From 75ed79f722a5949b86554daf1cf80b07145197b2 Mon Sep 17 00:00:00 2001 From: Bright Date: Thu, 8 Aug 2024 14:17:10 +0700 Subject: [PATCH] =?UTF-8?q?permission=20=E0=B8=82=E0=B9=89=E0=B8=AD?= =?UTF-8?q?=E0=B8=A1=E0=B8=B9=E0=B8=A5=E0=B8=81=E0=B8=B2=E0=B8=A3=E0=B8=9B?= =?UTF-8?q?=E0=B8=A3=E0=B8=B0=E0=B9=80=E0=B8=A1=E0=B8=B4=E0=B8=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/controllers/KpiCapacityController.ts | 12 +++-- src/controllers/KpiEvaluationController.ts | 5 +- src/controllers/KpiGroupController.ts | 11 ++-- src/controllers/KpiLinkController.ts | 11 ++-- src/controllers/KpiPlanController.ts | 12 +++-- src/controllers/KpiRoleController.ts | 12 +++-- src/controllers/KpiSpecialController.ts | 12 +++-- src/interfaces/permission.ts | 58 ++++++++++++++++++++++ src/middlewares/user.ts | 13 +++++ 9 files changed, 123 insertions(+), 23 deletions(-) create mode 100644 src/interfaces/permission.ts create mode 100644 src/middlewares/user.ts diff --git a/src/controllers/KpiCapacityController.ts b/src/controllers/KpiCapacityController.ts index 9842d54..dc4bbbc 100644 --- a/src/controllers/KpiCapacityController.ts +++ b/src/controllers/KpiCapacityController.ts @@ -23,7 +23,8 @@ import { KpiCapacity } from "../entities/kpiCapacity"; import { Position } from "../entities/position"; import { KpiCapacityDetail } from "../entities/kpiCapacityDetail"; import { Like, In } from "typeorm"; - +import permission from "../interfaces/permission"; +import { RequestWithUser } from "../middlewares/user"; @Route("api/v1/kpi/capacity") @Tags("kpiCapacity") @Security("bearerAuth") @@ -66,8 +67,9 @@ export class kpiCapacityController extends Controller { description: string; }[]; }, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionCreate(request,"SYS_EVA_COMPETENCY"); const kpiCapacity = Object.assign(new KpiCapacity(), { type: requestBody.type, name: requestBody.name, @@ -130,8 +132,9 @@ export class kpiCapacityController extends Controller { description: string; }[]; }, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionUpdate(request,"SYS_EVA_COMPETENCY"); const kpiCapacity = await this.kpiCapacityRepository.findOne({ where: { id: id }, }); @@ -356,7 +359,8 @@ export class kpiCapacityController extends Controller { * @param {string} id Guid, *Id รายการสมรรถนะ */ @Delete("{id}") - async deleteKpiCapacity(@Path() id: string) { + async deleteKpiCapacity(@Path() id: string, @Request() request: RequestWithUser) { + await new permission().PermissionDelete(request,"SYS_EVA_COMPETENCY"); const kpiCapacity = await this.kpiCapacityRepository.findOne({ where: { id: id }, }); diff --git a/src/controllers/KpiEvaluationController.ts b/src/controllers/KpiEvaluationController.ts index 6dd5406..e2ad304 100644 --- a/src/controllers/KpiEvaluationController.ts +++ b/src/controllers/KpiEvaluationController.ts @@ -21,6 +21,8 @@ import HttpError from "../interfaces/http-error"; import { Like, Not } from "typeorm"; import HttpStatusCode from "../interfaces/http-status"; import { KpiEvaluation, updateKpiEvaluation } from "../entities/kpiEvaluation"; +import permission from "../interfaces/permission"; +import { RequestWithUser } from "../middlewares/user"; @Route("api/v1/kpi/evaluation") @Tags("kpiEvaluation") @Security("bearerAuth") @@ -39,8 +41,9 @@ export class kpiEvaluationController extends Controller { @Put() async updateKpiEvaluations( @Body() requestBody: updateKpiEvaluation[], - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionUpdate(request,"SYS_EVA_COMPETENCY"); const updatedIds: string[] = []; for (const item of requestBody) { diff --git a/src/controllers/KpiGroupController.ts b/src/controllers/KpiGroupController.ts index c6425a9..1e53f20 100644 --- a/src/controllers/KpiGroupController.ts +++ b/src/controllers/KpiGroupController.ts @@ -21,6 +21,8 @@ import HttpError from "../interfaces/http-error"; import { Like, Not } from "typeorm"; import HttpStatusCode from "../interfaces/http-status"; import { KpiGroup, createKpiGroup, updateKpiGroup } from "../entities/kpiGroup"; +import permission from "../interfaces/permission"; +import { RequestWithUser } from "../middlewares/user"; @Route("api/v1/kpi/group") @Tags("kpiGroup") @Security("bearerAuth") @@ -43,8 +45,9 @@ export class kpiGroupController extends Controller { }) async createKpiGroup( @Body() requestBody: createKpiGroup, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionCreate(request,"SYS_EVA_COMPETENCY"); const kpiGroup = Object.assign(new KpiGroup(), requestBody); const chkkpinameGroup = await this.kpiGroupRepository.findOne({ where: { @@ -70,8 +73,9 @@ export class kpiGroupController extends Controller { async updateKpiGroup( @Path() id: string, @Body() requestBody: updateKpiGroup, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionUpdate(request,"SYS_EVA_COMPETENCY"); const kpiGroup = await this.kpiGroupRepository.findOne({ where: { id: id }, }); @@ -119,7 +123,8 @@ export class kpiGroupController extends Controller { * @param id */ @Delete("{id}") - async deleteKpiGroup(@Path() id: string) { + async deleteKpiGroup(@Path() id: string, @Request() request: RequestWithUser) { + await new permission().PermissionDelete(request,"SYS_EVA_COMPETENCY"); const kpiGroup = await this.kpiGroupRepository.findOne({ where: { id: id }, }); diff --git a/src/controllers/KpiLinkController.ts b/src/controllers/KpiLinkController.ts index 7fb2e0a..1cc2f2a 100644 --- a/src/controllers/KpiLinkController.ts +++ b/src/controllers/KpiLinkController.ts @@ -24,6 +24,8 @@ import { KpiLink, createKpiLink, updateKpiLink } from "../entities/kpiLink"; import { KpiGroup } from "../entities/kpiGroup"; import { KpiCapacity } from "../entities/kpiCapacity"; import { Position } from "../entities/position"; +import permission from "../interfaces/permission"; +import { RequestWithUser } from "../middlewares/user"; @Route("api/v1/kpi/link") @Tags("kpiLink") @Security("bearerAuth") @@ -46,8 +48,9 @@ export class kpiLinkController extends Controller { @Post() async createKpiLink( @Body() requestBody: createKpiLink, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionCreate(request,"SYS_EVA_COMPETENCY"); const chkkpiGroup = await this.kpiGroupRepository.findOne({ where: { id: requestBody.kpiGroupId, @@ -105,8 +108,9 @@ export class kpiLinkController extends Controller { async updateKpiLink( @Path() id: string, @Body() requestBody: createKpiLink, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionUpdate(request,"SYS_EVA_COMPETENCY"); const chkKpiLink = await this.kpiLinkRepository.findOne({ where: { id: id, @@ -198,7 +202,8 @@ export class kpiLinkController extends Controller { * @param id */ @Delete("{id}") - async deleteKpiLink(@Path() id: string) { + async deleteKpiLink(@Path() id: string, @Request() request: RequestWithUser) { + await new permission().PermissionDelete(request,"SYS_EVA_COMPETENCY"); const kpiLink = await this.kpiLinkRepository.findOne({ where: { id: id }, relations: ["kpiCapacitys"], diff --git a/src/controllers/KpiPlanController.ts b/src/controllers/KpiPlanController.ts index 802681c..32d16ca 100644 --- a/src/controllers/KpiPlanController.ts +++ b/src/controllers/KpiPlanController.ts @@ -26,7 +26,8 @@ import { Brackets, IsNull, Not } from "typeorm"; import { KpiPlanHistory } from "../entities/kpiPlanHistory"; import { KpiSpecial } from "../entities/kpiSpecial"; import { KpiRole } from "../entities/kpiRole"; - +import permission from "../interfaces/permission"; +import { RequestWithUser } from "../middlewares/user"; @Route("api/v1/kpi/plan") @Tags("kpiPlan") @Security("bearerAuth") @@ -49,8 +50,9 @@ export class kpiPlanController extends Controller { @Post() async createKpiPlan( @Body() requestBody: createKpiPlan, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionCreate(request,"SYS_EVA_INDICATOR"); const kpiPlan = Object.assign(new KpiPlan(), requestBody); if (requestBody.year != null && requestBody.period != null) { const kpiPeriod = await this.kpiPeriodRepository @@ -208,8 +210,9 @@ export class kpiPlanController extends Controller { async updateKpiPlan( @Path() id: string, @Body() requestBody: updateKpiPlan, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionUpdate(request,"SYS_EVA_INDICATOR"); const kpiPlan = await this.kpiPlanRepository.findOne({ where: { id: id }, }); @@ -502,7 +505,8 @@ export class kpiPlanController extends Controller { * @param id */ @Delete("{id}") - async deleteKpiPlan(@Path() id: string) { + async deleteKpiPlan(@Path() id: string, @Request() request: RequestWithUser) { + await new permission().PermissionDelete(request,"SYS_EVA_INDICATOR"); const kpiPlan = await this.kpiPlanRepository.findOne({ where: { id: id }, }); diff --git a/src/controllers/KpiRoleController.ts b/src/controllers/KpiRoleController.ts index e9a7217..c1a583d 100644 --- a/src/controllers/KpiRoleController.ts +++ b/src/controllers/KpiRoleController.ts @@ -24,7 +24,8 @@ import CallAPI from "../interfaces/call-api"; import { KpiPeriod } from "../entities/kpiPeriod"; import { Brackets, IsNull, Like } from "typeorm"; import { KpiRoleHistory } from "../entities/kpiRoleHistory"; - +import permission from "../interfaces/permission"; +import { RequestWithUser } from "../middlewares/user"; @Route("api/v1/kpi/role") @Tags("kpiRole") @Security("bearerAuth") @@ -45,8 +46,9 @@ export class kpiRoleController extends Controller { @Post() async createKpiRole( @Body() requestBody: createKpiRole, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionCreate(request,"SYS_EVA_INDICATOR"); const kpiRole = Object.assign(new KpiRole(), requestBody); if (requestBody.year != null && requestBody.period != null) { const kpiPeriod = await this.kpiPeriodRepository @@ -201,8 +203,9 @@ export class kpiRoleController extends Controller { async updateKpiRole( @Path() id: string, @Body() requestBody: updateKpiRole, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionUpdate(request,"SYS_EVA_INDICATOR"); const kpiRole = await this.kpiRoleRepository.findOne({ where: { id: id }, }); @@ -465,7 +468,8 @@ export class kpiRoleController extends Controller { * @param id */ @Delete("{id}") - async deleteKpiRole(@Path() id: string) { + async deleteKpiRole(@Path() id: string,@Request() request: RequestWithUser) { + await new permission().PermissionDelete(request,"SYS_EVA_INDICATOR"); const kpiRole = await this.kpiRoleRepository.findOne({ where: { id: id }, }); diff --git a/src/controllers/KpiSpecialController.ts b/src/controllers/KpiSpecialController.ts index 0eac036..6885301 100644 --- a/src/controllers/KpiSpecialController.ts +++ b/src/controllers/KpiSpecialController.ts @@ -22,7 +22,8 @@ import HttpStatusCode from "../interfaces/http-status"; import { KpiSpecial, CreateKpiSpecial, UpdateKpiSpecial } from "../entities/kpiSpecial"; import CallAPI from "../interfaces/call-api"; import { Brackets, IsNull, Like, Not } from "typeorm"; - +import permission from "../interfaces/permission"; +import { RequestWithUser } from "../middlewares/user"; @Route("api/v1/kpi/special") @Tags("kpiSpecial") @Security("bearerAuth") @@ -42,8 +43,9 @@ export class kpiSpecialController extends Controller { @Post() async createKpiSpecial( @Body() requestBody: CreateKpiSpecial, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionCreate(request,"SYS_EVA_INDICATOR"); const chk_kpiSpecial = await this.kpiSpecialRepository.findOne({ where: { including: String(requestBody.including), @@ -78,8 +80,9 @@ export class kpiSpecialController extends Controller { async updateKpiSpecial( @Path() id: string, @Body() requestBody: UpdateKpiSpecial, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionUpdate(request,"SYS_EVA_INDICATOR"); const kpiSpecial = await this.kpiSpecialRepository.findOne({ where: { id: id }, }); @@ -213,7 +216,8 @@ export class kpiSpecialController extends Controller { * @param id */ @Delete("{id}") - async deleteKpiSpecial(@Path() id: string) { + async deleteKpiSpecial(@Path() id: string, @Request() request: RequestWithUser,) { + await new permission().PermissionDelete(request,"SYS_EVA_INDICATOR"); const kpiSpecial = await this.kpiSpecialRepository.findOne({ where: { id: id }, }); diff --git a/src/interfaces/permission.ts b/src/interfaces/permission.ts new file mode 100644 index 0000000..74bb1de --- /dev/null +++ b/src/interfaces/permission.ts @@ -0,0 +1,58 @@ +import { + Controller, + Request, + Get, + Post, + Put, + Delete, + Patch, + Route, + Security, + Tags, + Path, +} from "tsoa"; +import axios from "axios"; +import { RequestWithUser } from "../middlewares/user"; +import CallAPI from "./call-api"; +import HttpError from "./http-error"; +import HttpStatus from "./http-status"; + +class CheckAuth { + public async Permission(req: RequestWithUser, system: string, action: string) { + await new CallAPI() + .GetData(req, "/org/permission") + .then((x) => { + let permission = false; + let role = x.roles.find((x: any) => x.authSysId == system); + if (!role) throw "ไม่มีสิทธิ์เข้าระบบ"; + if (action.trim().toLocaleUpperCase() == "CREATE") permission = role.attrIsCreate; + if (action.trim().toLocaleUpperCase() == "DELETE") permission = role.attrIsDelete; + if (action.trim().toLocaleUpperCase() == "GET") permission = role.attrIsGet; + if (action.trim().toLocaleUpperCase() == "LIST") permission = role.attrIsList; + if (action.trim().toLocaleUpperCase() == "UPDATE") permission = role.attrIsUpdate; + if (role.attrOwnership == "OWNER") permission = true; + if (permission == false) throw "ไม่มีสิทธิ์ใช้งานระบบนี้"; + return role.attrPrivilege; + }) + .catch((x) => { + throw new HttpError(HttpStatus.FORBIDDEN, x); + }); + } + public async PermissionCreate(req: RequestWithUser, system: string) { + this.Permission(req, system, "CREATE"); + } + public async PermissionDelete(req: RequestWithUser, system: string) { + this.Permission(req, system, "DELETE"); + } + public async PermissionGet(req: RequestWithUser, system: string) { + this.Permission(req, system, "GET"); + } + public async PermissionList(req: RequestWithUser, system: string) { + this.Permission(req, system, "LIST"); + } + public async PermissionUpdate(req: RequestWithUser, system: string) { + this.Permission(req, system, "UPDATE"); + } +} + +export default CheckAuth; diff --git a/src/middlewares/user.ts b/src/middlewares/user.ts new file mode 100644 index 0000000..a35cdc4 --- /dev/null +++ b/src/middlewares/user.ts @@ -0,0 +1,13 @@ +import type { Request } from "express"; + +export type RequestWithUser = Request & { + user: { + sub: string; + name: string; + given_name: string; + familiy_name: string; + preferred_username: string; + email: string; + role: string[]; + }; +};