From 0cad83af1fca041d215bcfdc46851ae35b83325a Mon Sep 17 00:00:00 2001
From: harid <harid_pr61@live.rmutl.com>
Date: Tue, 26 May 2026 13:20:02 +0700
Subject: [PATCH] =?UTF-8?q?#2523=20STAFF=20+=20isDirector=20=E0=B9=83?=
 =?UTF-8?q?=E0=B8=AB=E0=B9=89=E0=B8=A5=E0=B9=89=E0=B8=AD=E0=B8=AA=E0=B8=B4?=
 =?UTF-8?q?=E0=B8=97=E0=B8=98=E0=B8=B4=E0=B9=8C=E0=B9=80=E0=B8=AB=E0=B8=A1?=
 =?UTF-8?q?=E0=B8=B7=E0=B8=AD=E0=B8=99=20CHILD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/controllers/CommandController.ts | 8 +++++++-
 src/interfaces/permission.ts         | 7 +++++--
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/src/controllers/CommandController.ts b/src/controllers/CommandController.ts
index f4e335ce..2d8abf02 100644
--- a/src/controllers/CommandController.ts
+++ b/src/controllers/CommandController.ts
@@ -206,7 +206,13 @@ export class CommandController extends Controller {
       child4: null,
     };
     if (request.user.role.includes("STAFF")) {
-      _data = await new permission().PermissionOrgList(request, "COMMAND");
+      // #2523 STAFF + isDirector ให้ล้อสิทธิ์เหมือน CHILD
+      if (!isDirector) {
+        _data = await new permission().PermissionOrgList(request, "COMMAND");
+        
+      } else {
+        _data = await new permission().PermissionIsDirectorOrgList(request, "COMMAND", isDirector);
+      }
     }
     if (isDirector || _data.privilege == "OWNER") {
       const profiles = await this.profileRepository
diff --git a/src/interfaces/permission.ts b/src/interfaces/permission.ts
index 4c3063de..5d22d274 100644
--- a/src/interfaces/permission.ts
+++ b/src/interfaces/permission.ts
@@ -39,7 +39,7 @@ class CheckAuth {
         }
       });
   }
-  public async PermissionOrg(req: RequestWithUser, system: string, action: string) {
+  public async PermissionOrg(req: RequestWithUser, system: string, action: string, isDirector?: boolean) {
     if (
       req.headers.hasOwnProperty("api_key") &&
       req.headers["api_key"] &&
@@ -56,7 +56,7 @@ class CheckAuth {
     return await new CallAPI()
       .GetData(req, `/org/permission/org/${system}/${action}`)
       .then(async (x) => {
-        let privilege = x.privilege;
+        let privilege = isDirector && isDirector === true ? "CHILD" : x.privilege;
 
         let data: any = {
           root: [null],
@@ -288,6 +288,9 @@ class CheckAuth {
   public async PermissionOrgList(req: RequestWithUser, system: string) {
     return await this.PermissionOrg(req, system, "LIST");
   }
+  public async PermissionIsDirectorOrgList(req: RequestWithUser, system: string, isDirector: boolean) {
+    return await this.PermissionOrg(req, system, "LIST", isDirector);
+  }
   public async PermissionOrgUpdate(req: RequestWithUser, system: string) {
     return await this.PermissionOrg(req, system, "UPDATE");
   }