chamomind/jws-backend
chamomind/jws-backend
7
0
Fork 0
Code Issues Projects 1 Releases Packages 1 Wiki Activity Actions
jws-backend/src/controllers/01-branch-controller.ts
Methapon Metanipat ad26a551f0 fix: missing auth
2024-09-06 13:23:33 +07:00

972 lines
27 KiB
TypeScript
Raw Blame History

import { Prisma, Status, UserType } from "@prisma/client";
import {
Body,
Controller,
Delete,
Get,
Put,
Path,
Post,
Query,
Request,
Route,
Security,
Tags,
} from "tsoa";
import prisma from "../db";
import HttpError from "../interfaces/http-error";
import HttpStatus from "../interfaces/http-status";
import { RequestWithUser } from "../interfaces/user";
import minio, { presignedGetObjectIfExist } from "../services/minio";
import { isSystem } from "../utils/keycloak";
import { deleteFile, fileLocation } from "../utils/minio";
if (!process.env.MINIO_BUCKET) {
throw Error("Require MinIO bucket.");
}
const MINIO_BUCKET = process.env.MINIO_BUCKET;
const MANAGE_ROLES = ["system", "head_of_admin"];
function globalAllow(user: RequestWithUser["user"]) {
return MANAGE_ROLES.some((v) => user.roles?.includes(v));
}
type BranchCreate = {
status?: Status;
code: string;
taxNo: string;
nameEN: string;
name: string;
addressEN: string;
address: string;
zipCode: string;
email: string;
contactName?: string | null;
webUrl?: string | null;
contact?: string | string[] | null;
telephoneNo: string;
lineId?: string | null;
longitude: string;
latitude: string;
virtual?: boolean;
bank?: {
bankName: string;
bankBranch: string;
accountName: string;
accountNumber: string;
accountType: string;
currentlyUse: boolean;
}[];
subDistrictId?: string | null;
districtId?: string | null;
provinceId?: string | null;
headOfficeId?: string | null;
};
type BranchUpdate = {
status?: "ACTIVE" | "INACTIVE";
taxNo?: string;
nameEN?: string;
name?: string;
addressEN?: string;
address?: string;
zipCode?: string;
email?: string;
telephoneNo?: string;
contactName?: string;
webUrl?: string | null;
contact?: string | string[] | null;
lineId?: string;
longitude?: string;
latitude?: string;
virtual?: boolean;
subDistrictId?: string | null;
districtId?: string | null;
provinceId?: string | null;
headOfficeId?: string | null;
bank?: {
id?: string;
bankName: string;
bankBranch: string;
accountName: string;
accountNumber: string;
accountType: string;
currentlyUse: boolean;
}[];
};
@Route("api/v1/branch")
@Tags("Branch")
export class BranchController extends Controller {
@Get("stats")
@Security("keycloak")
async getStats(@Request() req: RequestWithUser, @Query() headOfficeId?: string) {
const where = {
AND: isSystem(req.user)
? undefined
: [
{
user: { some: { userId: req.user.sub } },
},
{
headOffice: globalAllow(req.user)
? { user: { some: { userId: req.user.sub } } }
: undefined,
},
],
};
const [hq, br, virtual] = await prisma.$transaction([
prisma.branch.count({
where: {
id: headOfficeId ? headOfficeId : undefined,
headOfficeId: null,
...where,
},
}),
prisma.branch.count({
where: {
headOfficeId: headOfficeId ? headOfficeId : { not: null },
virtual: false,
...where,
},
}),
prisma.branch.count({
where: {
headOfficeId: headOfficeId ? headOfficeId : { not: null },
virtual: true,
...where,
},
}),
]);
return { hq, br, virtual };
}
@Get("user-stats")
@Security("keycloak")
async getUserStat(@Request() req: RequestWithUser, @Query() userType?: UserType) {
const list = await prisma.branchUser.groupBy({
_count: true,
where: {
userId: !MANAGE_ROLES.some((v) => req.user.roles?.includes(v)) ? req.user.sub : undefined,
user: {
userType,
},
},
by: "branchId",
});
const record = await prisma.branch.findMany({
where: {
user: !MANAGE_ROLES.some((v) => req.user.roles?.includes(v))
? { some: { userId: req.user.sub } }
: undefined,
},
select: {
id: true,
headOfficeId: true,
isHeadOffice: true,
nameEN: true,
name: true,
},
orderBy: [{ isHeadOffice: "desc" }, { createdAt: "asc" }],
});
const sort = record.reduce<(typeof record)[]>((acc, curr) => {
for (const i of acc) {
if (i[0].id === curr.headOfficeId) {
i.push(curr);
return acc;
}
}
acc.push([curr]);
return acc;
}, []);
return sort.flat().map((a) =>
Object.assign(a, {
count: list.find((b) => b.branchId === a.id)?._count ?? 0,
}),
);
}
@Get()
@Security("keycloak")
async getBranch(
@Request() req: RequestWithUser,
@Query() zipCode?: string,
@Query() filter?: "head" | "sub",
@Query() headOfficeId?: string,
@Query() includeHead?: boolean,
@Query() tree?: boolean,
@Query() query: string = "",
@Query() page: number = 1,
@Query() pageSize: number = 30,
) {
const where = {
AND: {
zipCode,
headOfficeId: headOfficeId ?? (filter === "head" || tree ? null : undefined),
NOT: { headOfficeId: filter === "sub" && !headOfficeId ? null : undefined },
OR: isSystem(req.user)
? undefined
: [
{
user: { some: { userId: req.user.sub } },
},
{
headOffice: globalAllow(req.user)
? { user: { some: { userId: req.user.sub } } }
: undefined,
},
],
},
OR: [
{ nameEN: { contains: query } },
{ name: { contains: query } },
{ email: { contains: query } },
{ telephoneNo: { contains: query } },
],
} satisfies Prisma.BranchWhereInput;
const [result, total] = await prisma.$transaction([
prisma.branch.findMany({
orderBy: [{ statusOrder: "asc" }, { createdAt: "asc" }],
include: {
province: true,
district: true,
subDistrict: true,
contact: true,
headOffice: includeHead
? {
include: {
province: true,
district: true,
subDistrict: true,
},
}
: false,
branch: tree
? {
include: {
province: true,
district: true,
subDistrict: true,
},
}
: false,
bank: true,
_count: {
select: { branch: true },
},
createdBy: true,
updatedBy: true,
},
where,
take: pageSize,
skip: (page - 1) * pageSize,
}),
prisma.branch.count({ where }),
]);
return { result, page, pageSize, total };
}
@Get("{branchId}")
@Security("keycloak")
async getBranchById(
@Path() branchId: string,
@Query() includeSubBranch?: boolean,
@Query() includeContact?: boolean,
) {
const record = await prisma.branch.findFirst({
include: {
province: true,
district: true,
subDistrict: true,
createdBy: true,
updatedBy: true,
branch: includeSubBranch && {
include: {
province: true,
district: true,
subDistrict: true,
},
},
bank: true,
contact: includeContact,
},
where: { id: branchId },
});
if (!record) {
throw new HttpError(HttpStatus.NOT_FOUND, "Branch cannot be found.", "branchNotFound");
}
return record;
}
@Post()
@Security("keycloak", MANAGE_ROLES)
async createBranch(@Request() req: RequestWithUser, @Body() body: BranchCreate) {
const [province, district, subDistrict, head] = await prisma.$transaction([
prisma.province.findFirst({ where: { id: body.provinceId || undefined } }),
prisma.district.findFirst({ where: { id: body.districtId || undefined } }),
prisma.subDistrict.findFirst({ where: { id: body.subDistrictId || undefined } }),
prisma.branch.findFirst({ where: { id: body.headOfficeId || undefined } }),
]);
if (body.provinceId && !province)
throw new HttpError(
HttpStatus.BAD_REQUEST,
"Province cannot be found.",
"relationProvinceNotFound",
);
if (body.districtId && !district)
throw new HttpError(
HttpStatus.BAD_REQUEST,
"District cannot be found.",
"relationDistrictNotFound",
);
if (body.subDistrictId && !subDistrict)
throw new HttpError(
HttpStatus.BAD_REQUEST,
"Sub-district cannot be found.",
"relationSubDistrictNotFound",
);
if (body.headOfficeId && !head)
throw new HttpError(
HttpStatus.BAD_REQUEST,
"Headquaters cannot be found.",
"relationHQNotFound",
);
const { provinceId, districtId, subDistrictId, headOfficeId, bank, contact, code, ...rest } =
body;
if (headOfficeId && head && head.code.slice(0, -5) !== code) {
throw new HttpError(
HttpStatus.BAD_REQUEST,
"Headoffice code not match with branch code",
"codeMismatch",
);
}
const record = await prisma.$transaction(
async (tx) => {
const last = await tx.runningNo.upsert({
where: {
key: `MAIN_BRANCH_${code.toLocaleUpperCase()}`,
},
create: {
key: `MAIN_BRANCH_${code.toLocaleUpperCase()}`,
value: 1,
},
update: { value: { increment: 1 } },
});
if (last.value === 1) {
const exist = await tx.branch.findFirst({
where: { code: `${code?.toLocaleUpperCase()}${`${last.value - 1}`.padStart(5, "0")}` },
});
if (exist)
throw new HttpError(
HttpStatus.BAD_REQUEST,
"Branch with same code already exists.",
"sameBranchCodeExists",
);
}
if (last.value !== 1 && !headOfficeId) {
throw new HttpError(
HttpStatus.BAD_REQUEST,
"Branch with same code already exists.",
"sameBranchCodeExists",
);
}
return await tx.branch.create({
include: {
province: true,
district: true,
subDistrict: true,
contact: true,
bank: true,
createdBy: true,
updatedBy: true,
},
data: {
...rest,
statusOrder: +(rest.status === "INACTIVE"),
code: `${code?.toLocaleUpperCase()}${`${last.value - 1}`.padStart(5, "0")}`,
bank: bank ? { createMany: { data: bank } } : undefined,
isHeadOffice: !headOfficeId,
contact: {
create: (typeof contact === "string" ? [contact] : contact)?.map((v) => ({
telephoneNo: v,
})),
},
province: { connect: provinceId ? { id: provinceId } : undefined },
district: { connect: districtId ? { id: districtId } : undefined },
subDistrict: { connect: subDistrictId ? { id: subDistrictId } : undefined },
headOffice: { connect: headOfficeId ? { id: headOfficeId } : undefined },
createdBy: { connect: { id: req.user.sub } },
updatedBy: { connect: { id: req.user.sub } },
},
});
},
{ isolationLevel: Prisma.TransactionIsolationLevel.Serializable },
);
if (headOfficeId) {
await prisma.branch.updateMany({
where: { id: headOfficeId, status: Status.CREATED },
data: { status: Status.ACTIVE },
});
}
this.setStatus(HttpStatus.CREATED);
return record;
}
@Put("{branchId}")
@Security("keycloak", MANAGE_ROLES.concat("admin", "branch_manager"))
async editBranch(
@Request() req: RequestWithUser,
@Body() body: BranchUpdate,
@Path() branchId: string,
) {
if (body.headOfficeId === branchId)
throw new HttpError(
HttpStatus.BAD_REQUEST,
"Cannot make this as headquaters and branch at the same time.",
"cantMakeHQAndBranchSameTime",
);
if (body.subDistrictId || body.districtId || body.provinceId || body.headOfficeId) {
const [province, district, subDistrict, branch] = await prisma.$transaction([
prisma.province.findFirst({ where: { id: body.provinceId || undefined } }),
prisma.district.findFirst({ where: { id: body.districtId || undefined } }),
prisma.subDistrict.findFirst({ where: { id: body.subDistrictId || undefined } }),
prisma.branch.findFirst({ where: { id: body.headOfficeId || undefined } }),
]);
if (body.provinceId && !province)
throw new HttpError(
HttpStatus.BAD_REQUEST,
"Province cannot be found.",
"relationProvinceNotFound",
);
if (body.districtId && !district)
throw new HttpError(
HttpStatus.BAD_REQUEST,
"District cannot be found.",
"relationDistrictNotFound",
);
if (body.subDistrictId && !subDistrict)
throw new HttpError(
HttpStatus.BAD_REQUEST,
"Sub-district cannot be found.",
"relationSubDistrictNotFound",
);
if (body.headOfficeId && !branch)
throw new HttpError(
HttpStatus.BAD_REQUEST,
"Headquaters cannot be found.",
"relationHQNotFound",
);
}
const { provinceId, districtId, subDistrictId, headOfficeId, bank, contact, ...rest } = body;
const branch = await prisma.branch.findUnique({
include: {
user: { where: { userId: req.user.sub } },
},
where: { id: branchId },
});
if (!branch) {
throw new HttpError(HttpStatus.NOT_FOUND, "Branch cannot be found.", "branchNotFound");
}
if (
!MANAGE_ROLES.some((v) => req.user.roles?.includes(v)) &&
!branch?.user.find((v) => v.userId === req.user.sub)
) {
throw new HttpError(
HttpStatus.FORBIDDEN,
"You do not have permission to perform this action.",
"noPermission",
);
}
return await prisma.$transaction(async (tx) => {
const listDeleted = bank
? await tx.branchBank.findMany({
where: { id: { not: { in: bank.flatMap((v) => (!!v.id ? v.id : [])) } }, branchId },
})
: [];
await minio.removeObjects(
MINIO_BUCKET,
listDeleted.map((v) => fileLocation.branch.bank(v.branchId, v.id)),
);
return await prisma.branch.update({
include: {
province: true,
district: true,
subDistrict: true,
contact: true,
bank: true,
createdBy: true,
updatedBy: true,
},
data: {
...rest,
statusOrder: +(rest.status === "INACTIVE"),
isHeadOffice: headOfficeId !== undefined ? headOfficeId === null : undefined,
bank: bank
? {
deleteMany:
listDeleted.length > 0 ? { id: { in: listDeleted.map((v) => v.id) } } : undefined,
upsert: bank.map((v) => ({
where: { id: v.id || "" },
create: { ...v, id: undefined },
update: v,
})),
}
: undefined,
province: {
connect: provinceId ? { id: provinceId } : undefined,
disconnect: provinceId === null || undefined,
},
district: {
connect: districtId ? { id: districtId } : undefined,
disconnect: districtId === null || undefined,
},
subDistrict: {
connect: subDistrictId ? { id: subDistrictId } : undefined,
disconnect: subDistrictId === null || undefined,
},
headOffice: {
connect: headOfficeId ? { id: headOfficeId } : undefined,
disconnect: headOfficeId === null || undefined,
},
contact: contact
? {
deleteMany: {},
create: (typeof contact === "string" ? [contact] : contact)?.map((v) => ({
telephoneNo: v,
})),
}
: undefined,
updatedBy: { connect: { id: req.user.sub } },
},
where: { id: branchId },
});
});
}
@Delete("{branchId}")
@Security("keycloak", MANAGE_ROLES)
async deleteBranch(@Request() req: RequestWithUser, @Path() branchId: string) {
const record = await prisma.branch.findFirst({
include: {
province: true,
district: true,
subDistrict: true,
createdBy: true,
updatedBy: true,
user: { where: { userId: req.user.sub } },
},
where: { id: branchId },
});
if (!MANAGE_ROLES.some((v) => req.user.roles?.includes(v))) {
if (
record?.createdByUserId !== req.user.sub &&
!record?.user.find((v) => v.userId === req.user.sub)
) {
throw new HttpError(
HttpStatus.FORBIDDEN,
"You do not have permission to perform this action.",
"noPermission",
);
}
}
if (!record) {
throw new HttpError(HttpStatus.NOT_FOUND, "Branch cannot be found.", "branchNotFound");
}
if (record.status !== Status.CREATED) {
throw new HttpError(HttpStatus.FORBIDDEN, "Branch is in used.", "branchInUsed");
}
return await prisma.$transaction(async (tx) => {
const data = await tx.branch.delete({
include: {
province: true,
district: true,
subDistrict: true,
contact: true,
bank: true,
createdBy: true,
updatedBy: true,
},
where: { id: branchId },
});
if (record.isHeadOffice) {
await tx.runningNo.delete({
where: {
key: `MAIN_BRANCH_${record.code.slice(0, -5)}`,
},
});
}
await Promise.all([
minio.removeObject(MINIO_BUCKET, fileLocation.branch.line(branchId), {
forceDelete: true,
}),
minio.removeObject(MINIO_BUCKET, fileLocation.branch.image(branchId), {
forceDelete: true,
}),
minio.removeObject(MINIO_BUCKET, fileLocation.branch.map(branchId), {
forceDelete: true,
}),
...data.bank.map(async (v) => {
await minio.removeObject(MINIO_BUCKET, fileLocation.branch.bank(branchId, v.id), {
forceDelete: true,
});
}),
]);
return data;
});
}
@Get("{branchId}/line-image")
async getLineImageByBranchId(@Request() req: RequestWithUser, @Path() branchId: string) {
const url = await presignedGetObjectIfExist(
MINIO_BUCKET,
fileLocation.branch.line(branchId),
60 * 60,
);
if (!url) {
throw new HttpError(HttpStatus.NOT_FOUND, "Image cannot be found", "imageNotFound");
}
return req.res?.redirect(url);
}
@Put("{branchId}/line-image")
@Security("keycloak", MANAGE_ROLES.concat("admin", "branch_manager"))
async setLineImageByBranchId(@Request() req: RequestWithUser, @Path() branchId: string) {
const record = await prisma.branch.findUnique({
include: {
user: { where: { userId: req.user.sub } },
},
where: { id: branchId },
});
if (!record) {
throw new HttpError(HttpStatus.NOT_FOUND, "Branch cannot be found.", "branchNotFound");
}
if (!globalAllow(req.user) && !record?.user.find((v) => v.userId === req.user.sub)) {
throw new HttpError(
HttpStatus.FORBIDDEN,
"You do not have permission to perform this action.",
"noPermission",
);
}
return req.res?.redirect(
await minio.presignedPutObject(
MINIO_BUCKET,
fileLocation.branch.line(record.id),
12 * 60 * 60,
),
);
}
@Delete("{branchId}/line-image")
@Security("keycloak", MANAGE_ROLES.concat("admin", "branch_manager"))
async deleteLineImage(@Request() req: RequestWithUser, @Path() branchId: string) {
const record = await prisma.branch.findUnique({
include: {
user: { where: { userId: req.user.sub } },
},
where: {
id: branchId,
},
});
if (!record) {
throw new HttpError(HttpStatus.NOT_FOUND, "Branch cannot be found.", "branchNotFound");
}
if (!globalAllow(req.user) && !record?.user.find((v) => v.userId === req.user.sub)) {
throw new HttpError(
HttpStatus.FORBIDDEN,
"You do not have permission to perform this action.",
"noPermission",
);
}
await deleteFile(fileLocation.branch.line(branchId));
}
@Get("{branchId}/branch-image")
async getBranchImageByBranchId(@Request() req: RequestWithUser, @Path() branchId: string) {
const url = await presignedGetObjectIfExist(
MINIO_BUCKET,
fileLocation.branch.image(branchId),
60 * 60,
);
if (!url) {
throw new HttpError(HttpStatus.NOT_FOUND, "Image cannot be found", "imageNotFound");
}
return req.res?.redirect(url);
}
@Put("{branchId}/branch-image")
@Security("keycloak", MANAGE_ROLES.concat("admin", "branch_manager"))
async setBranchImageByBranchId(@Request() req: RequestWithUser, @Path() branchId: string) {
const record = await prisma.branch.findUnique({
include: {
user: { where: { userId: req.user.sub } },
},
where: { id: branchId },
});
if (!record) {
throw new HttpError(HttpStatus.NOT_FOUND, "Branch cannot be found.", "branchNotFound");
}
if (!globalAllow(req.user) && !record?.user.find((v) => v.userId === req.user.sub)) {
throw new HttpError(
HttpStatus.FORBIDDEN,
"You do not have permission to perform this action.",
"noPermission",
);
}
return req.res?.redirect(
await minio.presignedPutObject(
MINIO_BUCKET,
fileLocation.branch.image(record.id),
12 * 60 * 60,
),
);
}
@Delete("{branchId}/branch-image")
@Security("keycloak", MANAGE_ROLES.concat("admin", "branch_manager"))
async deleteBranchImage(@Request() req: RequestWithUser, @Path() branchId: string) {
const record = await prisma.branch.findUnique({
include: {
user: { where: { userId: req.user.sub } },
},
where: {
id: branchId,
},
});
if (!record) {
throw new HttpError(HttpStatus.NOT_FOUND, "Branch cannot be found.", "branchNotFound");
}
if (!globalAllow(req.user) && !record?.user.find((v) => v.userId === req.user.sub)) {
throw new HttpError(
HttpStatus.FORBIDDEN,
"You do not have permission to perform this action.",
"noPermission",
);
}
await deleteFile(fileLocation.branch.image(branchId));
}
@Get("{branchId}/map-image")
async getMapImageByBranchId(@Request() req: RequestWithUser, @Path() branchId: string) {
const url = await presignedGetObjectIfExist(
MINIO_BUCKET,
fileLocation.branch.image(branchId),
60 * 60,
);
if (!url) {
throw new HttpError(HttpStatus.NOT_FOUND, "Image cannot be found", "imageNotFound");
}
return req.res?.redirect(url);
}
@Put("{branchId}/map-image")
@Security("keycloak", MANAGE_ROLES.concat("admin", "branch_manager"))
async setMapImageByBranchId(@Request() req: RequestWithUser, @Path() branchId: string) {
const record = await prisma.branch.findUnique({
include: {
user: { where: { userId: req.user.sub } },
},
where: { id: branchId },
});
if (!record) {
throw new HttpError(HttpStatus.NOT_FOUND, "Branch cannot be found.", "branchNotFound");
}
if (!globalAllow(req.user) && !record?.user.find((v) => v.userId === req.user.sub)) {
throw new HttpError(
HttpStatus.FORBIDDEN,
"You do not have permission to perform this action.",
"noPermission",
);
}
return req.res?.redirect(
await minio.presignedPutObject(
MINIO_BUCKET,
fileLocation.branch.map(record.id),
12 * 60 * 60,
),
);
}
@Delete("{branchId}/map-image")
@Security("keycloak", MANAGE_ROLES.concat("admin", "branch_manager"))
async deleteMapImage(@Request() req: RequestWithUser, @Path() branchId: string) {
const record = await prisma.branch.findUnique({
include: {
user: { where: { userId: req.user.sub } },
},
where: {
id: branchId,
},
});
if (!record) {
throw new HttpError(HttpStatus.NOT_FOUND, "Branch cannot be found.", "branchNotFound");
}
if (!globalAllow(req.user) && !record?.user.find((v) => v.userId === req.user.sub)) {
throw new HttpError(
HttpStatus.FORBIDDEN,
"You do not have permission to perform this action.",
"noPermission",
);
}
await deleteFile(fileLocation.branch.map(branchId));
}
@Get("{branchId}/bank-qr/{bankId}")
async getBankQRByBranchIdAndBankId(
@Request() req: RequestWithUser,
@Path() branchId: string,
@Path() bankId: string,
) {
const url = await presignedGetObjectIfExist(
MINIO_BUCKET,
fileLocation.branch.bank(branchId, bankId),
60 * 60,
);
if (!url) {
throw new HttpError(HttpStatus.NOT_FOUND, "Image cannot be found", "imageNotFound");
}
return req.res?.redirect(url);
}
@Put("{branchId}/bank-qr/{bankId}")
@Security("keycloak", MANAGE_ROLES.concat("admin", "branch_manager"))
async setBankQRByBranchIdAndBankId(
@Request() req: RequestWithUser,
@Path() branchId: string,
@Path() bankId: string,
) {
const record = await prisma.branch.findUnique({
include: {
user: { where: { userId: req.user.sub } },
},
where: {
id: branchId,
bank: { some: { id: bankId } },
},
});
if (!record) {
throw new HttpError(
HttpStatus.NOT_FOUND,
"Branch Bank cannot be found.",
"branchBankNotFound",
);
}
if (!globalAllow(req.user) && !record?.user.find((v) => v.userId === req.user.sub)) {
throw new HttpError(
HttpStatus.FORBIDDEN,
"You do not have permission to perform this action.",
"noPermission",
);
}
return req.res?.redirect(
await minio.presignedPutObject(
MINIO_BUCKET,
fileLocation.branch.bank(branchId, bankId),
12 * 60 * 60,
),
);
}
@Delete("{branchId}/bank-qr/{bankId}")
@Security("keycloak", MANAGE_ROLES.concat("admin", "branch_manager"))
async deleteImage(
@Request() req: RequestWithUser,
@Path() branchId: string,
@Path() bankId: string,
) {
const record = await prisma.branch.findUnique({
include: {
user: { where: { userId: req.user.sub } },
},
where: {
id: branchId,
bank: { some: { id: bankId } },
},
});
if (!record) {
throw new HttpError(
HttpStatus.NOT_FOUND,
"Branch Bank cannot be found.",
"branchBankNotFound",
);
}
if (!globalAllow(req.user) && !record?.user.find((v) => v.userId === req.user.sub)) {
throw new HttpError(
HttpStatus.FORBIDDEN,
"You do not have permission to perform this action.",
"noPermission",
);
}
await deleteFile(fileLocation.branch.bank(branchId, bankId));
}
}
Reference in a new issue View git blame Copy permalink