ผูกสิดข้อมูลหลัก

2024-08-21 22:09:56 +07:00 · 2024-08-21 22:09:56 +07:00 · 2a536dcc32
commit 2a536dcc32
parent 666a7f8021
2 changed files with 190 additions and 61 deletions
--- a/src/controllers/StrategyController.ts
+++ b/src/controllers/StrategyController.ts
@ -1,48 +1,14 @@
-import {
-  Body,
-  Controller,
-  Delete,
-  Example,
-  Get,
-  Patch,
-  Path,
-  Post,
-  Request,
-  Route,
-  Security,
-  Tags,
-} from "tsoa";
+import { Body, Controller, Delete, Get, Patch, Post, Request, Route, Security, Tags } from "tsoa";
 import { AppDataSource } from "../database/data-source";
-import {
-  CreateStrategyChild1,
-  StrategyChild1,
-  UpdateStrategyChild1,
-} from "../entities/StrategyChild1";
-import {
-  CreateStrategyChild2,
-  StrategyChild2,
-  UpdateStrategyChild2,
-} from "../entities/StrategyChild2";
-import {
-  CreateStrategyChild3,
-  StrategyChild3,
-  UpdateStrategyChild3,
-} from "../entities/StrategyChild3";
-import {
-  CreateStrategyChild4,
-  StrategyChild4,
-  UpdateStrategyChild4,
-} from "../entities/StrategyChild4";
-import {
-  CreateStrategyChild5,
-  StrategyChild5,
-  UpdateStrategyChild5,
-} from "../entities/StrategyChild5";
+import { StrategyChild1 } from "../entities/StrategyChild1";
+import { StrategyChild2 } from "../entities/StrategyChild2";
+import { StrategyChild3 } from "../entities/StrategyChild3";
+import { StrategyChild4 } from "../entities/StrategyChild4";
+import { StrategyChild5 } from "../entities/StrategyChild5";
 import HttpError from "../interfaces/http-error";
 import HttpStatus from "../interfaces/http-status";
 import HttpSuccess from "../interfaces/http-success";
-import { Check } from "typeorm";
-import { addLogSequence, setLogDataDiff } from "../interfaces/utils";
+import { setLogDataDiff } from "../interfaces/utils";
 import { RequestWithUser } from "../middlewares/user";
 import permission from "../interfaces/permission";
@Route("api/v1/development/strategy")
@ -55,7 +21,8 @@ export class StrategyController extends Controller {
  private strategy4Repo = AppDataSource.getRepository(StrategyChild4);
  private strategy5Repo = AppDataSource.getRepository(StrategyChild5);
  @Get()
-  public async listStrategyChild1() {
+  public async listStrategyChild1(@Request() request: RequestWithUser) {
+    let _data = await new permission().PermissionList(request, "SYS_EVA_STRATIGIC");
    const listStrategyChild1 = await this.strategy1Repo.find({
      relations: [
        "strategyChild2s",
@ -115,7 +82,7 @@ export class StrategyController extends Controller {
      idnode?: string | null;
    },
  ) {
-    await new permission().PermissionCreate(request,"SYS_EVA_STRATIGIC");
+    await new permission().PermissionCreate(request, "SYS_EVA_STRATIGIC");
    let strategyRepo: any;
    let strategyChild: any;
    let repoSave: any;
@ -226,7 +193,7 @@ export class StrategyController extends Controller {
      idnode: string;
    },
  ) {
-    await new permission().PermissionUpdate(request,"SYS_EVA_STRATIGIC");
+    await new permission().PermissionUpdate(request, "SYS_EVA_STRATIGIC");
    let strategyRepo: any;
    let strategyChild: any;

@ -306,7 +273,7 @@ export class StrategyController extends Controller {
      idnode: string;
    },
  ) {
-    await new permission().PermissionDelete(request,"SYS_EVA_STRATIGIC");
+    await new permission().PermissionDelete(request, "SYS_EVA_STRATIGIC");
    let strategyRepo: any;
    let data: any;

--- a/src/interfaces/permission.ts
+++ b/src/interfaces/permission.ts
@ -1,16 +1,3 @@
-import {
-  Controller,
-  Request,
-  Get,
-  Post,
-  Put,
-  Delete,
-  Patch,
-  Route,
-  Security,
-  Tags,
-  Path,
-} from "tsoa";
 import axios from "axios";
 import { RequestWithUser } from "../middlewares/user";
 import CallAPI from "./call-api";
@ -26,23 +13,166 @@ class CheckAuth {
    ) {
      return null;
    }
-    await new CallAPI()
+    return await new CallAPI()
      .GetData(req, "/org/permission")
      .then((x) => {
        let permission = false;
        let role = x.roles.find((x: any) => x.authSysId == system);
        if (!role) throw "ไม่มีสิทธิ์เข้าระบบ";
+        if (role.attrOwnership == "OWNER") return "OWNER";
        if (action.trim().toLocaleUpperCase() == "CREATE") permission = role.attrIsCreate;
        if (action.trim().toLocaleUpperCase() == "DELETE") permission = role.attrIsDelete;
        if (action.trim().toLocaleUpperCase() == "GET") permission = role.attrIsGet;
        if (action.trim().toLocaleUpperCase() == "LIST") permission = role.attrIsList;
        if (action.trim().toLocaleUpperCase() == "UPDATE") permission = role.attrIsUpdate;
-        if (role.attrOwnership == "OWNER") permission = true;
        if (permission == false) throw "ไม่มีสิทธิ์ใช้งานระบบนี้";
        return role.attrPrivilege;
      })
      .catch((x) => {
-        throw new HttpError(HttpStatus.FORBIDDEN, x);
+        if (x.status != undefined) {
+          throw new HttpError(x.status, x.message);
+        } else {
+          throw new HttpError(HttpStatus.FORBIDDEN, x);
+        }
+      });
+  }
+  public async PermissionOrg(req: RequestWithUser, system: string, action: string) {
+    if (
+      req.headers.hasOwnProperty("api_key") &&
+      req.headers["api_key"] &&
+      req.headers["api_key"] == process.env.API_KEY
+    ) {
+      return null;
+    }
+    return await new CallAPI()
+      .GetData(req, "/org/permission/org")
+      .then(async (x) => {
+        let privilege = null;
+        if (action.trim().toLocaleUpperCase() == "CREATE")
+          privilege = await this.PermissionCreate(req, system);
+        if (action.trim().toLocaleUpperCase() == "DELETE")
+          privilege = await this.PermissionDelete(req, system);
+        if (action.trim().toLocaleUpperCase() == "GET")
+          privilege = await this.PermissionGet(req, system);
+        if (action.trim().toLocaleUpperCase() == "LIST")
+          privilege = await this.PermissionList(req, system);
+        if (action.trim().toLocaleUpperCase() == "UPDATE")
+          privilege = await this.PermissionUpdate(req, system);
+
+        let data: any = {
+          root: [null],
+          child1: [null],
+          child2: [null],
+          child3: [null],
+          child4: [null],
+        };
+        let node = 4;
+        if (x.orgChild1Id == null) {
+          node = 0;
+        } else if (x.orgChild2Id == null) {
+          node = 1;
+        } else if (x.orgChild3Id == null) {
+          node = 2;
+        } else if (x.orgChild4Id == null) {
+          node = 3;
+        }
+        if (privilege == "ROOT") {
+          data = {
+            root: [x.orgRootId],
+            child1: null,
+            child2: null,
+            child3: null,
+            child4: null,
+          };
+        } else if (privilege == "CHILD") {
+          data = {
+            root: node >= 0 ? [x.orgRootId] : null,
+            child1: node >= 1 ? [x.orgChild1Id] : null,
+            child2: node >= 2 ? [x.orgChild2Id] : null,
+            child3: node >= 3 ? [x.orgChild3Id] : null,
+            child4: node >= 4 ? [x.orgChild4Id] : null,
+          };
+        } else if (privilege == "NORMAL") {
+          data = {
+            root: [x.orgRootId],
+            child1: [x.orgChild1Id],
+            child2: [x.orgChild2Id],
+            child3: [x.orgChild3Id],
+            child4: [x.orgChild4Id],
+          };
+        } else if (privilege == "SPECIFIC") {
+        } else if (privilege == "OWNER") {
+          data = {
+            root: null,
+            child1: null,
+            child2: null,
+            child3: null,
+            child4: null,
+          };
+        }
+
+        return data;
+      })
+      .catch((x) => {
+        if (x.status != undefined) {
+          throw new HttpError(x.status, x.message);
+        } else {
+          throw new HttpError(HttpStatus.FORBIDDEN, x);
+        }
+      });
+  }
+  public async PermissionOrgByUser(
+    req: RequestWithUser,
+    system: string,
+    action: string,
+    profileId: string,
+  ) {
+    if (
+      req.headers.hasOwnProperty("api_key") &&
+      req.headers["api_key"] &&
+      req.headers["api_key"] == process.env.API_KEY
+    ) {
+      return true;
+    }
+    return await new CallAPI()
+      .GetData(req, `/org/permission/user/${profileId}`)
+      .then(async (x) => {
+        let org = {
+          root: [null],
+          child1: [null],
+          child2: [null],
+          child3: [null],
+          child4: [null],
+        };
+        if (action.trim().toLocaleUpperCase() == "CREATE")
+          org = await this.PermissionOrgCreate(req, system);
+        if (action.trim().toLocaleUpperCase() == "DELETE")
+          org = await this.PermissionOrgDelete(req, system);
+        if (action.trim().toLocaleUpperCase() == "GET")
+          org = await this.PermissionOrgGet(req, system);
+        if (action.trim().toLocaleUpperCase() == "LIST")
+          org = await this.PermissionOrgList(req, system);
+        if (action.trim().toLocaleUpperCase() == "UPDATE")
+          org = await this.PermissionOrgUpdate(req, system);
+
+        if (org.root != null) if (x.orgRootId != org.root[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล";
+        if (org.child1 != null)
+          if (x.orgChild1Id != org.child1[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล";
+        if (org.child2 != null)
+          if (x.orgChild2Id != org.child2[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล";
+        if (org.child3 != null)
+          if (x.orgChild3Id != org.child3[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล";
+        if (org.child4 != null)
+          if (x.orgChild4Id != org.child4[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล";
+
+        return true;
+      })
+      .catch((x) => {
+        if (x.status != undefined) {
+          throw new HttpError(x.status, x.message);
+        } else {
+          throw new HttpError(HttpStatus.FORBIDDEN, x);
+        }
      });
  }
  public async PermissionCreate(req: RequestWithUser, system: string) {
@ -60,6 +190,38 @@ class CheckAuth {
  public async PermissionUpdate(req: RequestWithUser, system: string) {
    return await this.Permission(req, system, "UPDATE");
  }
+
+  public async PermissionOrgCreate(req: RequestWithUser, system: string) {
+    return await this.PermissionOrg(req, system, "CREATE");
+  }
+  public async PermissionOrgDelete(req: RequestWithUser, system: string) {
+    return await this.PermissionOrg(req, system, "DELETE");
+  }
+  public async PermissionOrgGet(req: RequestWithUser, system: string) {
+    return await this.PermissionOrg(req, system, "GET");
+  }
+  public async PermissionOrgList(req: RequestWithUser, system: string) {
+    return await this.PermissionOrg(req, system, "LIST");
+  }
+  public async PermissionOrgUpdate(req: RequestWithUser, system: string) {
+    return await this.PermissionOrg(req, system, "UPDATE");
+  }
+
+  public async PermissionOrgUserCreate(req: RequestWithUser, system: string, profileId: string) {
+    return await this.PermissionOrgByUser(req, system, "CREATE", profileId);
+  }
+  public async PermissionOrgUserDelete(req: RequestWithUser, system: string, profileId: string) {
+    return await this.PermissionOrgByUser(req, system, "DELETE", profileId);
+  }
+  public async PermissionOrgUserGet(req: RequestWithUser, system: string, profileId: string) {
+    return await this.PermissionOrgByUser(req, system, "GET", profileId);
+  }
+  public async PermissionOrgUserList(req: RequestWithUser, system: string, profileId: string) {
+    return await this.PermissionOrgByUser(req, system, "LIST", profileId);
+  }
+  public async PermissionOrgUserUpdate(req: RequestWithUser, system: string, profileId: string) {
+    return await this.PermissionOrgByUser(req, system, "UPDATE", profileId);
+  }
 }

 export default CheckAuth;