refactor: replace role-based access checks with canAccess utility in menu components

2025-07-02 14:58:44 +07:00 · 2025-07-02 14:58:44 +07:00 · 8799799214
commit 8799799214
parent 57660d7991
4 changed files with 131 additions and 111 deletions
--- a/src/stores/utils/index.ts
+++ b/src/stores/utils/index.ts
@ -221,11 +221,90 @@ export function checkTabBeforeAdd(data: unknown[], except?: string[]) {

 export function isRoleInclude(role2check: string[]): boolean {
  const roles = getRole() ?? [];
-  const isIncluded = role2check.some((r) => roles.includes(r));
+  const filterRole = roles.filter(
+    (role: string) =>
+      role !== 'offline_access' &&
+      role !== 'uma_authorization' &&
+      !role.startsWith('default-roles'),
+  );
+  const isIncluded = role2check.some((r) => filterRole.includes(r));

  return isIncluded;
 }

+export function canAccess(
+  menu: string,
+  action: 'edit' | 'view' = 'view',
+): boolean {
+  // uma_authorization = all roles
+  const allRoles = [
+    'head_of_admin',
+    'admin',
+    'executive',
+    'accountant',
+    'branch_admin',
+    'branch_manager',
+    'branch_accountant',
+    'head_of_sale',
+    'sale',
+    'data_entry',
+    'document_checker',
+    'messenger',
+    'corporate_customer',
+    'agency',
+  ];
+
+  const permissions = {
+    branch: {
+      edit: allRoles.slice(0, 7),
+      view: allRoles.slice(0, 7),
+    },
+    personnel: {
+      edit: allRoles.slice(0, 6).filter((r) => r !== 'accountant'),
+      view: allRoles.slice(0, 6).filter((r) => r !== 'accountant'),
+    },
+    product: {
+      edit: allRoles.slice(0, 7),
+      view: allRoles,
+    },
+    workflow: {
+      edit: allRoles.slice(0, 6),
+      view: allRoles.filter((r) => r !== 'branch_accountant'),
+    },
+    customer: {
+      edit: allRoles.slice(0, 6),
+      view: allRoles.slice(0, 8),
+    },
+    agencies: {
+      edit: allRoles.slice(0, 7),
+      view: allRoles,
+    },
+    related: {
+      // ใช้กับหลายเมนู
+      edit: allRoles.slice(0, 6),
+      view: allRoles,
+    },
+    account: {
+      edit: allRoles.slice(0, 6),
+      view: allRoles.slice(0, 7),
+    },
+    uploadSlip: {
+      edit: allRoles.slice(0, 6),
+      view: allRoles.filter((r) => r !== 'head_of_sale' && r !== 'sale'),
+    },
+    dashBoard: {
+      edit: allRoles.slice(0, 6).filter((r) => r !== 'admin'),
+      view: allRoles.filter((r) => r !== 'admin'),
+    },
+  };
+  const roles = getRole() ?? [];
+  if (roles.includes('system')) return true;
+
+  const allowedRoles = permissions[menu]?.[action] || [];
+
+  return allowedRoles.some((role: string) => roles.includes(role));
+}
+
 export function resetScrollBar(elementId: string) {
  const element = document.getElementById(elementId);