWithUser,
     @Path() templateId: string,
@@ -315,6 +334,7 @@ export class FlowTemplateController extends Controller {
   }
 
   @Delete("{templateId}")
+  @Security("keycloak", MANAGE_ROLES)
   async deleteFlowTemplateById(@Request() req: RequestWithUser, @Path() templateId: string) {
     const record = await prisma.workflowTemplate.findUnique({
       where: { id: templateId },

src/controllers/04-institution-controller.ts

@@ -95,6 +95,17 @@ type InstitutionUpdatePayload = {
   }[];
 };
 
+const MANAGE_ROLES = [
+  "system",
+  "head_of_admin",
+  "admin",
+  "executive",
+  "accountant",
+  "branch_admin",
+  "branch_manager",
+  "branch_accountant",
+];
+
 @Route("api/v1/institution")
 @Tags("Institution")
 export class InstitutionController extends Controller {
@@ -185,7 +196,7 @@ export class InstitutionController extends Controller {
   }
 
   @Post()
-  @Security("keycloak")
+  @Security("keycloak", MANAGE_ROLES)
   @OperationId("createInstitution")
   async createInstitution(
     @Body()
@@ -229,7 +240,7 @@ export class InstitutionController extends Controller {
   }
 
   @Put("{institutionId}")
-  @Security("keycloak")
+  @Security("keycloak", MANAGE_ROLES)
   @OperationId("updateInstitution")
   async updateInstitution(
     @Path() institutionId: string,
@@ -278,7 +289,7 @@ export class InstitutionController extends Controller {
   }
 
   @Delete("{institutionId}")
-  @Security("keycloak")
+  @Security("keycloak", MANAGE_ROLES)
   @OperationId("deleteInstitution")
   async deleteInstitution(@Path() institutionId: string) {
     return await prisma.$transaction(async (tx) => {
@@ -350,7 +361,7 @@ export class InstitutionFileController extends Controller {
   }
 
   @Put("image/{name}")
-  @Security("keycloak")
+  @Security("keycloak", MANAGE_ROLES)
   async putImage(
     @Request() req: RequestWithUser,
     @Path() institutionId: string,
@@ -364,7 +375,7 @@ export class InstitutionFileController extends Controller {
   }
 
   @Delete("image/{name}")
-  @Security("keycloak")
+  @Security("keycloak", MANAGE_ROLES)
   async delImage(
     @Request() req: RequestWithUser,
     @Path() institutionId: string,
@@ -394,7 +405,7 @@ export class InstitutionFileController extends Controller {
   }
 
   @Put("attachment/{name}")
-  @Security("keycloak")
+  @Security("keycloak", MANAGE_ROLES)
   async putAttachment(
     @Request() req: RequestWithUser,
     @Path() institutionId: string,
@@ -405,7 +416,7 @@ export class InstitutionFileController extends Controller {
   }
 
   @Delete("attachment/{name}")
-  @Security("keycloak")
+  @Security("keycloak", MANAGE_ROLES)
   async delAttachment(
     @Request() req: RequestWithUser,
     @Path() institutionId: string,
@@ -436,7 +447,7 @@ export class InstitutionFileController extends Controller {
   }
 
   @Put("bank-qr/{bankId}")
-  @Security("keycloak")
+  @Security("keycloak", MANAGE_ROLES)
   async putBankImage(
     @Request() req: RequestWithUser,
     @Path() institutionId: string,
@@ -450,7 +461,7 @@ export class InstitutionFileController extends Controller {
   }
 
   @Delete("bank-qr/{bankId}")
-  @Security("keycloak")
+  @Security("keycloak", MANAGE_ROLES)
   async delBankImage(
     @Request() req: RequestWithUser,
     @Path() institutionId: string,

src/controllers/04-invoice-controller.ts

@@ -29,14 +29,23 @@ type InvoicePayload = {
   installmentNo: number[];
 };
 
-const MANAGE_ROLES = ["system", "head_of_admin", "admin", "head_of_accountant", "accountant"];
+const MANAGE_ROLES = [
+  "system",
+  "head_of_admin",
+  "admin",
+  "executive",
+  "accountant",
+  "branch_admin",
+  "branch_manager",
+  "branch_accountant",
+];
 
 function globalAllow(user: RequestWithUser["user"]) {
-  const allowList = ["system", "head_of_admin", "head_of_accountant"];
+  const listAllowed = ["system", "head_of_admin", "admin", "executive", "accountant"];
-  return allowList.some((v) => user.roles?.includes(v));
+  return user.roles?.some((v) => listAllowed.includes(v)) || false;
 }
 
-const permissionCondCompany = createPermCondition((_) => true);
+const permissionCondCompany = createPermCondition(globalAllow);
 const permissionCheck = createPermCheck(globalAllow);
 
 @Route("/api/v1/invoice")
@@ -108,7 +117,6 @@ export class InvoiceController extends Controller {
             customerBranch: {
               OR: [
                 { code: { contains: query, mode: "insensitive" } },
-                { customerName: { contains: query, mode: "insensitive" } },
                 { registerName: { contains: query, mode: "insensitive" } },
                 { registerNameEN: { contains: query, mode: "insensitive" } },
                 { firstName: { contains: query, mode: "insensitive" } },
@@ -184,7 +192,7 @@ export class InvoiceController extends Controller {
 
   @Post()
   @OperationId("createInvoice")
-  @Security("keycloak", MANAGE_ROLES)
+  @Security("keycloak", MANAGE_ROLES.concat(["head_of_sale", "sale"]))
   async createInvoice(@Request() req: RequestWithUser, @Body() body: InvoicePayload) {
     const [quotation] = await prisma.$transaction([
       prisma.quotation.findUnique({
@@ -229,7 +237,7 @@ export class InvoiceController extends Controller {
           title: "ใบแจ้งหนี้ใหม่ / New Invoice",
           detail: "รหัส / code : " + record.code,
           registeredBranchId: record.registeredBranchId,
-          groupReceiver: { create: { name: "accountant" } },
+          groupReceiver: { create: { name: "branch_accountant" } },
         },
       });
 

src/controllers/04-product-controller.ts

@@ -30,19 +30,23 @@ import { deleteFile, deleteFolder, fileLocation, getFile, listFile, setFile } fr
 import { isUsedError, notFoundError, relationError } from "../utils/error";
 import { queryOrNot, whereDateQuery } from "../utils/relation";
 import spreadsheet from "../utils/spreadsheet";
+import flowAccount from "../services/flowaccount";
+import { json2csv } from "json-2-csv";
 
 const MANAGE_ROLES = [
   "system",
   "head_of_admin",
   "admin",
-  "head_of_accountant",
+  "executive",
   "accountant",
-  "head_of_sale",
+  "branch_admin",
+  "branch_manager",
+  "branch_accountant",
 ];
 
 function globalAllow(user: RequestWithUser["user"]) {
-  const allowList = ["system", "head_of_admin", "head_of_accountant", "head_of_sale"];
+  const listAllowed = MANAGE_ROLES;
-  return allowList.some((v) => user.roles?.includes(v));
+  return user.roles?.some((v) => listAllowed.includes(v)) || false;
 }
 
 const permissionCondCompany = createPermCondition((_) => true);
@@ -74,6 +78,7 @@ type ProductCreate = {
 
 type ProductUpdate = {
   status?: "ACTIVE" | "INACTIVE";
+  code?: string;
   name?: string;
   detail?: string;
   process?: number;
@@ -297,13 +302,21 @@ export class ProductController extends Controller {
           },
           update: { value: { increment: 1 } },
         });
-        return await prisma.product.create({
+
+        const listId = await flowAccount.createProducts(
+          `${body.code.toLocaleUpperCase()}${last.value.toString().padStart(3, "0")}`,
+          body,
+        );
+
+        return await tx.product.create({
           include: {
             createdBy: true,
             updatedBy: true,
           },
           data: {
             ...body,
+            flowAccountProductIdAgentPrice: `${listId.data.productIdAgentPrice}`,
+            flowAccountProductIdSellPrice: `${listId.data.productIdSellPrice}`,
             document: body.document
               ? {
                   createMany: { data: body.document.map((v) => ({ name: v })) },
@@ -377,6 +390,30 @@ export class ProductController extends Controller {
       await permissionCheck(req.user, productGroup.registeredBranch);
     }
 
+    if (
+      product.flowAccountProductIdSellPrice !== null &&
+      product.flowAccountProductIdAgentPrice !== null
+    ) {
+      const mergedBody = {
+        ...body,
+        code: body.code ?? product.code,
+        price: body.price ?? product.price,
+        agentPrice: body.agentPrice ?? product.agentPrice,
+        serviceCharge: body.serviceCharge ?? product.serviceCharge,
+        vatIncluded: body.vatIncluded ?? product.vatIncluded,
+        agentPriceVatIncluded: body.agentPriceVatIncluded ?? product.agentPriceVatIncluded,
+        serviceChargeVatIncluded: body.serviceChargeVatIncluded ?? product.serviceChargeVatIncluded,
+      };
+
+      await flowAccount.editProducts(
+        product.flowAccountProductIdSellPrice,
+        product.flowAccountProductIdAgentPrice,
+        mergedBody,
+      );
+    } else {
+      throw notFoundError("FlowAccountProductId");
+    }
+
     const record = await prisma.product.update({
       include: {
         productGroup: true,
@@ -439,6 +476,18 @@ export class ProductController extends Controller {
 
     if (record.status !== Status.CREATED) throw isUsedError("Product");
 
+    if (
+      record.flowAccountProductIdSellPrice !== null &&
+      record.flowAccountProductIdAgentPrice !== null
+    ) {
+      await Promise.all([
+        flowAccount.deleteProduct(record.flowAccountProductIdSellPrice),
+        flowAccount.deleteProduct(record.flowAccountProductIdAgentPrice),
+      ]);
+    } else {
+      throw notFoundError("FlowAccountProductId");
+    }
+
     await deleteFolder(fileLocation.product.img(productId));
 
     return await prisma.product.delete({
@@ -640,3 +689,43 @@ export class ProductFileController extends Controller {
     return await deleteFile(fileLocation.product.img(productId, name));
   }
 }
+
+@Route("api/v1/product-export")
+@Tags("Product")
+export class ProductExportController extends ProductController {
+  @Get()
+  @Security("keycloak")
+  async exportCustomer(
+    @Request() req: RequestWithUser,
+    @Query() status?: Status,
+    @Query() shared?: boolean,
+    @Query() productGroupId?: string,
+    @Query() query: string = "",
+    @Query() page: number = 1,
+    @Query() pageSize: number = 30,
+    @Query() orderField?: keyof Product,
+    @Query() orderBy?: "asc" | "desc",
+    @Query() activeOnly?: boolean,
+    @Query() startDate?: Date,
+    @Query() endDate?: Date,
+  ) {
+    const ret = await this.getProduct(
+      req,
+      status,
+      shared,
+      productGroupId,
+      query,
+      page,
+      pageSize,
+      orderField,
+      orderBy,
+      activeOnly,
+      startDate,
+      endDate,
+    );
+
+    this.setHeader("Content-Type", "text/csv");
+
+    return json2csv(ret.result, { useDateIso8601Format: true, expandNestedObjects: true });
+  }
+}

src/controllers/04-product-group-controller.ts

@@ -35,7 +35,7 @@ type ProductGroupCreate = {
   remark: string;
   status?: Status;
   shared?: boolean;
-  registeredBranchId: string;
+  registeredBranchId?: string;
 };
 
 type ProductGroupUpdate = {
@@ -51,14 +51,16 @@ const MANAGE_ROLES = [
   "system",
   "head_of_admin",
   "admin",
-  "head_of_accountant",
+  "executive",
   "accountant",
-  "head_of_sale",
+  "branch_admin",
+  "branch_manager",
+  "branch_accountant",
 ];
 
 function globalAllow(user: RequestWithUser["user"]) {
-  const allowList = ["system", "head_of_admin", "head_of_accountant", "head_of_sale"];
+  const listAllowed = MANAGE_ROLES;
-  return allowList.some((v) => user.roles?.includes(v));
+  return user.roles?.some((v) => listAllowed.includes(v)) || false;
 }
 
 const permissionCond = createPermCondition((_) => true);
@@ -157,7 +159,23 @@ export class ProductGroup extends Controller {
   @Post()
   @Security("keycloak", MANAGE_ROLES)
   async createProductGroup(@Request() req: RequestWithUser, @Body() body: ProductGroupCreate) {
-    let company = await permissionCheck(req.user, body.registeredBranchId).then(
+    const userAffiliatedBranch = await prisma.branch.findFirst({
+      include: branchRelationPermInclude(req.user),
+      where: body.registeredBranchId
+        ? { id: body.registeredBranchId }
+        : {
+            user: { some: { userId: req.user.sub } },
+          },
+    });
+    if (!userAffiliatedBranch) {
+      throw new HttpError(
+        HttpStatus.BAD_REQUEST,
+        "You must be affilated with at least one branch or specify branch to be registered (System permission required).",
+        "reqMinAffilatedBranch",
+      );
+    }
+
+    let company = await permissionCheck(req.user, userAffiliatedBranch).then(
       (v) => (v.headOffice || v).code,
     );
 
@@ -181,6 +199,7 @@ export class ProductGroup extends Controller {
           },
           data: {
             ...body,
+            registeredBranchId: userAffiliatedBranch.id,
             statusOrder: +(body.status === "INACTIVE"),
             code: `G${last.value.toString().padStart(2, "0")}`,
             createdByUserId: req.user.sub,

src/controllers/04-service-controller.ts

@@ -42,14 +42,16 @@ const MANAGE_ROLES = [
   "system",
   "head_of_admin",
   "admin",
-  "head_of_accountant",
+  "executive",
   "accountant",
-  "head_of_sale",
+  "branch_admin",
+  "branch_manager",
+  "branch_accountant",
 ];
 
 function globalAllow(user: RequestWithUser["user"]) {
-  const allowList = ["system", "head_of_admin", "head_of_accountant", "head_of_sale"];
+  const listAllowed = MANAGE_ROLES;
-  return allowList.some((v) => user.roles?.includes(v));
+  return user.roles?.some((v) => listAllowed.includes(v)) || false;
 }
 
 const permissionCondCompany = createPermCondition((_) => true);

src/controllers/05-payment-controller.ts

@@ -26,11 +26,20 @@ import flowAccount from "../services/flowaccount";
 import HttpError from "../interfaces/http-error";
 import HttpStatus from "../interfaces/http-status";
 
-const MANAGE_ROLES = ["system", "head_of_admin", "admin", "head_of_accountant", "accountant"];
+const MANAGE_ROLES = [
+  "system",
+  "head_of_admin",
+  "admin",
+  "executive",
+  "accountant",
+  "branch_admin",
+  "branch_manager",
+  "branch_accountant",
+];
 
 function globalAllow(user: RequestWithUser["user"]) {
-  const allowList = ["system", "head_of_admin", "head_of_accountant"];
+  const listAllowed = ["system", "head_of_admin", "admin", "executive", "accountant"];
-  return allowList.some((v) => user.roles?.includes(v));
+  return user.roles?.some((v) => listAllowed.includes(v)) || false;
 }
 
 const permissionCondCompany = createPermCondition((_) => true);
@@ -101,10 +110,18 @@ export class QuotationPayment extends Controller {
   }
 
   @Put("{paymentId}")
-  @Security("keycloak", MANAGE_ROLES)
+  @Security("keycloak", MANAGE_ROLES.concat(["head_of_sale", "sale"]))
   async updatePayment(
     @Path() paymentId: string,
-    @Body() body: { amount?: number; date?: Date; paymentStatus?: PaymentStatus },
+    @Body()
+    body: {
+      amount?: number;
+      date?: Date;
+      paymentStatus?: PaymentStatus;
+      channel?: string | null;
+      account?: string | null;
+      reference?: string | null;
+    },
     @Request() req: RequestWithUser,
   ) {
     const record = await prisma.payment.findUnique({
@@ -135,7 +152,18 @@ export class QuotationPayment extends Controller {
 
     if (!record) throw notFoundError("Payment");
 
-    if (record.paymentStatus === "PaymentSuccess") return record;
+    if (record.paymentStatus === "PaymentSuccess") {
+      const { channel, account, reference } = body;
+      return await prisma.payment.update({
+        where: { id: paymentId, invoice: { quotationId: record.invoice.quotationId } },
+        data: {
+          channel,
+          account,
+          reference,
+          updatedByUserId: req.user.sub,
+        },
+      });
+    }
 
     return await prisma.$transaction(async (tx) => {
       const current = new Date();
@@ -240,7 +268,7 @@ export class QuotationPayment extends Controller {
               },
             });
 
-          if (quotation.quotationStatus === "PaymentPending") {
+          if (quotation.quotationStatus === "PaymentInProcess") {
             await prisma.notification.create({
               data: {
                 title: "รายการคำขอใหม่ / New Request",

src/controllers/05-quotation-controller.ts

@@ -84,6 +84,8 @@ type QuotationCreate = {
     installmentNo?: number;
     workerIndex?: number[];
   }[];
+
+  sellerId?: string;
 };
 
 type QuotationUpdate = {
@@ -142,6 +144,8 @@ type QuotationUpdate = {
     installmentNo?: number;
     workerIndex?: number[];
   }[];
+
+  sellerId?: string;
 };
 
 const VAT_DEFAULT = config.vat;
@@ -150,15 +154,16 @@ const MANAGE_ROLES = [
   "system",
   "head_of_admin",
   "admin",
-  "head_of_accountant",
+  "executive",
   "accountant",
-  "head_of_sale",
+  "branch_admin",
-  "sale",
+  "branch_manager",
+  "branch_accountant",
 ];
 
 function globalAllow(user: RequestWithUser["user"]) {
-  const allowList = ["system", "head_of_admin", "head_of_accountant", "head_of_sale"];
+  const listAllowed = ["system", "head_of_admin", "admin", "executive", "accountant"];
-  return allowList.some((v) => user.roles?.includes(v));
+  return user.roles?.some((v) => listAllowed.includes(v)) || false;
 }
 
 const permissionCheckCompany = createPermCheck((_) => true);
@@ -210,6 +215,7 @@ export class QuotationController extends Controller {
     @Query() query = "",
     @Query() startDate?: Date,
     @Query() endDate?: Date,
+    @Query() sellerId?: string,
   ) {
     const where = {
       OR: queryOrNot<Prisma.QuotationWhereInput[]>(query, [
@@ -219,7 +225,6 @@ export class QuotationController extends Controller {
           customerBranch: {
             OR: [
               { code: { contains: query, mode: "insensitive" } },
-              { customerName: { contains: query, mode: "insensitive" } },
               { firstName: { contains: query, mode: "insensitive" } },
               { firstNameEN: { contains: query, mode: "insensitive" } },
               { lastName: { contains: query, mode: "insensitive" } },
@@ -258,6 +263,7 @@ export class QuotationController extends Controller {
           }
         : undefined,
       ...whereDateQuery(startDate, endDate),
+      sellerId: sellerId,
     } satisfies Prisma.QuotationWhereInput;
 
     const [result, total] = await prisma.$transaction([
@@ -415,7 +421,7 @@ export class QuotationController extends Controller {
   }
 
   @Post()
-  @Security("keycloak", MANAGE_ROLES)
+  @Security("keycloak", MANAGE_ROLES.concat(["head_of_sale", "sale"]))
   async createQuotation(@Request() req: RequestWithUser, @Body() body: QuotationCreate) {
     const ids = {
       employee: body.worker.filter((v) => typeof v === "string"),
@@ -521,16 +527,15 @@ export class QuotationController extends Controller {
         const vatIncluded = body.agentPrice ? p.agentPriceVatIncluded : p.vatIncluded;
 
         const originalPrice = body.agentPrice ? p.agentPrice : p.price;
-        const finalPriceWithVat = precisionRound(
+        const finalPrice = precisionRound(
           originalPrice + (vatIncluded ? 0 : originalPrice * VAT_DEFAULT),
         );
-
+        const pricePerUnit = finalPrice / (1 + VAT_DEFAULT);
-        const price = finalPriceWithVat;
-        const pricePerUnit = price / (1 + VAT_DEFAULT);
         const vat = (body.agentPrice ? p.agentPriceCalcVat : p.calcVat)
-          ? (pricePerUnit * v.amount - (v.discount || 0)) * VAT_DEFAULT
+          ? ((pricePerUnit * (1 + VAT_DEFAULT) * v.amount - (v.discount || 0)) /
+              (1 + VAT_DEFAULT)) *
+            VAT_DEFAULT
           : 0;
-
         return {
           order: i + 1,
           productId: v.productId,
@@ -551,13 +556,13 @@ export class QuotationController extends Controller {
 
       const price = list.reduce(
         (a, c) => {
-          a.totalPrice = precisionRound(a.totalPrice + c.pricePerUnit * c.amount);
+          const vat = c.vat ? VAT_DEFAULT : 0;
+          const price = c.pricePerUnit * c.amount * (1 + vat) - c.discount;
+
+          a.totalPrice = precisionRound(a.totalPrice + price / (1 + vat) + c.discount);
           a.totalDiscount = precisionRound(a.totalDiscount + c.discount);
           a.vat = precisionRound(a.vat + c.vat);
-          a.vatExcluded =
+          a.vatExcluded = c.vat === 0 ? precisionRound(a.vatExcluded + price) : a.vatExcluded;
-            c.vat === 0
-              ? precisionRound(a.vatExcluded + (c.pricePerUnit * c.amount - (c.discount || 0)))
-              : a.vatExcluded;
           a.finalPrice = precisionRound(
             Math.max(a.totalPrice - a.totalDiscount + a.vat - (body.discount || 0), 0),
           );
@@ -658,7 +663,14 @@ export class QuotationController extends Controller {
         title: "ใบเสนอราคาใหม่ / New Quotation",
         detail: "รหัส / code : " + ret.code,
         registeredBranchId: ret.registeredBranchId,
-        groupReceiver: { create: [{ name: "sale" }, { name: "head_of_sale" }] },
+        groupReceiver: {
+          create: [
+            { name: "sale" },
+            { name: "head_of_sale" },
+            { name: "accountant" },
+            { name: "branch_accountant" },
+          ],
+        },
       },
     });
 
@@ -666,7 +678,7 @@ export class QuotationController extends Controller {
   }
 
   @Put("{quotationId}")
-  @Security("keycloak", MANAGE_ROLES)
+  @Security("keycloak", MANAGE_ROLES.concat(["head_of_sale", "sale"]))
   async editQuotation(
     @Request() req: RequestWithUser,
     @Path() quotationId: string,
@@ -802,14 +814,14 @@ export class QuotationController extends Controller {
         const vatIncluded = record.agentPrice ? p.agentPriceVatIncluded : p.vatIncluded;
 
         const originalPrice = record.agentPrice ? p.agentPrice : p.price;
-        const finalPriceWithVat = precisionRound(
+        const finalPrice = precisionRound(
           originalPrice + (vatIncluded ? 0 : originalPrice * VAT_DEFAULT),
         );
-
+        const pricePerUnit = finalPrice / (1 + VAT_DEFAULT);
-        const price = finalPriceWithVat;
-        const pricePerUnit = price / (1 + VAT_DEFAULT);
         const vat = (record.agentPrice ? p.agentPriceCalcVat : p.calcVat)
-          ? (pricePerUnit * v.amount - (v.discount || 0)) * VAT_DEFAULT
+          ? ((pricePerUnit * (1 + VAT_DEFAULT) * v.amount - (v.discount || 0)) /
+              (1 + VAT_DEFAULT)) *
+            VAT_DEFAULT
           : 0;
 
         return {
@@ -832,15 +844,13 @@ export class QuotationController extends Controller {
 
       const price = list?.reduce(
         (a, c) => {
-          a.totalPrice = precisionRound(a.totalPrice + c.pricePerUnit * c.amount);
+          const vat = c.vat ? VAT_DEFAULT : 0;
+          const price = c.pricePerUnit * c.amount * (1 + vat) - c.discount;
+
+          a.totalPrice = precisionRound(a.totalPrice + price / (1 + vat) + c.discount);
           a.totalDiscount = precisionRound(a.totalDiscount + c.discount);
           a.vat = precisionRound(a.vat + c.vat);
-          a.vatExcluded =
+          a.vatExcluded = c.vat === 0 ? precisionRound(a.vatExcluded + price) : a.vatExcluded;
-            c.vat === 0
-              ? precisionRound(
-                  a.vatExcluded + (c.pricePerUnit * c.amount - (c.discount || 0)) * VAT_DEFAULT,
-                )
-              : a.vatExcluded;
           a.finalPrice = precisionRound(
             Math.max(a.totalPrice - a.totalDiscount + a.vat - (body.discount || 0), 0),
           );
@@ -856,6 +866,7 @@ export class QuotationController extends Controller {
           finalPrice: 0,
         },
       );
+
       const changed = list?.some((lhs) => {
         const found = record.productServiceList.find((rhs) => {
           return (
@@ -889,6 +900,20 @@ export class QuotationController extends Controller {
           }),
       ]);
 
+      if (customerBranch) {
+        await tx.customerBranch.update({
+          where: { id: customerBranch.id },
+          data: {
+            customer: {
+              update: {
+                status: Status.ACTIVE,
+              },
+            },
+            status: Status.ACTIVE,
+          },
+        });
+      }
+
       return await tx.quotation.update({
         include: {
           productServiceList: {

src/controllers/06-request-list-controller.ts

@@ -95,7 +95,6 @@ export class RequestDataController extends Controller {
             customerBranch: {
               OR: [
                 { code: { contains: query, mode: "insensitive" } },
-                { customerName: { contains: query, mode: "insensitive" } },
                 { registerName: { contains: query, mode: "insensitive" } },
                 { registerNameEN: { contains: query, mode: "insensitive" } },
                 { firstName: { contains: query, mode: "insensitive" } },
@@ -294,14 +293,17 @@ export class RequestDataController extends Controller {
   async updateRequestData(
     @Request() req: RequestWithUser,
     @Body()
-    boby: {
+    body: {
       defaultMessengerId: string;
       requestDataId: string[];
     },
   ) {
-    const record = await prisma.requestData.updateManyAndReturn({
+    if (body.requestDataId.length === 0) return;
+
+    return await prisma.$transaction(async (tx) => {
+      const record = await tx.requestData.updateManyAndReturn({
         where: {
-        id: { in: boby.requestDataId },
+          id: { in: body.requestDataId },
           quotation: {
             registeredBranch: {
               OR: permissionCond(req.user),
@@ -309,19 +311,44 @@ export class RequestDataController extends Controller {
           },
         },
         data: {
-        defaultMessengerId: boby.defaultMessengerId,
+          defaultMessengerId: body.defaultMessengerId,
         },
       });
 
       if (record.length <= 0) throw notFoundError("Request Data");
 
+      await tx.requestWorkStepStatus.updateMany({
+        where: {
+          workStatus: {
+            in: [
+              RequestWorkStatus.Pending,
+              RequestWorkStatus.Waiting,
+              RequestWorkStatus.InProgress,
+            ],
+          },
+          requestWork: {
+            requestDataId: { in: body.requestDataId },
+          },
+        },
+        data: { responsibleUserId: body.defaultMessengerId },
+      });
+
       return record[0];
+    });
   }
 }
 
 @Route("/api/v1/request-data/{requestDataId}")
 @Tags("Request List")
 export class RequestDataActionController extends Controller {
+  async #getLineToken() {
+    if (!process.env.LINE_MESSAGING_API_TOKEN) {
+      console.warn("Line Webhook Activated but LINE_MESSAGING_API_TOKEN not set.");
+    }
+
+    return process.env.LINE_MESSAGING_API_TOKEN;
+  }
+
   @Post("reject-request-cancel")
   @Security("keycloak")
   async rejectRequestCancel(
@@ -396,6 +423,17 @@ export class RequestDataActionController extends Controller {
           },
         },
       },
+      include: {
+        quotation: {
+          include: {
+            customerBranch: {
+              include: {
+                customer: { include: { branch: { where: { userId: { not: null } } } } },
+              },
+            },
+          },
+        },
+      },
     });
 
     if (!result) throw notFoundError("Request Data");
@@ -438,23 +476,88 @@ export class RequestDataActionController extends Controller {
             data: { quotationStatus: QuotationStatus.Canceled, urgent: false },
           })
           .then(async (res) => {
-            await tx.notification.createMany({
+            await Promise.all(
-              data: res.map((v) => ({
+              res.map((v) =>
+                tx.notification.create({
+                  data: {
                     title: "สถานะใบเสนอราคาเปลี่ยนแปลง / Quotation Status Updated",
                     detail: "รหัส / code : " + v.code + " Canceled",
                     receiverId: v.createdByUserId,
-              })),
+                    registeredBranchId: v.registeredBranchId,
-            });
+                    groupReceiver: { create: { name: "document_checker" } },
+                  },
                 }),
-        tx.taskOrder.updateMany({
+              ),
+            );
+          }),
+        tx.taskOrder
+          .updateManyAndReturn({
             where: {
               taskList: {
                 every: { taskStatus: TaskStatus.Canceled },
               },
             },
             data: { taskOrderStatus: TaskStatus.Canceled },
+          })
+          .then(async (res) => {
+            await Promise.all(
+              res.map((v) =>
+                tx.notification.create({
+                  data: {
+                    title: "สถานะใบเสนอราคาเปลี่ยนแปลง / Quotation Status Updated",
+                    detail: "รหัส / code : " + v.code + " Canceled",
+                    receiverId: v.createdByUserId,
+                    registeredBranchId: v.registeredBranchId,
+                    groupReceiver: { create: { name: "document_checker" } },
+                  },
+                }),
+              ),
+            );
           }),
       ]);
+
+      const token = await this.#getLineToken();
+      if (!token) return;
+
+      const textHead = "JWS ALERT:";
+
+      const textAlert = "ขอแจ้งให้ทราบว่าใบเสนอราคา";
+      const textAlert2 = "ได้ดำเนินการยกเลิกเรียบร้อยแล้ว";
+      const textAlert3 = "หากต้องการข้อมูลเพิ่มเติม กรุณาแจ้งให้ฝ่ายที่เกี่ยวข้องทราบ 🙏";
+      let finalTextWork = "";
+      let textData = "";
+
+      let dataCustomerId: string[] = [];
+      let dataUserId: string[] = [];
+
+      result.quotation.customerBranch.customer.branch.forEach((item) => {
+        if (!dataCustomerId?.includes(item.id) && item.userId) {
+          dataCustomerId.push(item.id);
+          dataUserId.push(item.userId);
+        }
+      });
+      finalTextWork = `เลขที่ใบเสนอราคา: ${result.code} ${result.quotation.workName}`;
+
+      textData = `${textHead}\n\n${textAlert}\n${finalTextWork}\n${textAlert2}\n\n${textAlert3}`;
+
+      const data = {
+        to: dataUserId,
+        messages: [
+          {
+            type: "text",
+            text: textData,
+          },
+        ],
+      };
+
+      await fetch("https://api.line.me/v2/bot/message/multicast", {
+        method: "POST",
+        headers: {
+          Authorization: `Bearer ${token}`,
+          "Content-Type": "application/json",
+        },
+        body: JSON.stringify(data),
+      });
     });
   }
 
@@ -586,13 +689,19 @@ export class RequestDataActionController extends Controller {
               data: { quotationStatus: QuotationStatus.Canceled, urgent: false },
             })
             .then(async (res) => {
-              await tx.notification.createMany({
+              await Promise.all(
-                data: res.map((v) => ({
+                res.map((v) =>
+                  tx.notification.create({
+                    data: {
                       title: "สถานะใบเสนอราคาเปลี่ยนแปลง / Quotation Status Updated",
                       detail: "รหัส / code : " + v.code + " Canceled",
                       receiverId: v.createdByUserId,
-                })),
+                      registeredBranchId: v.registeredBranchId,
-              });
+                      groupReceiver: { create: { name: "document_checker" } },
+                    },
+                  }),
+                ),
+              );
             }),
           tx.taskOrder.updateMany({
             where: {
@@ -675,14 +784,83 @@ export class RequestDataActionController extends Controller {
             },
           },
           data: { quotationStatus: QuotationStatus.ProcessComplete, urgent: false },
+          include: {
+            customerBranch: {
+              include: {
+                customer: {
+                  include: {
+                    branch: {
+                      where: { userId: { not: null } },
+                    },
+                  },
+                },
+              },
+            },
+          },
         })
         .then(async (res) => {
-          await tx.notification.createMany({
+          await Promise.all(
-            data: res.map((v) => ({
+            res.map((v) =>
+              tx.notification.create({
+                data: {
                   title: "สถานะใบเสนอราคาเปลี่ยนแปลง / Quotation Status Updated",
                   detail: "รหัส / code : " + v.code + " Completed",
                   receiverId: v.createdByUserId,
-            })),
+                  registeredBranchId: v.registeredBranchId,
+                  groupReceiver: { create: { name: "document_checker" } },
+                },
+              }),
+            ),
+          );
+
+          const token = await this.#getLineToken();
+          if (!token) return;
+
+          const textHead = "JWS ALERT:";
+
+          const textAlert = "ขอแจ้งให้ทราบว่าใบเสนอราคา";
+          const textAlert2 = "ได้ดำเนินการเสร็จสิ้นทุกกระบวนการเรียบร้อยแล้ว";
+          const textAlert3 = "หากต้องการข้อมูลเพิ่มเติม กรุณาแจ้งให้ฝ่ายที่เกี่ยวข้องทราบ 🙏";
+          let finalTextWork = "";
+          let textData = "";
+
+          let dataCustomerId: string[] = [];
+          let textWorkList: string[] = [];
+          let dataUserId: string[] = [];
+
+          if (res) {
+            res.forEach((data, index) => {
+              data.customerBranch.customer.branch.forEach((item) => {
+                if (!dataCustomerId?.includes(item.id) && item.userId) {
+                  dataCustomerId.push(item.id);
+                  dataUserId.push(item.userId);
+                }
+              });
+              textWorkList.push(`${index + 1}. เลขที่ใบเสนอราคา ${data.code} ${data.workName}`);
+            });
+
+            finalTextWork = textWorkList.join("\n");
+          }
+
+          textData = `${textHead}\n\n${textAlert}\n${finalTextWork}\n${textAlert2}\n\n${textAlert3}`;
+
+          const data = {
+            to: dataUserId,
+            messages: [
+              {
+                type: "text",
+                text: textData,
+              },
+            ],
+          };
+
+          await fetch("https://api.line.me/v2/bot/message/multicast", {
+            method: "POST",
+            headers: {
+              Authorization: `Bearer ${token}`,
+              "Content-Type": "application/json",
+            },
+            body: JSON.stringify(data),
           });
         });
       // dataRecord.push(record);
@@ -977,7 +1155,7 @@ export class RequestListController extends Controller {
       });
 
       if (record.responsibleUserId === null) {
-        await prisma.requestWorkStepStatus.update({
+        await tx.requestWorkStepStatus.update({
           where: {
             step_requestWorkId: {
               step: step,
@@ -1039,13 +1217,19 @@ export class RequestListController extends Controller {
                 data: { quotationStatus: QuotationStatus.Canceled, urgent: false },
               })
               .then(async (res) => {
-                await tx.notification.createMany({
+                await Promise.all(
-                  data: res.map((v) => ({
+                  res.map((v) =>
+                    tx.notification.create({
+                      data: {
                         title: "สถานะใบเสนอราคาเปลี่ยนแปลง / Quotation Status Updated",
                         detail: "รหัส / code : " + v.code + " Canceled",
                         receiverId: v.createdByUserId,
-                  })),
+                        registeredBranchId: v.registeredBranchId,
-                });
+                        groupReceiver: { create: { name: "document_checker" } },
+                      },
+                    }),
+                  ),
+                );
               }),
             tx.taskOrder.updateMany({
               where: {
@@ -1153,13 +1337,19 @@ export class RequestListController extends Controller {
           },
         })
         .then(async (res) => {
-          await tx.notification.createMany({
+          await Promise.all(
-            data: res.map((v) => ({
+            res.map((v) =>
+              tx.notification.create({
+                data: {
                   title: "สถานะใบเสนอราคาเปลี่ยนแปลง / Quotation Status Updated",
                   detail: "รหัส / code : " + v.code + " Completed",
                   receiverId: v.createdByUserId,
-            })),
+                  registeredBranchId: v.registeredBranchId,
-          });
+                  groupReceiver: { create: { name: "document_checker" } },
+                },
+              }),
+            ),
+          );
           const token = await this.#getLineToken();
           if (!token) return;
 

src/controllers/07-task-controller.ts

@@ -44,11 +44,21 @@ import {
 } from "../utils/minio";
 import { queryOrNot, whereDateQuery } from "../utils/relation";
 
-const MANAGE_ROLES = ["system", "head_of_admin", "admin", "document_checker"];
+const MANAGE_ROLES = [
+  "system",
+  "head_of_admin",
+  "admin",
+  "executive",
+  "accountant",
+  "branch_admin",
+  "branch_manager",
+  "branch_accountant",
+  "data_entry",
+];
 
 function globalAllow(user: RequestWithUser["user"]) {
-  const allowList = ["system", "head_of_admin"];
+  const listAllowed = ["system", "head_of_admin", "admin", "executive", "accountant"];
-  return allowList.some((v) => user.roles?.includes(v));
+  return user.roles?.some((v) => listAllowed.includes(v)) || false;
 }
 
 const permissionCondCompany = createPermCondition((_) => true);
@@ -60,11 +70,14 @@ const permissionCheckCompany = createPermCheck((_) => true);
 @Tags("Task Order")
 export class TaskController extends Controller {
   @Get("stats")
-  async getTaskOrderStats() {
+  @Security("keycloak")
+  async getTaskOrderStats(@Request() req: RequestWithUser) {
     const task = await prisma.taskOrder.groupBy({
+      where: { registeredBranch: { OR: permissionCondCompany(req.user) } },
       by: ["taskOrderStatus"],
       _count: true,
     });
+
     return task.reduce<Record<TaskOrderStatus, number>>(
       (a, c) => Object.assign(a, { [c.taskOrderStatus]: c._count }),
       {
@@ -252,6 +265,12 @@ export class TaskController extends Controller {
       taskProduct?: { productId: string; discount?: number }[];
     },
   ) {
+    if (body.taskList.length < 1 || !body.registeredBranchId)
+      throw new HttpError(
+        HttpStatus.BAD_REQUEST,
+        "Your created invalid task order",
+        "taskOrderInvalid",
+      );
     return await prisma.$transaction(async (tx) => {
       const last = await tx.runningNo.upsert({
         where: {
@@ -301,8 +320,8 @@ export class TaskController extends Controller {
       if (updated.count !== taskList.length) {
         throw new HttpError(
           HttpStatus.PRECONDITION_FAILED,
-          "All request work to issue task order must be in ready state.",
+          "all request work to issue task order must be in ready state.",
-          "requestWorkMustReady",
+          "requestworkmustready",
         );
       }
       await tx.institution.updateMany({
@@ -325,7 +344,8 @@ export class TaskController extends Controller {
         where: { OR: taskList },
       });
 
-      return await tx.taskOrder.create({
+      return await tx.taskOrder
+        .create({
           include: {
             taskList: {
               include: {
@@ -388,6 +408,17 @@ export class TaskController extends Controller {
             taskList: { create: taskList },
             taskProduct: { create: taskProduct },
           },
+        })
+        .then(async (v) => {
+          await prisma.notification.create({
+            data: {
+              title: "ใบสั่งงานใหม่ / New Task Order",
+              detail: "รหัส / code : " + v.code,
+              registeredBranchId: v.registeredBranchId,
+              groupReceiver: { create: { name: "document_checker" } },
+            },
+          });
+          return v;
         });
     });
   }
@@ -531,6 +562,8 @@ export class TaskController extends Controller {
               title: "มีการส่งงาน / Task Submitted",
               detail: "รหัสใบสั่งงาน / Order : " + record.code,
               receiverId: record.createdByUserId,
+              registeredBranchId: record.registeredBranchId,
+              groupReceiver: { create: { name: "document_checker" } },
             },
           });
         }
@@ -658,6 +691,7 @@ export class TaskActionController extends Controller {
               title: "ใบรายการคำขอที่จัดการเกิดปัญหา / Task Failed",
               detail: `ใบรายการคำขอรหัส ${taskCode}: ${taskName} รหัสสินค้า ${productCode}: ${productName} ของลูกจ้าง ${employeeName} เกิดข้อผิดพลาด`,
               groupReceiver: { create: { name: "document_checker" } },
+              receiverId: record.requestWorkStep.requestWork.request.quotation.createdByUserId,
               registeredBranchId: record.taskOrder.registeredBranchId,
             },
           });
@@ -724,6 +758,8 @@ export class TaskActionController extends Controller {
           title: "มีการส่งงาน / Task Submitted",
           detail: "รหัสใบสั่งงาน / Order : " + record.code,
           receiverId: record.createdByUserId,
+          registeredBranchId: record.registeredBranchId,
+          groupReceiver: { create: { name: "document_checker" } },
         },
       }),
     ]);
@@ -756,7 +792,8 @@ export class TaskActionController extends Controller {
       const code = `RI${year}${month}${last.value.toString().padStart(6, "0")}`;
 
       await Promise.all([
-        tx.taskOrder.update({
+        tx.taskOrder
+          .update({
             where: { id: taskOrderId },
             data: {
               urgent: false,
@@ -771,6 +808,17 @@ export class TaskActionController extends Controller {
                 },
               },
             },
+          })
+          .then(async (record) => {
+            await tx.notification.create({
+              data: {
+                title: "ใบงานเสร็จสิ้น / Task Complete",
+                detail: "รหัสใบสั่งงาน / Order : " + record.code,
+                receiverId: record.createdByUserId,
+                registeredBranchId: record.registeredBranchId,
+                groupReceiver: { create: { name: "document_checker" } },
+              },
+            });
           }),
         tx.requestWorkStepStatus.updateMany({
           where: {
@@ -875,9 +923,33 @@ export class TaskActionController extends Controller {
         if (completeCheck) completed.push(item.id);
       });
 
-      await tx.requestData.updateMany({
+      await tx.requestData
+        .updateManyAndReturn({
           where: { id: { in: completed } },
+          include: {
+            quotation: {
+              select: {
+                registeredBranchId: true,
+                createdByUserId: true,
+              },
+            },
+          },
           data: { requestDataStatus: RequestDataStatus.Completed },
+        })
+        .then(async (res) => {
+          await Promise.all(
+            res.map((v) =>
+              tx.notification.create({
+                data: {
+                  title: "สถานะใบเสนอราคาเปลี่ยนแปลง / Quotation Status Updated",
+                  detail: "รหัส / code : " + v.code + " Completed",
+                  receiverId: v.quotation.createdByUserId,
+                  registeredBranchId: v.quotation.registeredBranchId,
+                  groupReceiver: { create: { name: "document_checker" } },
+                },
+              }),
+            ),
+          );
         });
       await tx.quotation
         .updateManyAndReturn({
@@ -918,13 +990,19 @@ export class TaskActionController extends Controller {
           },
         })
         .then(async (res) => {
-          await tx.notification.createMany({
+          await Promise.all(
-            data: res.map((v) => ({
+            res.map((v) =>
+              tx.notification.create({
+                data: {
                   title: "สถานะใบเสนอราคาเปลี่ยนแปลง / Quotation Status Updated",
                   detail: "รหัส / code : " + v.code + " Completed",
                   receiverId: v.createdByUserId,
-            })),
+                  registeredBranchId: v.registeredBranchId,
-          });
+                  groupReceiver: { create: { name: "document_checker" } },
+                },
+              }),
+            ),
+          );
 
           const token = await this.#getLineToken();
 
@@ -1163,19 +1241,23 @@ export class UserTaskController extends Controller {
             },
           })
           .then(async (v) => {
-            await tx.notification.createMany({
+            await tx.notification.create({
-              data: [
+              data: {
-                {
                 title: "สถานะใบส่งงานมีการเปลี่ยนแปลง / Order Status Changed",
                 detail: "รหัสใบสั่งงาน / Order : " + v.code + " InProgress",
                 receiverId: v.createdByUserId,
+                registeredBranchId: v.registeredBranchId,
+                groupReceiver: { create: { name: "document_checker" } },
               },
-                {
+            });
+            await tx.notification.create({
+              data: {
                 title: "มีการรับงาน / Task Accepted",
                 detail: "รหัสใบสั่งงาน / Order : " + v.code,
                 receiverId: v.createdByUserId,
+                registeredBranchId: v.registeredBranchId,
+                groupReceiver: { create: { name: "document_checker" } },
               },
-              ],
             });
           }),
         tx.task.updateMany({

src/controllers/08-credit-note-controller.ts

@@ -13,6 +13,7 @@ import {
   Security,
   Tags,
 } from "tsoa";
+import config from "../config.json";
 
 import prisma from "../db";
 
@@ -42,22 +43,21 @@ const MANAGE_ROLES = [
   "system",
   "head_of_admin",
   "admin",
-  "head_of_accountant",
+  "executive",
   "accountant",
-  "head_of_sale",
+  "branch_admin",
-  "sale",
+  "branch_manager",
+  "branch_accountant",
 ];
 
 function globalAllow(user: RequestWithUser["user"]) {
-  const allowList = ["system", "head_of_admin", "head_of_accountant", "head_of_sale"];
+  const listAllowed = ["system", "head_of_admin", "admin", "executive", "accountant"];
-  return allowList.some((v) => user.roles?.includes(v));
+  return user.roles?.some((v) => listAllowed.includes(v)) || false;
 }
+const VAT_DEFAULT = config.vat;
 
-// NOTE: permission condition/check in requestWork -> requestData -> quotation -> registeredBranch
 const permissionCond = createPermCondition(globalAllow);
-const permissionCondCompany = createPermCondition((_) => true);
 const permissionCheck = createPermCheck(globalAllow);
-const permissionCheckCompany = createPermCheck((_) => true);
 
 type CreditNoteCreate = {
   requestWorkId: string[];
@@ -85,6 +85,14 @@ type CreditNoteUpdate = {
 @Route("api/v1/credit-note")
 @Tags("Credit Note")
 export class CreditNoteController extends Controller {
+  async #getLineToken() {
+    if (!process.env.LINE_MESSAGING_API_TOKEN) {
+      console.warn("Line Webhook Activated but LINE_MESSAGING_API_TOKEN not set.");
+    }
+
+    return process.env.LINE_MESSAGING_API_TOKEN;
+  }
+
   @Get("stats")
   @Security("keycloak")
   async getCreditNoteStats(@Request() req: RequestWithUser, @Query() quotationId?: string) {
@@ -94,7 +102,7 @@ export class CreditNoteController extends Controller {
           request: {
             quotationId,
             quotation: {
-              registeredBranch: { OR: permissionCondCompany(req.user) },
+              registeredBranch: { OR: permissionCond(req.user) },
             },
           },
         },
@@ -148,7 +156,6 @@ export class CreditNoteController extends Controller {
     @Query() creditNoteStatus?: CreditNoteStatus,
     @Query() startDate?: Date,
     @Query() endDate?: Date,
-    @Body() body?: {},
   ) {
     const where = {
       OR: queryOrNot<Prisma.CreditNoteWhereInput[]>(query, [
@@ -165,7 +172,6 @@ export class CreditNoteController extends Controller {
                       customerBranch: {
                         OR: [
                           { code: { contains: query, mode: "insensitive" } },
-                          { customerName: { contains: query, mode: "insensitive" } },
                           { firstName: { contains: query, mode: "insensitive" } },
                           { firstNameEN: { contains: query, mode: "insensitive" } },
                           { lastName: { contains: query, mode: "insensitive" } },
@@ -200,7 +206,7 @@ export class CreditNoteController extends Controller {
           request: {
             quotationId,
             quotation: {
-              registeredBranch: { OR: permissionCondCompany(req.user) },
+              registeredBranch: { OR: permissionCond(req.user) },
             },
           },
         },
@@ -211,6 +217,8 @@ export class CreditNoteController extends Controller {
     const [result, total] = await prisma.$transaction([
       prisma.creditNote.findMany({
         where,
+        take: pageSize,
+        skip: (page - 1) * pageSize,
         include: {
           quotation: {
             include: {
@@ -243,7 +251,7 @@ export class CreditNoteController extends Controller {
         some: {
           request: {
             quotation: {
-              registeredBranch: { OR: permissionCondCompany(req.user) },
+              registeredBranch: { OR: permissionCond(req.user) },
             },
           },
         },
@@ -341,9 +349,8 @@ export class CreditNoteController extends Controller {
       ).length;
 
       const price =
-        c.productService.pricePerUnit -
+        c.productService.pricePerUnit * (1 + (c.productService.vat > 0 ? VAT_DEFAULT : 0)) -
-        c.productService.discount / c.productService.amount +
+        c.productService.discount;
-        c.productService.vat / c.productService.amount;
 
       if (serviceChargeStepCount && successCount) {
         return a + price - c.productService.product.serviceCharge * successCount;
@@ -369,14 +376,23 @@ export class CreditNoteController extends Controller {
           update: { value: { increment: 1 } },
         });
 
-        return await prisma.creditNote.create({
+        return await prisma.creditNote
+          .create({
             include: {
               requestWork: {
                 include: {
                   request: true,
                 },
               },
-            quotation: true,
+              quotation: {
+                include: {
+                  customerBranch: {
+                    include: {
+                      customer: { include: { branch: { where: { userId: { not: null } } } } },
+                    },
+                  },
+                },
+              },
             },
             data: {
               reason: body.reason,
@@ -395,6 +411,55 @@ export class CreditNoteController extends Controller {
               },
               quotationId: body.quotationId,
             },
+          })
+          .then(async (res) => {
+            const token = await this.#getLineToken();
+            if (!token) return;
+
+            const textHead = "JWS ALERT:";
+
+            const textAlert = "ขอแจ้งให้ทราบว่าใบลดหนี้";
+            const textAlert2 = "ได้ถูกสร้างขึ้นเรียบร้อยแล้ว";
+            const textAlert3 =
+              "หากท่านต้องการข้อมูลเพิ่มเติมหรือมีข้อสงสัยประการใด โปรดแจ้งให้ฝ่ายที่เกี่ยวข้องทราบ ทางเรายินดีให้ความช่วยเหลืออย่างเต็มที่ 🙏";
+            let finalTextWork = "";
+            let textData = "";
+
+            let dataCustomerId: string[] = [];
+            let dataUserId: string[] = [];
+
+            if (res) {
+              res.quotation.customerBranch.customer.branch.forEach((item) => {
+                if (!dataCustomerId?.includes(item.id) && item.userId) {
+                  dataCustomerId.push(item.id);
+                  dataUserId.push(item.userId);
+                }
+              });
+              finalTextWork = `จำนวนเงิน ${res.value.toFixed(2)} บาท `;
+            }
+
+            textData = `${textHead}\n\n${textAlert}\n${finalTextWork}${textAlert2}\n\n${textAlert3}`;
+
+            const data = {
+              to: dataUserId,
+              messages: [
+                {
+                  type: "text",
+                  text: textData,
+                },
+              ],
+            };
+
+            await fetch("https://api.line.me/v2/bot/message/multicast", {
+              method: "POST",
+              headers: {
+                Authorization: `Bearer ${token}`,
+                "Content-Type": "application/json",
+              },
+              body: JSON.stringify(data),
+            });
+
+            return res;
           });
       },
       { isolationLevel: Prisma.TransactionIsolationLevel.Serializable },
@@ -402,7 +467,7 @@ export class CreditNoteController extends Controller {
   }
 
   @Put("{creditNoteId}")
-  @Security("keycloak", MANAGE_ROLES)
+  @Security("keycloak")
   async updateCreditNote(
     @Request() req: RequestWithUser,
     @Path() creditNoteId: string,
@@ -477,9 +542,8 @@ export class CreditNoteController extends Controller {
       ).length;
 
       const price =
-        c.productService.pricePerUnit -
+        c.productService.pricePerUnit * (1 + (c.productService.vat > 0 ? VAT_DEFAULT : 0)) -
-        c.productService.discount / c.productService.amount +
+        c.productService.discount;
-        c.productService.vat / c.productService.amount;
 
       if (serviceChargeStepCount && successCount) {
         return a + price - c.productService.product.serviceCharge * successCount;
@@ -576,6 +640,14 @@ export class CreditNoteActionController extends Controller {
     return creditNoteData;
   }
 
+  async #getLineToken() {
+    if (!process.env.LINE_MESSAGING_API_TOKEN) {
+      console.warn("Line Webhook Activated but LINE_MESSAGING_API_TOKEN not set.");
+    }
+
+    return process.env.LINE_MESSAGING_API_TOKEN;
+  }
+
   @Post("accept")
   @Security("keycloak", MANAGE_ROLES)
   async acceptCreditNote(@Request() req: RequestWithUser, @Path() creditNoteId: string) {
@@ -594,7 +666,8 @@ export class CreditNoteActionController extends Controller {
     @Body() body: { paybackStatus: PaybackStatus },
   ) {
     await this.#checkPermission(req.user, creditNoteId);
-    return await prisma.creditNote.update({
+    return await prisma.creditNote
+      .update({
         where: { id: creditNoteId },
         include: {
           requestWork: {
@@ -602,7 +675,15 @@ export class CreditNoteActionController extends Controller {
               request: true,
             },
           },
-        quotation: true,
+          quotation: {
+            include: {
+              customerBranch: {
+                include: {
+                  customer: { include: { branch: { where: { userId: { not: null } } } } },
+                },
+              },
+            },
+          },
         },
         data: {
           creditNoteStatus:
@@ -610,6 +691,55 @@ export class CreditNoteActionController extends Controller {
           paybackStatus: body.paybackStatus,
           paybackDate: body.paybackStatus === PaybackStatus.Done ? new Date() : undefined,
         },
+      })
+      .then(async (res) => {
+        const token = await this.#getLineToken();
+        if (!token) return;
+
+        const textHead = "JWS ALERT:";
+
+        const textAlert = "ทางเราขอแจ้งให้ทราบว่าการดำเนินการคืนเงินสำหรับใบลดหนี้";
+        const textAlert2 = "ได้รับการอนุมัติและเสร็จสมบูรณ์เรียบร้อยแล้ว";
+        const textAlert3 =
+          "หากท่านต้องการข้อมูลเพิ่มเติมหรือมีข้อสงสัยประการใด โปรดแจ้งให้ฝ่ายที่เกี่ยวข้องทราบ ทางเรายินดีให้ความช่วยเหลืออย่างเต็มที่ 🙏";
+        let finalTextWork = "";
+        let textData = "";
+
+        let dataCustomerId: string[] = [];
+        let textWorkList: string[] = [];
+        let dataUserId: string[] = [];
+
+        if (res) {
+          res.quotation.customerBranch.customer.branch.forEach((item) => {
+            if (!dataCustomerId?.includes(item.id) && item.userId) {
+              dataCustomerId.push(item.id);
+              dataUserId.push(item.userId);
+            }
+          });
+          finalTextWork = `จำนวนเงิน ${res.value.toFixed(2)} บาท `;
+        }
+
+        textData = `${textHead}\n\n${textAlert}\n${finalTextWork}${textAlert2}\n\n${textAlert3}`;
+
+        const data = {
+          to: dataUserId,
+          messages: [
+            {
+              type: "text",
+              text: textData,
+            },
+          ],
+        };
+        body.paybackStatus === PaybackStatus.Done
+          ? await fetch("https://api.line.me/v2/bot/message/multicast", {
+              method: "POST",
+              headers: {
+                Authorization: `Bearer ${token}`,
+                "Content-Type": "application/json",
+              },
+              body: JSON.stringify(data),
+            })
+          : undefined;
       });
   }
 }

src/controllers/09-debit-note-controller.ts

@@ -44,22 +44,20 @@ const MANAGE_ROLES = [
   "system",
   "head_of_admin",
   "admin",
-  "head_of_accountant",
+  "executive",
   "accountant",
-  "head_of_sale",
+  "branch_admin",
-  "sale",
+  "branch_manager",
+  "branch_accountant",
 ];
 
 function globalAllow(user: RequestWithUser["user"]) {
-  const allowList = ["system", "head_of_admin", "head_of_accountant", "head_of_sale"];
+  const listAllowed = ["system", "head_of_admin", "admin", "executive", "accountant"];
-  return allowList.some((v) => user.roles?.includes(v));
+  return user.roles?.some((v) => listAllowed.includes(v)) || false;
 }
 
-// NOTE: permission condition/check in registeredBranch
 const permissionCond = createPermCondition(globalAllow);
-const permissionCondCompany = createPermCondition((_) => true);
 const permissionCheck = createPermCheck(globalAllow);
-const permissionCheckCompany = createPermCheck((_) => true);
 
 type DebitNoteCreate = {
   quotationId: string;
@@ -213,7 +211,6 @@ export class DebitNoteController extends Controller {
           customerBranch: {
             OR: [
               { code: { contains: query, mode: "insensitive" } },
-              { customerName: { contains: query, mode: "insensitive" } },
               { firstName: { contains: query, mode: "insensitive" } },
               { firstNameEN: { contains: query, mode: "insensitive" } },
               { lastName: { contains: query, mode: "insensitive" } },
@@ -433,12 +430,18 @@ export class DebitNoteController extends Controller {
 
       const list = body.productServiceList.map((v, i) => {
         const p = product.find((p) => p.id === v.productId)!;
-        const price = body.agentPrice ? p.agentPrice : p.price;
+
-        const pricePerUnit = p.vatIncluded ? price / (1 + VAT_DEFAULT) : price;
+        const vatIncluded = body.agentPrice ? p.agentPriceVatIncluded : p.vatIncluded;
-        const vat = p.calcVat
+
-          ? (pricePerUnit * (v.discount ? v.amount : 1) - (v.discount || 0)) *
+        const originalPrice = body.agentPrice ? p.agentPrice : p.price;
-            VAT_DEFAULT *
+        const finalPrice = precisionRound(
-            (!v.discount ? v.amount : 1)
+          originalPrice + (vatIncluded ? 0 : originalPrice * VAT_DEFAULT),
+        );
+        const pricePerUnit = finalPrice / (1 + VAT_DEFAULT);
+        const vat = (body.agentPrice ? p.agentPriceCalcVat : p.calcVat)
+          ? ((pricePerUnit * (1 + VAT_DEFAULT) * v.amount - (v.discount || 0)) /
+              (1 + VAT_DEFAULT)) *
+            VAT_DEFAULT
           : 0;
 
         return {
@@ -461,15 +464,13 @@ export class DebitNoteController extends Controller {
 
       const price = list.reduce(
         (a, c) => {
-          a.totalPrice = precisionRound(a.totalPrice + c.pricePerUnit * c.amount);
+          const vat = c.vat ? VAT_DEFAULT : 0;
+          const price = c.pricePerUnit * c.amount * (1 + vat) - c.discount;
+
+          a.totalPrice = precisionRound(a.totalPrice + price / (1 + vat) + c.discount);
           a.totalDiscount = precisionRound(a.totalDiscount + c.discount);
           a.vat = precisionRound(a.vat + c.vat);
-          a.vatExcluded =
+          a.vatExcluded = c.vat === 0 ? precisionRound(a.vatExcluded + price) : a.vatExcluded;
-            c.vat === 0
-              ? precisionRound(
-                  a.vatExcluded + (c.pricePerUnit * c.amount - (c.discount || 0)) * VAT_DEFAULT,
-                )
-              : a.vatExcluded;
           a.finalPrice = precisionRound(
             Math.max(a.totalPrice - a.totalDiscount + a.vat - (body.discount || 0), 0),
           );
@@ -581,7 +582,7 @@ export class DebitNoteController extends Controller {
   }
 
   @Put("{debitNoteId}")
-  @Security("keycloak", MANAGE_ROLES)
+  @Security("keycloak")
   async updateDebitNote(
     @Request() req: RequestWithUser,
     @Path() debitNoteId: string,
@@ -605,7 +606,7 @@ export class DebitNoteController extends Controller {
 
     if (!record) throw notFoundError("Debit Note");
 
-    await permissionCheckCompany(req.user, record.registeredBranch);
+    await permissionCheck(req.user, record.registeredBranch);
 
     const { productServiceList: _productServiceList, ...rest } = body;
     const ids = {
@@ -676,12 +677,18 @@ export class DebitNoteController extends Controller {
       }
       const list = body.productServiceList.map((v, i) => {
         const p = product.find((p) => p.id === v.productId)!;
-        const price = body.agentPrice ? p.agentPrice : p.price;
+
-        const pricePerUnit = p.vatIncluded ? price / (1 + VAT_DEFAULT) : price;
+        const vatIncluded = record.agentPrice ? p.agentPriceVatIncluded : p.vatIncluded;
-        const vat = p.calcVat
+
-          ? (pricePerUnit * (v.discount ? v.amount : 1) - (v.discount || 0)) *
+        const originalPrice = record.agentPrice ? p.agentPrice : p.price;
-            VAT_DEFAULT *
+        const finalPrice = precisionRound(
-            (!v.discount ? v.amount : 1)
+          originalPrice + (vatIncluded ? 0 : originalPrice * VAT_DEFAULT),
+        );
+        const pricePerUnit = finalPrice / (1 + VAT_DEFAULT);
+        const vat = (record.agentPrice ? p.agentPriceCalcVat : p.calcVat)
+          ? ((pricePerUnit * (1 + VAT_DEFAULT) * v.amount - (v.discount || 0)) /
+              (1 + VAT_DEFAULT)) *
+            VAT_DEFAULT
           : 0;
 
         return {
@@ -704,15 +711,13 @@ export class DebitNoteController extends Controller {
 
       const price = list.reduce(
         (a, c) => {
-          a.totalPrice = precisionRound(a.totalPrice + c.pricePerUnit * c.amount);
+          const vat = c.vat ? VAT_DEFAULT : 0;
+          const price = c.pricePerUnit * c.amount * (1 + vat) - c.discount;
+
+          a.totalPrice = precisionRound(a.totalPrice + price / (1 + vat) + c.discount);
           a.totalDiscount = precisionRound(a.totalDiscount + c.discount);
           a.vat = precisionRound(a.vat + c.vat);
-          a.vatExcluded =
+          a.vatExcluded = c.vat === 0 ? precisionRound(a.vatExcluded + price) : a.vatExcluded;
-            c.vat === 0
-              ? precisionRound(
-                  a.vatExcluded + (c.pricePerUnit * c.amount - (c.discount || 0)) * VAT_DEFAULT,
-                )
-              : a.vatExcluded;
           a.finalPrice = precisionRound(
             Math.max(a.totalPrice - a.totalDiscount + a.vat - (body.discount || 0), 0),
           );

src/controllers/09-line-controller.ts

@@ -189,7 +189,6 @@ export class LineController extends Controller {
             customerBranch: {
               OR: [
                 { code: { contains: query, mode: "insensitive" } },
-                { customerName: { contains: query, mode: "insensitive" } },
                 { registerName: { contains: query, mode: "insensitive" } },
                 { registerNameEN: { contains: query, mode: "insensitive" } },
                 { firstName: { contains: query, mode: "insensitive" } },
@@ -614,17 +613,14 @@ export class LineController extends Controller {
     @Query() endDate?: Date,
   ) {
     const where = {
-      OR:
+      OR: queryOrNot<Prisma.QuotationWhereInput[]>(query, [
-        query || pendingOnly
-          ? [
-              ...(queryOrNot<Prisma.QuotationWhereInput[]>(query, [
         { code: { contains: query, mode: "insensitive" } },
         { workName: { contains: query, mode: "insensitive" } },
         {
           customerBranch: {
             OR: [
               { code: { contains: query, mode: "insensitive" } },
-                      { customerName: { contains: query, mode: "insensitive" } },
+              { registerName: { contains: query, mode: "insensitive" } },
               { firstName: { contains: query, mode: "insensitive" } },
               { firstNameEN: { contains: query, mode: "insensitive" } },
               { lastName: { contains: query, mode: "insensitive" } },
@@ -632,21 +628,7 @@ export class LineController extends Controller {
             ],
           },
         },
-              ]) || []),
+      ]),
-              ...(queryOrNot<Prisma.QuotationWhereInput[]>(!!pendingOnly, [
-                {
-                  requestData: {
-                    some: {
-                      requestDataStatus: "Pending",
-                    },
-                  },
-                },
-                {
-                  requestData: { none: {} },
-                },
-              ]) || []),
-            ]
-          : undefined,
       isDebitNote: false,
       code,
       payCondition,
@@ -668,6 +650,22 @@ export class LineController extends Controller {
             },
           }
         : undefined,
+      AND: pendingOnly
+        ? {
+            OR: [
+              {
+                requestData: {
+                  some: {
+                    requestDataStatus: "Pending",
+                  },
+                },
+              },
+              {
+                requestData: { none: {} },
+              },
+            ],
+          }
+        : undefined,
       ...whereDateQuery(startDate, endDate),
     } satisfies Prisma.QuotationWhereInput;
 

src/controllers/09-web-hook-controller.ts

@@ -90,7 +90,7 @@ export class WebHookController extends Controller {
                       firstNameEN: true,
                       lastName: true,
                       lastNameEN: true,
-                      customerName: true,
+                      registerName: true,
                       customer: {
                         select: {
                           customerType: true,
@@ -133,13 +133,13 @@ export class WebHookController extends Controller {
           let textData = "";
 
           if (dataEmployee.length > 0) {
-            const customerName =
+            const registerName =
-              dataEmployee[0]?.employee?.customerBranch?.customerName ?? "ไม่ระบุ";
+              dataEmployee[0]?.employee?.customerBranch?.registerName ?? "ไม่ระบุ";
             const telephoneNo =
               dataEmployee[0]?.employee?.customerBranch?.customer.registeredBranch.telephoneNo ??
               "ไม่ระบุ";
 
-            const textEmployer = `เรียน คุณ${customerName}`;
+            const textEmployer = `เรียน คุณ${registerName}`;
             const textAlert = "ขอแจ้งให้ทราบว่าหนังสือเดินทางของลูกจ้าง";
             const textAlert2 = "และจำเป็นต้องดำเนินการต่ออายุในเร็ว ๆ นี้";
             const textExpDate =

src/controllers/10-business-type-controller.ts

@@ -0,0 +1,113 @@
+import {
+  Body,
+  Controller,
+  Delete,
+  Get,
+  Path,
+  Post,
+  Put,
+  Query,
+  Request,
+  Route,
+  Security,
+  Tags,
+} from "tsoa";
+import { RequestWithUser } from "../interfaces/user";
+import prisma from "../db";
+import { Prisma } from "@prisma/client";
+import { queryOrNot } from "../utils/relation";
+import { notFoundError } from "../utils/error";
+
+type BusinessTypePayload = {
+  name: string;
+  nameEN: string;
+};
+
+@Route("api/v1/business-type")
+@Tags("Business Type")
+export class businessTypeController extends Controller {
+  @Get()
+  @Security("keycloak")
+  async getList(
+    @Request() req: RequestWithUser,
+    @Query() query: string = "",
+    @Query() page: number = 1,
+    @Query() pageSize: number = 30,
+  ) {
+    const where = {
+      OR: queryOrNot<Prisma.BusinessTypeWhereInput[]>(query, [
+        { name: { contains: query, mode: "insensitive" } },
+        { nameEN: { contains: query, mode: "insensitive" } },
+      ]),
+    } satisfies Prisma.BusinessTypeWhereInput;
+
+    const [result, total] = await prisma.$transaction([
+      prisma.businessType.findMany({
+        where,
+        take: pageSize,
+        skip: (page - 1) * pageSize,
+      }),
+      prisma.businessType.count({ where }),
+    ]);
+
+    return { result, page, pageSize, total };
+  }
+
+  @Post()
+  @Security("keycloak")
+  async createBusinessType(@Request() req: RequestWithUser, @Body() body: BusinessTypePayload) {
+    return await prisma.businessType.create({
+      data: {
+        ...body,
+        createdByUserId: req.user.sub,
+        updatedByUserId: req.user.sub,
+      },
+    });
+  }
+
+  @Get(":businessTypeId")
+  @Security("keycloak")
+  async getBusinessTypeById(@Path() businessTypeId: string) {
+    return await prisma.businessType.findUnique({
+      where: { id: businessTypeId },
+    });
+  }
+
+  @Put(":businessTypeId")
+  @Security("keycloak")
+  async updateBusinessType(
+    @Request() req: RequestWithUser,
+    @Path() businessTypeId: string,
+    @Body() body: BusinessTypePayload,
+  ) {
+    return await prisma.$transaction(async (tx) => {
+      const record = await tx.businessType.findUnique({
+        where: { id: businessTypeId },
+      });
+
+      if (!record) throw notFoundError("BusinessType");
+      return await tx.businessType.update({
+        where: { id: businessTypeId },
+        data: {
+          ...body,
+          updatedByUserId: req.user.sub,
+        },
+      });
+    });
+  }
+
+  @Delete(":businessTypeId")
+  @Security("keycloak")
+  async deleteBusinessType(@Path() businessTypeId: string) {
+    return await prisma.$transaction(async (tx) => {
+      const record = await tx.businessType.findUnique({
+        where: { id: businessTypeId },
+      });
+
+      if (!record) throw notFoundError("BusinessType");
+      return await tx.businessType.delete({
+        where: { id: businessTypeId },
+      });
+    });
+  }
+}

src/services/flowaccount.ts

@@ -1,6 +1,10 @@
 import prisma from "../db";
 import config from "../config.json";
 import { CustomerType, PayCondition } from "@prisma/client";
+import { convertTemplate } from "../utils/string-template";
+import { htmlToText } from "html-to-text";
+import { JsonObject } from "@prisma/client/runtime/library";
+import { precisionRound } from "../utils/arithmetic";
 
 if (!process.env.FLOW_ACCOUNT_URL) throw new Error("Require FLOW_ACCOUNT_URL");
 if (!process.env.FLOW_ACCOUNT_CLIENT_ID) throw new Error("Require FLOW_ACCOUNT_CLIENT_ID");
@@ -232,6 +236,29 @@ const flowAccount = {
         installments: true,
         quotation: {
           include: {
+            paySplit: true,
+            worker: {
+              select: {
+                employee: {
+                  select: {
+                    employeePassport: {
+                      select: {
+                        number: true,
+                      },
+                      orderBy: {
+                        expireDate: "desc",
+                      },
+                      take: 1,
+                    },
+                    namePrefix: true,
+                    firstName: true,
+                    lastName: true,
+                    firstNameEN: true,
+                    lastNameEN: true,
+                  },
+                },
+              },
+            },
             registeredBranch: {
               include: {
                 province: true,
@@ -262,19 +289,58 @@ const flowAccount = {
 
     const quotation = data.quotation;
     const customer = quotation.customerBranch;
-    const product =
+
+    const summary = {
+      subTotal: 0,
+      discountAmount: 0,
+      vatableAmount: 0,
+      exemptAmount: 0,
+      vatAmount: 0,
+      grandTotal: 0,
+    };
+
+    const products = (
       quotation.payCondition === PayCondition.BillFull ||
       quotation.payCondition === PayCondition.Full
         ? quotation.productServiceList
         : quotation.productServiceList.filter((lhs) =>
             data.installments.some((rhs) => rhs.no === lhs.installmentNo),
-          );
+          )
+    ).map((v) => {
+      // TODO: Use product's VAT field (not implemented) instead.
+      const VAT_RATE = VAT_DEFAULT;
+
+      summary.subTotal +=
+        precisionRound(v.pricePerUnit * (1 + (v.vat > 0 ? VAT_RATE : 0))) * v.amount;
+      summary.discountAmount += v.discount;
+
+      const total =
+        precisionRound(v.pricePerUnit * (1 + (v.vat > 0 ? VAT_RATE : 0))) * v.amount -
+        (v.discount ?? 0);
+
+      if (v.vat > 0) {
+        summary.vatableAmount += precisionRound(total / (1 + VAT_RATE));
+        summary.vatAmount += v.vat;
+      } else {
+        summary.exemptAmount += total;
+      }
+
+      summary.grandTotal += total;
+
+      return {
+        type: ProductAndServiceType.ProductNonInv,
+        name: v.product.name,
+        pricePerUnit: precisionRound(v.pricePerUnit),
+        quantity: v.amount,
+        discountAmount: v.discount,
+        vatRate: v.vat === 0 ? 0 : Math.round(VAT_RATE * 100),
+        total,
+      };
+    });
+
     const payload = {
       contactCode: customer.code,
-      contactName:
+      contactName: customer.contactName || "-",
-        (customer.customer.customerType === CustomerType.PERS
-          ? [customer.firstName, customer.lastName].join(" ").trim()
-          : customer.registerName) || "-",
       contactAddress: [
         customer.address,
         !!customer.moo ? "หมู่ " + customer.moo : null,
@@ -283,11 +349,10 @@ const flowAccount = {
         (customer.province?.id === "10" ? "แขวง" : "อำเภอ") + customer.subDistrict?.name,
         (customer.province?.id === "10" ? "เขต" : "ตำบล") + customer.district?.name,
         "จังหวัด" + customer.province?.name,
-        customer.subDistrict?.zipCode,
       ]
         .filter(Boolean)
         .join(" "),
-      contactTaxId: customer.citizenId || customer.code,
+      contactTaxId: customer.citizenId || customer.legalPersonNo || "-",
       contactBranch:
         (customer.customer.customerType === CustomerType.PERS
           ? [customer.firstName, customer.lastName].join(" ").trim()
@@ -305,36 +370,35 @@ const flowAccount = {
       isVat: true,
 
       useReceiptDeduction: false,
+      useInlineVat: true,
 
       discounPercentage: 0,
       discountAmount: quotation.totalDiscount,
 
-      subTotal:
+      subTotal: summary.subTotal,
-        quotation.payCondition === "BillSplitCustom" || quotation.payCondition === "SplitCustom"
+      totalAfterDiscount: summary.subTotal - summary.discountAmount,
-          ? 0
+      vatableAmount: summary.vatableAmount,
-          : quotation.totalPrice,
+      exemptAmount: summary.exemptAmount,
-      totalAfterDiscount:
+      vatAmount: summary.vatAmount,
-        quotation.payCondition === "BillSplitCustom" || quotation.payCondition === "SplitCustom"
+      grandTotal: summary.grandTotal,
-          ? 0
-          : quotation.finalPrice,
-      vatAmount:
-        quotation.payCondition === "BillSplitCustom" || quotation.payCondition === "SplitCustom"
-          ? 0
-          : quotation.vat,
-      grandTotal:
-        quotation.payCondition === "BillSplitCustom" || quotation.payCondition === "SplitCustom"
-          ? data.installments.reduce((a, c) => a + c.amount, 0)
-          : quotation.finalPrice,
 
-      items: product.map((v) => ({
+      remarks: htmlToText(
-        type: ProductAndServiceType.ProductNonInv,
+        convertTemplate(quotation.remark ?? "", {
-        name: v.product.name,
+          "quotation-payment": {
-        pricePerUnit: v.pricePerUnit,
+            paymentType: quotation?.payCondition || "Full",
-        quantity: v.amount,
+            amount: quotation.finalPrice,
-        discountAmount: v.discount,
+            installments: quotation?.paySplit,
-        total: (v.pricePerUnit - (v.discount || 0)) * v.amount + v.vat,
+          },
-        vatRate: v.vat === 0 ? 0 : Math.round(VAT_DEFAULT * 100),
+          "quotation-labor": {
-      })),
+            name: quotation.worker.map(
+              (v, i) =>
+                `${i + 1}. ` +
+                `${v.employee.employeePassport.length !== 0 ? v.employee.employeePassport[0].number + "_" : ""}${v.employee.namePrefix}. ${v.employee.firstNameEN ? `${v.employee.firstNameEN} ${v.employee.lastNameEN}` : `${v.employee.firstName} ${v.employee.lastName}`}  `.toUpperCase(),
+            ),
+          },
+        }),
+      ),
+      items: products,
     };
 
     return await flowAccountAPI.createReceipt(payload, false);
@@ -347,6 +411,219 @@ const flowAccount = {
     }
     return null;
   },
+
+  // flowAccount GET Product list
+  async getProducts() {
+    const { token } = await flowAccountAPI.auth();
+
+    const res = await fetch(api + "/products", {
+      method: "GET",
+      headers: {
+        ["Content-Type"]: `application/json`,
+        ["Authorization"]: `Bearer ${token}`,
+      },
+    });
+
+    return {
+      ok: res.ok,
+      status: res.status,
+      body: await res.json(),
+    };
+  },
+
+  // flowAccount GET Product by id
+  async getProductsById(recordId: string) {
+    const { token } = await flowAccountAPI.auth();
+
+    const res = await fetch(api + `/products/${recordId}`, {
+      method: "GET",
+      headers: {
+        ["Content-Type"]: `application/json`,
+        ["Authorization"]: `Bearer ${token}`,
+      },
+    });
+
+    const data = await res.json();
+
+    return {
+      ok: res.ok,
+      status: res.status,
+      list: data.data.list,
+      total: data.data.total,
+    };
+  },
+
+  // flowAccount POST create Product
+  async createProducts(code: string, body: JsonObject) {
+    const { token } = await flowAccountAPI.auth();
+
+    const commonBody = {
+      productStructureType: null,
+      type: 3,
+      name: body.name,
+      sellDescription: body.detail,
+      sellVatType: 3,
+      buyPrice: body.serviceCharge,
+      buyVatType: body.serviceChargeVatIncluded ? 1 : 3,
+      buyDescription: body.detail,
+    };
+
+    const createProduct = async (name: string, price: any, vatIncluded: boolean) => {
+      try {
+        const res = await fetch(`${api}/products`, {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json",
+            Authorization: `Bearer ${token}`,
+          },
+          body: JSON.stringify({
+            ...commonBody,
+            name,
+            sellPrice: price,
+            sellVatType: vatIncluded ? 1 : 3,
+          }),
+        });
+
+        if (!res.ok) throw new Error(`HTTP ${res.status}: Failed to create product`);
+
+        const json = await res.json().catch(() => {
+          throw new Error("Invalid JSON response from FlowAccount API");
+        });
+
+        return json?.data?.list?.[0]?.id ?? null;
+      } catch (err) {
+        console.error("createProduct error:", err);
+        return null;
+      }
+    };
+
+    const deleteProduct = async (id: string) => {
+      try {
+        await fetch(`${api}/products/${id}`, {
+          method: "DELETE",
+          headers: { Authorization: `Bearer ${token}` },
+        });
+      } catch (err) {
+        console.error("Rollback delete failed:", err);
+      }
+    };
+
+    const [sellResult, agentResult] = await Promise.allSettled([
+      createProduct(`${code} ${body.name}`, body.price, /true/.test(`${body.vatIncluded}`)),
+      createProduct(
+        `${code} ${body.name} (ราคาตัวแทน)`,
+        body.agentPrice,
+        /true/.test(`${body.agentPriceVatIncluded}`),
+      ),
+    ]);
+
+    const sellId = sellResult.status === "fulfilled" ? sellResult.value : null;
+    const agentId = agentResult.status === "fulfilled" ? agentResult.value : null;
+
+    // --- validation ---
+    if (!sellId && !agentId) {
+      throw new Error("FlowAccountProductError.BOTH_CREATION_FAILED");
+    }
+    if (!sellId && agentId) {
+      await deleteProduct(agentId);
+      throw new Error("FlowAccountProductError.SELL_PRICE_CREATION_FAILED");
+    }
+    if (sellId && !agentId) {
+      await deleteProduct(sellId);
+      throw new Error("FlowAccountProductError.AGENT_PRICE_CREATION_FAILED");
+    }
+
+    return {
+      ok: true,
+      status: 200,
+      data: {
+        productIdSellPrice: sellId,
+        productIdAgentPrice: agentId,
+      },
+    };
+  },
+
+  // flowAccount PUT edit Product
+  async editProducts(sellPriceId: String, agentPriceId: String, body: JsonObject) {
+    const { token } = await flowAccountAPI.auth();
+
+    const commonBody = {
+      productStructureType: null,
+      type: 3,
+      name: body.name,
+      sellDescription: body.detail,
+      sellVatType: 3,
+      buyPrice: body.serviceCharge,
+      buyVatType: body.serviceChargeVatIncluded ? 1 : 3,
+      buyDescription: body.detail,
+    };
+
+    const editProduct = async (id: String, name: String, price: any, vatIncluded: boolean) => {
+      try {
+        const res = await fetch(api + `/products/${id}`, {
+          method: "PUT",
+          headers: {
+            "Content-Type": "application/json",
+            Authorization: `Bearer ${token}`,
+          },
+          body: JSON.stringify({
+            ...commonBody,
+            name: name,
+            sellPrice: price,
+            sellVatType: vatIncluded ? 1 : 3,
+          }),
+        });
+
+        if (!res.ok) {
+          throw new Error(`Request failed with status ${res.status} ${res}`);
+        }
+
+        let json: any = null;
+        try {
+          json = await res.json();
+        } catch {
+          throw new Error("Response is not valid JSON");
+        }
+
+        return json?.data?.list?.[0]?.id ?? null;
+      } catch (err) {
+        console.error("createProduct error:", err);
+        return null;
+      }
+    };
+
+    await Promise.all([
+      editProduct(
+        sellPriceId,
+        `${body.code} ${body.name}`,
+        body.price,
+        /true/.test(`${body.vatIncluded}`),
+      ),
+      editProduct(
+        agentPriceId,
+        `${body.code} ${body.name} (ราคาตัวแทน)`,
+        body.agentPrice,
+        /true/.test(`${body.agentPriceVatIncluded}`),
+      ),
+    ]);
+  },
+
+  // flowAccount DELETE Product
+  async deleteProduct(recordId: string) {
+    const { token } = await flowAccountAPI.auth();
+
+    const res = await fetch(api + `/products/${recordId}`, {
+      method: "DELETE",
+      headers: {
+        ["Authorization"]: `Bearer ${token}`,
+      },
+    });
+
+    return {
+      ok: res.ok,
+      status: res.status,
+    };
+  },
 };
 
 export default flowAccount;

src/utils/string-template.ts

@@ -0,0 +1,67 @@
+export function formatNumberDecimal(num: number, point: number = 2): string {
+  return (num || 0).toLocaleString("eng", {
+    minimumFractionDigits: point,
+    maximumFractionDigits: point,
+  });
+}
+
+const templates = {
+  "quotation-labor": {
+    converter: (context?: { name: string[] }) => {
+      return context?.name.join("<br />") || "";
+    },
+  },
+  "quotation-payment": {
+    converter: (context?: {
+      paymentType: "Full" | "Split" | "SplitCustom" | "BillFull" | "BillSplit" | "BillSplitCustom";
+
+      amount?: number;
+      installments?: {
+        no: number;
+        amount: number;
+      }[];
+    }) => {
+      if (context?.paymentType === "Full") {
+        return [
+          "**** เงื่อนไขเพิ่มเติม",
+          "- เงื่อนไขการชำระเงิน แบบเต็มจำนวน",
+          `&nbsp; จำนวน ${formatNumberDecimal(context?.amount || 0, 2)}`,
+        ].join("<br/>");
+      } else {
+        return [
+          "**** เงื่อนไขเพิ่มเติม",
+          `- เงื่อนไขการชำระเงิน แบบแบ่งจ่าย${context?.paymentType === "SplitCustom" ? " กำหนดเอง " : " "}${context?.installments?.length} งวด`,
+          ...(context?.installments?.map(
+            (v) => `&nbsp; งวดที่ ${v.no} จำนวน ${formatNumberDecimal(v.amount, 2)}`,
+          ) || []),
+        ].join("<br />");
+      }
+    },
+  },
+} as const;
+
+type Template = typeof templates;
+type TemplateName = keyof Template;
+type TemplateContext = {
+  [key in TemplateName]?: Parameters<Template[key]["converter"]>[0];
+};
+
+export function convertTemplate(
+  text: string,
+  context?: TemplateContext,
+  templateUse?: TemplateName[],
+) {
+  let ret = text;
+
+  for (const [name, template] of Object.entries(templates)) {
+    if (templateUse && !templateUse.includes(name as TemplateName)) continue;
+    ret = ret.replace(
+      new RegExp("\\#\\[" + name.replaceAll("-", "\\-") + "\\]", "g"),
+      typeof template.converter === "function"
+        ? template.converter(context?.[name as TemplateName] as any)
+        : template.converter,
+    );
+  }
+
+  return ret;
+}

src/utils/thailand-area.ts

@@ -62,7 +62,8 @@ export async function initThailandAreaDatabase() {
     return result;
   }
 
-  await prisma.$transaction(async (tx) => {
+  await prisma.$transaction(
+    async (tx) => {
       const meta = {
         createdBy: null,
         createdAt: new Date(),
@@ -140,7 +141,11 @@ export async function initThailandAreaDatabase() {
             .execute();
         }),
       );
-  });
+    },
+    {
+      timeout: 15_000,
+    },
+  );
 
   console.log("[INFO]: Sync thailand province, district and subdistrict, OK.");
 }
@@ -170,7 +175,8 @@ export async function initEmploymentOffice() {
 
   const list = await prisma.province.findMany();
 
-  await prisma.$transaction(async (tx) => {
+  await prisma.$transaction(
+    async (tx) => {
       await Promise.all(
         list
           .map(async (province) => {
@@ -230,7 +236,11 @@ export async function initEmploymentOffice() {
           })
           .flat(),
       );
-  });
+    },
+    {
+      timeout: 15_000,
+    },
+  );
 
   console.log("[INFO]: Sync employment office, OK.");
 }

test/branch.test.ts

@@ -0,0 +1,323 @@
+import { afterAll, beforeAll, describe, expect, it, onTestFailed } from "vitest";
+import { PrismaClient } from "@prisma/client";
+
+import { isDateString } from "./lib";
+
+const prisma = new PrismaClient({
+  datasourceUrl: process.env.TEST_DATABASE_URL || process.env.DATABASE_URL,
+});
+const baseUrl = process.env.TEST_BASE_URL || "http://localhost";
+const record: Record<string, any> = {
+  code: "CMT",
+  taxNo: "1052299402851",
+  name: "Chamomind",
+  nameEN: "Chamomind",
+  email: "contact@chamomind.com",
+  lineId: "@chamomind",
+  telephoneNo: "0988929248",
+  contactName: "John",
+  webUrl: "https://chamomind.com",
+  latitude: "",
+  longitude: "",
+  virtual: false,
+  permitNo: "1135182804792",
+  permitIssueDate: "2025-01-01T00:00:00.000Z",
+  permitExpireDate: "2030-01-01T00:00:00.000Z",
+  address: "11/3",
+  addressEN: "11/3",
+  soi: "1",
+  soiEN: "1",
+  moo: "2",
+  mooEN: "2",
+  street: "Straight",
+  streetEN: "Straight",
+  provinceId: "50",
+  districtId: "5001",
+  subDistrictId: "500107",
+};
+const recordList: Record<string, any>[] = [];
+
+let token: string;
+
+beforeAll(async () => {
+  const body = new URLSearchParams();
+
+  body.append("grant_type", "password");
+  body.append("client_id", "app");
+  body.append("username", process.env.TEST_USERNAME || "");
+  body.append("password", process.env.TEST_PASSWORD || "");
+  body.append("scope", "openid");
+
+  const res = await fetch(
+    process.env.KC_URL + "/realms/" + process.env.KC_REALM + "/protocol/openid-connect/token",
+    {
+      method: "POST",
+      body: body,
+    },
+  );
+
+  expect(res.ok).toBe(true);
+
+  await res.json().then((data) => {
+    token = data["access_token"];
+  });
+});
+
+afterAll(async () => {
+  if (!record["id"]) return;
+
+  await prisma.branch.deleteMany({
+    where: { id: { in: [record, ...recordList].map((v) => v["id"]) } },
+  });
+  await prisma.runningNo.deleteMany({
+    where: {
+      key: { in: [record, ...recordList].map((v) => `MAIN_BRANCH_${v["code"].slice(0, -5)}`) },
+    },
+  });
+});
+
+describe("branch management", () => {
+  it("create branch without required fields", async () => {
+    const requiredFields = [
+      "taxNo",
+      "name",
+      "nameEN",
+      "permitNo",
+      "telephoneNo",
+      "address",
+      "addressEN",
+      "email",
+    ];
+    onTestFailed(() => console.log("Field:", requiredFields, "is required."));
+
+    for await (const field of requiredFields) {
+      const res = await fetch(baseUrl + "/api/v1/branch", {
+        method: "POST",
+        headers: {
+          ["Content-Type"]: "application/json",
+          ["Authorization"]: "Bearer " + token,
+        },
+        body: JSON.stringify({ ...record, [field]: undefined }),
+      });
+
+      if (res.ok) recordList.push(await res.json());
+
+      expect(res.ok).toBe(false);
+      expect(res.status).toBe(400);
+    }
+  });
+
+  it("create branch", async () => {
+    const res = await fetch(baseUrl + "/api/v1/branch", {
+      method: "POST",
+      headers: {
+        ["Content-Type"]: "application/json",
+        ["Authorization"]: "Bearer " + token,
+      },
+      body: JSON.stringify(record),
+    });
+    if (!res.ok) {
+      const text = await res.text();
+      try {
+        console.log(JSON.parse(text));
+      } catch (e) {
+        console.log(text);
+      }
+    }
+
+    expect(res.ok).toBe(true);
+
+    const data = await res.json();
+
+    record["id"] = data["id"]; // This field is auto generated
+    record["code"] = data["code"]; // This field is auto generated
+
+    recordList.push(data);
+
+    expect(data).toMatchObject(record);
+  });
+
+  it("get branch list", async () => {
+    const res = await fetch(baseUrl + "/api/v1/branch", {
+      method: "GET",
+      headers: {
+        ["Authorization"]: "Bearer " + token,
+      },
+    });
+    if (!res.ok) {
+      const text = await res.text();
+      try {
+        console.log(JSON.parse(text));
+      } catch (e) {
+        console.log(text);
+      }
+    }
+
+    expect(res.ok).toBe(true);
+
+    const data = await res.json();
+
+    expect(data).toHaveProperty("result");
+    expect(data).toHaveProperty("total");
+    expect(data).toHaveProperty("page");
+    expect(data).toHaveProperty("pageSize");
+    expect(data.result).toEqual(
+      expect.arrayContaining([
+        expect.objectContaining({
+          id: expect.any(String),
+          code: expect.any(String),
+          virtual: expect.any(Boolean),
+          name: expect.any(String),
+          nameEN: expect.any(String),
+          email: expect.any(String),
+          taxNo: expect.any(String),
+          telephoneNo: expect.any(String),
+          latitude: expect.any(String),
+          longitude: expect.any(String),
+          contactName: expect.toBeOneOf([expect.any(String), null]),
+          lineId: expect.toBeOneOf([expect.any(String), null]),
+          webUrl: expect.toBeOneOf([expect.any(String), null]),
+          remark: expect.toBeOneOf([expect.any(String), null]),
+          selectedImage: expect.toBeOneOf([expect.any(String), null]),
+
+          isHeadOffice: expect.any(Boolean),
+
+          permitNo: expect.any(String),
+          permitIssueDate: expect.toSatisfy(isDateString(true)),
+          permitExpireDate: expect.toSatisfy(isDateString(true)),
+
+          address: expect.any(String),
+          addressEN: expect.any(String),
+          moo: expect.toBeOneOf([expect.any(String), null]),
+          mooEN: expect.toBeOneOf([expect.any(String), null]),
+          street: expect.toBeOneOf([expect.any(String), null]),
+          streetEN: expect.toBeOneOf([expect.any(String), null]),
+          provinceId: expect.any(String),
+          province: expect.objectContaining({
+            id: expect.any(String),
+            name: expect.any(String),
+            nameEN: expect.any(String),
+          }),
+          districtId: expect.any(String),
+          district: expect.objectContaining({
+            id: expect.any(String),
+            name: expect.any(String),
+            nameEN: expect.any(String),
+          }),
+          subDistrictId: expect.any(String),
+          subDistrict: expect.objectContaining({
+            id: expect.any(String),
+            name: expect.any(String),
+            nameEN: expect.any(String),
+            zipCode: expect.any(String),
+          }),
+
+          status: expect.toBeOneOf(["CREATED", "ACTIVE", "INACTIVE"]),
+          statusOrder: expect.toBeOneOf([1, 0]),
+
+          createdAt: expect.toSatisfy(isDateString()),
+          createdByUserId: expect.toBeOneOf([expect.any(String), null]),
+          createdBy: expect.objectContaining({
+            id: expect.any(String),
+            username: expect.any(String),
+            firstName: expect.any(String),
+            lastName: expect.any(String),
+            firstNameEN: expect.any(String),
+            lastNameEN: expect.any(String),
+          }),
+          updatedAt: expect.toSatisfy(isDateString()),
+          updatedByUserId: expect.toBeOneOf([expect.any(String), null]),
+          updatedBy: expect.objectContaining({
+            id: expect.any(String),
+            username: expect.any(String),
+            firstName: expect.any(String),
+            lastName: expect.any(String),
+            firstNameEN: expect.any(String),
+            lastNameEN: expect.any(String),
+          }),
+
+          _count: expect.objectContaining({
+            branch: expect.any(Number),
+          }),
+        }),
+      ]),
+    );
+  });
+
+  it("get branch by id", async () => {
+    const res = await fetch(baseUrl + "/api/v1/branch/" + record["id"], {
+      method: "GET",
+      headers: {
+        ["Authorization"]: "Bearer " + token,
+      },
+    });
+    if (!res.ok) {
+      const text = await res.text();
+      try {
+        console.log(JSON.parse(text));
+      } catch (e) {
+        console.log(text);
+      }
+    }
+
+    expect(res.ok).toBe(true);
+
+    const data = await res.json();
+
+    expect(data).toMatchObject(record);
+  });
+
+  it("update branch by id", async () => {
+    const res = await fetch(baseUrl + "/api/v1/branch/" + record["id"], {
+      method: "PUT",
+      headers: {
+        ["Content-Type"]: "application/json",
+        ["Authorization"]: "Bearer " + token,
+      },
+      body: JSON.stringify({ name: "Chamomind Intl.", nameEN: "Chamomind Intl." }),
+    });
+
+    record["name"] = "Chamomind Intl.";
+    record["nameEN"] = "Chamomind Intl.";
+
+    expect(res.ok).toBe(true);
+
+    const data = await res.json();
+
+    expect(data).toMatchObject(record);
+  });
+
+  it("delete branch by id", async () => {
+    const res = await fetch(baseUrl + "/api/v1/branch/" + record["id"], {
+      method: "DELETE",
+      headers: {
+        ["Content-Type"]: "application/json",
+        ["Authorization"]: "Bearer " + token,
+      },
+    });
+    if (!res.ok) {
+      const text = await res.text();
+      try {
+        console.log(JSON.parse(text));
+      } catch (e) {
+        console.log(text);
+      }
+    }
+    expect(res.ok).toBe(true);
+
+    const data = await res.json();
+
+    expect(data).toMatchObject(record);
+  });
+
+  it("get deleted branch by id", async () => {
+    const res = await fetch(baseUrl + "/api/v1/branch/" + record["id"], {
+      method: "GET",
+      headers: {
+        ["Authorization"]: "Bearer " + token,
+      },
+    });
+
+    expect(res.ok).toBe(false);
+  });
+});

test/lib/index.ts

@@ -0,0 +1,10 @@
+export function isDateString(nullable: boolean = false): (val: any) => boolean {
+  return (value: any) => {
+    try {
+      if (value) return !!new Date(value);
+      return nullable;
+    } catch (_) {
+      return false;
+    }
+  };
+}

vite.config.ts

@@ -0,0 +1,5 @@
+import { defineConfig } from "vitest/config";
+
+export default defineConfig({
+  test: {},
+});