From 2a536dcc32f59e8f1bfc2296d27031551cb7f1bd Mon Sep 17 00:00:00 2001 From: kittapath Date: Wed, 21 Aug 2024 22:09:56 +0700 Subject: [PATCH] =?UTF-8?q?=E0=B8=9C=E0=B8=B9=E0=B8=81=E0=B8=AA=E0=B8=B4?= =?UTF-8?q?=E0=B8=94=E0=B8=82=E0=B9=89=E0=B8=AD=E0=B8=A1=E0=B8=B9=E0=B8=A5?= =?UTF-8?q?=E0=B8=AB=E0=B8=A5=E0=B8=B1=E0=B8=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/controllers/StrategyController.ts | 57 ++------ src/interfaces/permission.ts | 194 +++++++++++++++++++++++--- 2 files changed, 190 insertions(+), 61 deletions(-) diff --git a/src/controllers/StrategyController.ts b/src/controllers/StrategyController.ts index c091073..282dea7 100644 --- a/src/controllers/StrategyController.ts +++ b/src/controllers/StrategyController.ts @@ -1,48 +1,14 @@ -import { - Body, - Controller, - Delete, - Example, - Get, - Patch, - Path, - Post, - Request, - Route, - Security, - Tags, -} from "tsoa"; +import { Body, Controller, Delete, Get, Patch, Post, Request, Route, Security, Tags } from "tsoa"; import { AppDataSource } from "../database/data-source"; -import { - CreateStrategyChild1, - StrategyChild1, - UpdateStrategyChild1, -} from "../entities/StrategyChild1"; -import { - CreateStrategyChild2, - StrategyChild2, - UpdateStrategyChild2, -} from "../entities/StrategyChild2"; -import { - CreateStrategyChild3, - StrategyChild3, - UpdateStrategyChild3, -} from "../entities/StrategyChild3"; -import { - CreateStrategyChild4, - StrategyChild4, - UpdateStrategyChild4, -} from "../entities/StrategyChild4"; -import { - CreateStrategyChild5, - StrategyChild5, - UpdateStrategyChild5, -} from "../entities/StrategyChild5"; +import { StrategyChild1 } from "../entities/StrategyChild1"; +import { StrategyChild2 } from "../entities/StrategyChild2"; +import { StrategyChild3 } from "../entities/StrategyChild3"; +import { StrategyChild4 } from "../entities/StrategyChild4"; +import { StrategyChild5 } from "../entities/StrategyChild5"; import HttpError from "../interfaces/http-error"; import HttpStatus from "../interfaces/http-status"; import HttpSuccess from "../interfaces/http-success"; -import { Check } from "typeorm"; -import { addLogSequence, setLogDataDiff } from "../interfaces/utils"; +import { setLogDataDiff } from "../interfaces/utils"; import { RequestWithUser } from "../middlewares/user"; import permission from "../interfaces/permission"; @Route("api/v1/development/strategy") @@ -55,7 +21,8 @@ export class StrategyController extends Controller { private strategy4Repo = AppDataSource.getRepository(StrategyChild4); private strategy5Repo = AppDataSource.getRepository(StrategyChild5); @Get() - public async listStrategyChild1() { + public async listStrategyChild1(@Request() request: RequestWithUser) { + let _data = await new permission().PermissionList(request, "SYS_EVA_STRATIGIC"); const listStrategyChild1 = await this.strategy1Repo.find({ relations: [ "strategyChild2s", @@ -115,7 +82,7 @@ export class StrategyController extends Controller { idnode?: string | null; }, ) { - await new permission().PermissionCreate(request,"SYS_EVA_STRATIGIC"); + await new permission().PermissionCreate(request, "SYS_EVA_STRATIGIC"); let strategyRepo: any; let strategyChild: any; let repoSave: any; @@ -226,7 +193,7 @@ export class StrategyController extends Controller { idnode: string; }, ) { - await new permission().PermissionUpdate(request,"SYS_EVA_STRATIGIC"); + await new permission().PermissionUpdate(request, "SYS_EVA_STRATIGIC"); let strategyRepo: any; let strategyChild: any; @@ -306,7 +273,7 @@ export class StrategyController extends Controller { idnode: string; }, ) { - await new permission().PermissionDelete(request,"SYS_EVA_STRATIGIC"); + await new permission().PermissionDelete(request, "SYS_EVA_STRATIGIC"); let strategyRepo: any; let data: any; diff --git a/src/interfaces/permission.ts b/src/interfaces/permission.ts index 539def0..1669018 100644 --- a/src/interfaces/permission.ts +++ b/src/interfaces/permission.ts @@ -1,16 +1,3 @@ -import { - Controller, - Request, - Get, - Post, - Put, - Delete, - Patch, - Route, - Security, - Tags, - Path, -} from "tsoa"; import axios from "axios"; import { RequestWithUser } from "../middlewares/user"; import CallAPI from "./call-api"; @@ -26,23 +13,166 @@ class CheckAuth { ) { return null; } - await new CallAPI() + return await new CallAPI() .GetData(req, "/org/permission") .then((x) => { let permission = false; let role = x.roles.find((x: any) => x.authSysId == system); if (!role) throw "ไม่มีสิทธิ์เข้าระบบ"; + if (role.attrOwnership == "OWNER") return "OWNER"; if (action.trim().toLocaleUpperCase() == "CREATE") permission = role.attrIsCreate; if (action.trim().toLocaleUpperCase() == "DELETE") permission = role.attrIsDelete; if (action.trim().toLocaleUpperCase() == "GET") permission = role.attrIsGet; if (action.trim().toLocaleUpperCase() == "LIST") permission = role.attrIsList; if (action.trim().toLocaleUpperCase() == "UPDATE") permission = role.attrIsUpdate; - if (role.attrOwnership == "OWNER") permission = true; if (permission == false) throw "ไม่มีสิทธิ์ใช้งานระบบนี้"; return role.attrPrivilege; }) .catch((x) => { - throw new HttpError(HttpStatus.FORBIDDEN, x); + if (x.status != undefined) { + throw new HttpError(x.status, x.message); + } else { + throw new HttpError(HttpStatus.FORBIDDEN, x); + } + }); + } + public async PermissionOrg(req: RequestWithUser, system: string, action: string) { + if ( + req.headers.hasOwnProperty("api_key") && + req.headers["api_key"] && + req.headers["api_key"] == process.env.API_KEY + ) { + return null; + } + return await new CallAPI() + .GetData(req, "/org/permission/org") + .then(async (x) => { + let privilege = null; + if (action.trim().toLocaleUpperCase() == "CREATE") + privilege = await this.PermissionCreate(req, system); + if (action.trim().toLocaleUpperCase() == "DELETE") + privilege = await this.PermissionDelete(req, system); + if (action.trim().toLocaleUpperCase() == "GET") + privilege = await this.PermissionGet(req, system); + if (action.trim().toLocaleUpperCase() == "LIST") + privilege = await this.PermissionList(req, system); + if (action.trim().toLocaleUpperCase() == "UPDATE") + privilege = await this.PermissionUpdate(req, system); + + let data: any = { + root: [null], + child1: [null], + child2: [null], + child3: [null], + child4: [null], + }; + let node = 4; + if (x.orgChild1Id == null) { + node = 0; + } else if (x.orgChild2Id == null) { + node = 1; + } else if (x.orgChild3Id == null) { + node = 2; + } else if (x.orgChild4Id == null) { + node = 3; + } + if (privilege == "ROOT") { + data = { + root: [x.orgRootId], + child1: null, + child2: null, + child3: null, + child4: null, + }; + } else if (privilege == "CHILD") { + data = { + root: node >= 0 ? [x.orgRootId] : null, + child1: node >= 1 ? [x.orgChild1Id] : null, + child2: node >= 2 ? [x.orgChild2Id] : null, + child3: node >= 3 ? [x.orgChild3Id] : null, + child4: node >= 4 ? [x.orgChild4Id] : null, + }; + } else if (privilege == "NORMAL") { + data = { + root: [x.orgRootId], + child1: [x.orgChild1Id], + child2: [x.orgChild2Id], + child3: [x.orgChild3Id], + child4: [x.orgChild4Id], + }; + } else if (privilege == "SPECIFIC") { + } else if (privilege == "OWNER") { + data = { + root: null, + child1: null, + child2: null, + child3: null, + child4: null, + }; + } + + return data; + }) + .catch((x) => { + if (x.status != undefined) { + throw new HttpError(x.status, x.message); + } else { + throw new HttpError(HttpStatus.FORBIDDEN, x); + } + }); + } + public async PermissionOrgByUser( + req: RequestWithUser, + system: string, + action: string, + profileId: string, + ) { + if ( + req.headers.hasOwnProperty("api_key") && + req.headers["api_key"] && + req.headers["api_key"] == process.env.API_KEY + ) { + return true; + } + return await new CallAPI() + .GetData(req, `/org/permission/user/${profileId}`) + .then(async (x) => { + let org = { + root: [null], + child1: [null], + child2: [null], + child3: [null], + child4: [null], + }; + if (action.trim().toLocaleUpperCase() == "CREATE") + org = await this.PermissionOrgCreate(req, system); + if (action.trim().toLocaleUpperCase() == "DELETE") + org = await this.PermissionOrgDelete(req, system); + if (action.trim().toLocaleUpperCase() == "GET") + org = await this.PermissionOrgGet(req, system); + if (action.trim().toLocaleUpperCase() == "LIST") + org = await this.PermissionOrgList(req, system); + if (action.trim().toLocaleUpperCase() == "UPDATE") + org = await this.PermissionOrgUpdate(req, system); + + if (org.root != null) if (x.orgRootId != org.root[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล"; + if (org.child1 != null) + if (x.orgChild1Id != org.child1[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล"; + if (org.child2 != null) + if (x.orgChild2Id != org.child2[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล"; + if (org.child3 != null) + if (x.orgChild3Id != org.child3[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล"; + if (org.child4 != null) + if (x.orgChild4Id != org.child4[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล"; + + return true; + }) + .catch((x) => { + if (x.status != undefined) { + throw new HttpError(x.status, x.message); + } else { + throw new HttpError(HttpStatus.FORBIDDEN, x); + } }); } public async PermissionCreate(req: RequestWithUser, system: string) { @@ -60,6 +190,38 @@ class CheckAuth { public async PermissionUpdate(req: RequestWithUser, system: string) { return await this.Permission(req, system, "UPDATE"); } + + public async PermissionOrgCreate(req: RequestWithUser, system: string) { + return await this.PermissionOrg(req, system, "CREATE"); + } + public async PermissionOrgDelete(req: RequestWithUser, system: string) { + return await this.PermissionOrg(req, system, "DELETE"); + } + public async PermissionOrgGet(req: RequestWithUser, system: string) { + return await this.PermissionOrg(req, system, "GET"); + } + public async PermissionOrgList(req: RequestWithUser, system: string) { + return await this.PermissionOrg(req, system, "LIST"); + } + public async PermissionOrgUpdate(req: RequestWithUser, system: string) { + return await this.PermissionOrg(req, system, "UPDATE"); + } + + public async PermissionOrgUserCreate(req: RequestWithUser, system: string, profileId: string) { + return await this.PermissionOrgByUser(req, system, "CREATE", profileId); + } + public async PermissionOrgUserDelete(req: RequestWithUser, system: string, profileId: string) { + return await this.PermissionOrgByUser(req, system, "DELETE", profileId); + } + public async PermissionOrgUserGet(req: RequestWithUser, system: string, profileId: string) { + return await this.PermissionOrgByUser(req, system, "GET", profileId); + } + public async PermissionOrgUserList(req: RequestWithUser, system: string, profileId: string) { + return await this.PermissionOrgByUser(req, system, "LIST", profileId); + } + public async PermissionOrgUserUpdate(req: RequestWithUser, system: string, profileId: string) { + return await this.PermissionOrgByUser(req, system, "UPDATE", profileId); + } } export default CheckAuth;