permission ข้อมูลการประเมิน

src/controllers/KpiSpecialController.ts

@@ -22,7 +22,8 @@ import HttpStatusCode from "../interfaces/http-status";
 import { KpiSpecial, CreateKpiSpecial, UpdateKpiSpecial } from "../entities/kpiSpecial";
 import CallAPI from "../interfaces/call-api";
 import { Brackets, IsNull, Like, Not } from "typeorm";
-
+import permission from "../interfaces/permission";
+import { RequestWithUser } from "../middlewares/user";
 @Route("api/v1/kpi/special")
 @Tags("kpiSpecial")
 @Security("bearerAuth")
@@ -42,8 +43,9 @@ export class kpiSpecialController extends Controller {
   @Post()
   async createKpiSpecial(
     @Body() requestBody: CreateKpiSpecial,
-    @Request() request: { user: Record<string, any> },
+    @Request() request: RequestWithUser,
   ) {
+    await new permission().PermissionCreate(request,"SYS_EVA_INDICATOR");
     const chk_kpiSpecial = await this.kpiSpecialRepository.findOne({
       where: {
         including: String(requestBody.including),
@@ -78,8 +80,9 @@ export class kpiSpecialController extends Controller {
   async updateKpiSpecial(
     @Path() id: string,
     @Body() requestBody: UpdateKpiSpecial,
-    @Request() request: { user: Record<string, any> },
+    @Request() request: RequestWithUser,
   ) {
+    await new permission().PermissionUpdate(request,"SYS_EVA_INDICATOR");
     const kpiSpecial = await this.kpiSpecialRepository.findOne({
       where: { id: id },
     });
@@ -213,7 +216,8 @@ export class kpiSpecialController extends Controller {
    * @param id
    */
   @Delete("{id}")
-  async deleteKpiSpecial(@Path() id: string) {
+  async deleteKpiSpecial(@Path() id: string, @Request() request: RequestWithUser,) {
+    await new permission().PermissionDelete(request,"SYS_EVA_INDICATOR");
     const kpiSpecial = await this.kpiSpecialRepository.findOne({
       where: { id: id },
     });