diff --git a/src/controllers/ProfileAbilityEmployeeTempController.ts b/src/controllers/ProfileAbilityEmployeeTempController.ts index 20dfb658..45699e1a 100644 --- a/src/controllers/ProfileAbilityEmployeeTempController.ts +++ b/src/controllers/ProfileAbilityEmployeeTempController.ts @@ -73,7 +73,8 @@ export class ProfileAbilityEmployeeTempController extends Controller { }, ], }) - public async detailProfileAbility(@Path() profileEmployeeId: string) { + public async detailProfileAbility(@Path() profileEmployeeId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_TEMP", profileEmployeeId); const getProfileAbilityId = await this.profileAbilityRepo.findBy({ profileEmployeeId }); if (!getProfileAbilityId) { throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -120,7 +121,12 @@ export class ProfileAbilityEmployeeTempController extends Controller { }, ], }) - public async getProfileAbilityHistory(@Path() abilityId: string) { + public async getProfileAbilityHistory(@Path() abilityId: string, @Request() req: RequestWithUser) { + const _record = await this.profileAbilityRepo.findOneBy({ id: abilityId }); + if (_record) { + await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_TEMP", _record.profileEmployeeId); + } + const record = await this.profileAbilityHistoryRepo.findBy({ profileAbilityId: abilityId, }); @@ -135,7 +141,6 @@ export class ProfileAbilityEmployeeTempController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileAbilityEmployee, ) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_TEMP"); if (!body.profileEmployeeId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileEmployeeId"); } @@ -144,6 +149,7 @@ export class ProfileAbilityEmployeeTempController extends Controller { if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_TEMP", profile.id); const data = new ProfileAbility(); const meta = { @@ -170,9 +176,9 @@ export class ProfileAbilityEmployeeTempController extends Controller { @Request() req: RequestWithUser, @Path() abilityId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_TEMP"); const record = await this.profileAbilityRepo.findOneBy({ id: abilityId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_TEMP", record.profileEmployeeId) const history = new ProfileAbilityHistory(); @@ -197,7 +203,11 @@ export class ProfileAbilityEmployeeTempController extends Controller { @Delete("{abilityId}") public async deleteProfileAbility(@Path() abilityId: string, @Request() req: RequestWithUser) { - await new permission().PermissionDelete(req, "SYS_REGISTRY_TEMP"); + const _record = await this.profileAbilityRepo.findOneBy({ id: abilityId }); + if (_record) { + await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_TEMP", _record.profileEmployeeId); + } + await this.profileAbilityHistoryRepo.delete({ profileAbilityId: abilityId, }); diff --git a/src/controllers/ProfileController.ts b/src/controllers/ProfileController.ts index 3f96ee28..53a018c0 100644 --- a/src/controllers/ProfileController.ts +++ b/src/controllers/ProfileController.ts @@ -4735,7 +4735,6 @@ export class ProfileController extends Controller { if (!profile) { throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลบุคคลนี้ในระบบ"); } - await new permission().PermissionOrgUserList(request, "SYS_REGISTRY_OFFICER", profile.id); const posMaster = await this.posMasterRepo.findOne({ where: { diff --git a/src/controllers/ProfileEmployeeController.ts b/src/controllers/ProfileEmployeeController.ts index 9ec536bc..6543c032 100644 --- a/src/controllers/ProfileEmployeeController.ts +++ b/src/controllers/ProfileEmployeeController.ts @@ -2560,7 +2560,6 @@ export class ProfileEmployeeController extends Controller { @Get("keycloak/position/{revisionId}") async getProfileByKeycloakByRevision( @Path() revisionId: string, - @Path() req: RequestWithUser, @Request() request: { user: Record }, ) { const profile = await this.profileRepo.findOne({ @@ -2570,7 +2569,6 @@ export class ProfileEmployeeController extends Controller { if (!profile) { throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลบุคคลนี้ในระบบ"); } - await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_EMP", profile.id) const _profile = { profileId: profile.id, rank: profile.rank,