แก้ สิทธิ์ให้ค้นไวขึ้น

2024-09-06 15:25:26 +07:00 · 2024-09-06 15:25:26 +07:00 · 5ed0066c0f
commit 5ed0066c0f
parent 1f2b79cff0
1 changed files with 32 additions and 20 deletions
--- a/src/interfaces/permission.ts
+++ b/src/interfaces/permission.ts
@ -42,12 +42,30 @@ class CheckAuth {
      req.headers["api_key"] &&
      req.headers["api_key"] == process.env.API_KEY
    ) {
-      return null;
+      return {
+        root: null,
+        child1: null,
+        child2: null,
+        child3: null,
+        child4: null,
+      };
    }
    return await new CallAPI()
-      .GetData(req, `/org/permission/org/${action}/${system}`)
+      .GetData(req, `/org/permission/org/${system}/${action}`)
      .then(async (x) => {
+        console.log(x);
        let privilege = x.privilege;
+        // if (action.trim().toLocaleUpperCase() == "CREATE")
+        //   privilege = await this.PermissionCreate(req, system);
+        // if (action.trim().toLocaleUpperCase() == "DELETE")
+        //   privilege = await this.PermissionDelete(req, system);
+        // if (action.trim().toLocaleUpperCase() == "GET")
+        //   privilege = await this.PermissionGet(req, system);
+        // if (action.trim().toLocaleUpperCase() == "LIST")
+        //   privilege = await this.PermissionList(req, system);
+        // if (action.trim().toLocaleUpperCase() == "UPDATE")
+        //   privilege = await this.PermissionUpdate(req, system);
+
        let data: any = {
          root: [null],
          child1: [null],
@ -124,25 +142,19 @@ class CheckAuth {
      return true;
    }
    return await new CallAPI()
-      .GetData(req, `/org/permission/user/${profileId}`)
+      .GetData(req, `/org/permission/user/${system}/${action}/${profileId}`)
      .then(async (x) => {
-        let org = {
-          root: [null],
-          child1: [null],
-          child2: [null],
-          child3: [null],
-          child4: [null],
-        };
-        if (action.trim().toLocaleUpperCase() == "CREATE")
-          org = await this.PermissionOrgCreate(req, system);
-        if (action.trim().toLocaleUpperCase() == "DELETE")
-          org = await this.PermissionOrgDelete(req, system);
-        if (action.trim().toLocaleUpperCase() == "GET")
-          org = await this.PermissionOrgGet(req, system);
-        if (action.trim().toLocaleUpperCase() == "LIST")
-          org = await this.PermissionOrgList(req, system);
-        if (action.trim().toLocaleUpperCase() == "UPDATE")
-          org = await this.PermissionOrgUpdate(req, system);
+        let org = x.org;
+        // if (action.trim().toLocaleUpperCase() == "CREATE")
+        //   org = await this.PermissionOrgCreate(req, system);
+        // if (action.trim().toLocaleUpperCase() == "DELETE")
+        //   org = await this.PermissionOrgDelete(req, system);
+        // if (action.trim().toLocaleUpperCase() == "GET")
+        //   org = await this.PermissionOrgGet(req, system);
+        // if (action.trim().toLocaleUpperCase() == "LIST")
+        //   org = await this.PermissionOrgList(req, system);
+        // if (action.trim().toLocaleUpperCase() == "UPDATE")
+        //   org = await this.PermissionOrgUpdate(req, system);

        if (org.root != null) if (x.orgRootId != org.root[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล";
        if (org.child1 != null)