From 2ce5138a4f9e57b0b0096a1c475422a98f09331d Mon Sep 17 00:00:00 2001 From: AdisakKanthawilang Date: Fri, 16 Aug 2024 17:36:08 +0700 Subject: [PATCH] =?UTF-8?q?role=20=E0=B9=82=E0=B8=84=E0=B8=A3=E0=B8=87?= =?UTF-8?q?=E0=B8=AA=E0=B8=A3=E0=B9=89=E0=B8=B2=E0=B8=87=E0=B8=AD=E0=B8=B1?= =?UTF-8?q?=E0=B8=95=E0=B8=A3=E0=B8=B2=E0=B8=81=E0=B8=B3=E0=B8=A5=E0=B8=B1?= =?UTF-8?q?=E0=B8=87?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/controllers/EmployeePositionController.ts | 37 +++++++++++++----- src/controllers/OrgChild1Controller.ts | 14 ++++--- src/controllers/OrgChild2Controller.ts | 13 +++++-- src/controllers/OrgChild3Controller.ts | 16 ++++---- src/controllers/OrgChild4Controller.ts | 13 +++++-- src/controllers/OrgRootController.ts | 13 +++++-- src/controllers/OrganizationController.ts | 6 ++- src/controllers/PositionController.ts | 38 +++++++++++++------ src/controllers/ProfileEmployeeController.ts | 7 +++- 9 files changed, 109 insertions(+), 48 deletions(-) diff --git a/src/controllers/EmployeePositionController.ts b/src/controllers/EmployeePositionController.ts index e7ff17f0..05331106 100644 --- a/src/controllers/EmployeePositionController.ts +++ b/src/controllers/EmployeePositionController.ts @@ -36,6 +36,9 @@ import { OrgChild3 } from "../entities/OrgChild3"; import { OrgChild4 } from "../entities/OrgChild4"; import { ProfileEmployee } from "../entities/ProfileEmployee"; import { AuthRole } from "../entities/AuthRole"; +import { RequestWithUser } from "../middlewares/user"; +import permission from "../interfaces/permission"; +import { request } from "axios"; @Route("api/v1/org/employee/pos") @Tags("Employee") @Security("bearerAuth") @@ -69,8 +72,9 @@ export class EmployeePositionController extends Controller { async CreateEmployeePosition( @Body() requestBody: CreateEmployeePosDict, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionCreate(request, "SYS_ORG_EMP"); const empPosDict = Object.assign(new EmployeePosDict(), requestBody); if (!empPosDict) { throw new HttpError(HttpStatusCode.NOT_FOUND, "ไม่พบข้อมูล"); @@ -120,8 +124,9 @@ export class EmployeePositionController extends Controller { @Path() id: string, @Body() requestBody: UpdateEmployeePosDict, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionUpdate(request, "SYS_ORG_EMP"); const empPosDict = await this.employeePosDictRepository.findOne({ where: { id: id }, }); @@ -170,7 +175,8 @@ export class EmployeePositionController extends Controller { * @param {string} id Id ตำแหน่งลูกจ้างประจำ */ @Delete("position/{id}") - async delete(@Path() id: string) { + async delete(@Path() id: string, @Request() request: RequestWithUser) { + await new permission().PermissionDelete(request, "SYS_ORG_EMP"); const delEmpPosDict = await this.employeePosDictRepository.findOne({ where: { id } }); if (!delEmpPosDict) { throw new HttpError(HttpStatusCode.NOT_FOUND, "ไม่พบข้อมูลตำแหน่งลูกจ้างประจำนี้"); @@ -359,8 +365,9 @@ export class EmployeePositionController extends Controller { async createEmpMaster( @Body() requestBody: CreateEmployeePosMaster, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionCreate(request, "SYS_ORG_EMP"); const posMaster = Object.assign(new EmployeePosMaster(), requestBody); if (!posMaster) { throw new HttpError(HttpStatusCode.NOT_FOUND, "ไม่พบข้อมูล"); @@ -607,8 +614,9 @@ export class EmployeePositionController extends Controller { @Path() id: string, @Body() requestBody: CreateEmployeePosMaster, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionUpdate(request, "SYS_ORG_EMP"); const posMaster = await this.employeePosMasterRepository.findOne({ where: { id: id } }); if (!posMaster) { throw new HttpError(HttpStatusCode.NOT_FOUND, "ไม่พบข้อมูลอัตรากำลัง"); @@ -847,7 +855,8 @@ export class EmployeePositionController extends Controller { * @param {string} id Id ตำแหน่ง */ @Delete("master/{id}") - async deleteEmpPosMaster(@Path() id: string) { + async deleteEmpPosMaster(@Path() id: string, @Request() request: RequestWithUser) { + await new permission().PermissionCreate(request, "SYS_ORG_EMP"); const delPosMaster = await this.employeePosMasterRepository.findOne({ where: { id }, }); @@ -1177,7 +1186,8 @@ export class EmployeePositionController extends Controller { * */ @Post("sort") - async SortEmp(@Body() requestBody: { id: string; type: number; sortId: string[] }) { + async SortEmp(@Body() requestBody: { id: string; type: number; sortId: string[] }, @Request() request: RequestWithUser) { + await new permission().PermissionUpdate(request, "SYS_ORG_EMP"); switch (requestBody.type) { case 0: { const rootId = await this.employeePosMasterRepository.findOne({ @@ -1401,8 +1411,9 @@ export class EmployeePositionController extends Controller { @Post("move") async moveEmpPosMaster( @Body() requestBody: { id: string; type: number; positionMaster: string[] }, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionUpdate(request, "SYS_ORG_EMP"); const posMasters = await this.employeePosMasterRepository.find({ where: { id: In(requestBody.positionMaster) }, }); @@ -2067,7 +2078,9 @@ export class EmployeePositionController extends Controller { @Post("profile") async createEmpHolder( @Body() requestBody: { posMaster: string; position: string; profileId: string; isSit: boolean }, + @Request() request: RequestWithUser ) { + await new permission().PermissionCreate(request, "SYS_ORG_EMP"); const dataMaster = await this.employeePosMasterRepository.findOne({ where: { id: requestBody.posMaster }, relations: ["positions"], @@ -2100,7 +2113,8 @@ export class EmployeePositionController extends Controller { * @param {string} id *Id posMaster */ @Post("profile/delete/{id}") - async deleteEmpHolder(@Path() id: string) { + async deleteEmpHolder(@Path() id: string, @Request() request: RequestWithUser) { + await new permission().PermissionDelete(request, "SYS_ORG_EMP"); const dataMaster = await this.employeePosMasterRepository.findOne({ where: { id: id }, relations: ["positions"], @@ -2130,7 +2144,8 @@ export class EmployeePositionController extends Controller { * */ @Post("dna") - async dnaEmp(@Body() requestBody: { draftPositionId: string; publishPositionId: string }) { + async dnaEmp(@Body() requestBody: { draftPositionId: string; publishPositionId: string }, @Request() request: RequestWithUser) { + await new permission().PermissionDelete(request, "SYS_ORG_EMP"); const findDraft = await this.orgRevisionRepository.findOne({ where: { orgRevisionIsDraft: true, @@ -2185,7 +2200,9 @@ export class EmployeePositionController extends Controller { positionId: string; profileId: string; }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionCreate(request, "SYS_ORG_EMP"); const posMaster = await this.employeePosMasterRepository.findOne({ where: { id: body.posmasterId }, relations: ["orgRoot"], diff --git a/src/controllers/OrgChild1Controller.ts b/src/controllers/OrgChild1Controller.ts index 7188d2e5..72d93883 100644 --- a/src/controllers/OrgChild1Controller.ts +++ b/src/controllers/OrgChild1Controller.ts @@ -29,6 +29,8 @@ import { Position } from "../entities/Position"; import { EmployeePosMaster } from "../entities/EmployeePosMaster"; import { EmployeePosition } from "../entities/EmployeePosition"; import { Like } from "typeorm/browser"; +import { RequestWithUser } from "../middlewares/user"; +import permission from "../interfaces/permission"; @Route("api/v1/org/child1") @Tags("OrgChild1") @Security("bearerAuth") @@ -91,10 +93,8 @@ export class OrgChild1Controller { * */ @Post() - async save( - @Body() requestBody: CreateOrgChild1, - @Request() request: { user: Record }, - ) { + async save(@Body() requestBody: CreateOrgChild1, @Request() request: RequestWithUser) { + await new permission().PermissionCreate(request, "SYS_ORG"); const rootIdExits = await this.orgRootRepository.findOne({ where: { id: requestBody.orgRootId }, }); @@ -186,8 +186,9 @@ export class OrgChild1Controller { async Edit( @Path() id: string, @Body() requestBody: UpdateOrgChild1, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionUpdate(request, "SYS_ORG"); const rootIdExits = await this.orgRootRepository.findOne({ where: { id: requestBody.orgRootId }, }); @@ -320,7 +321,8 @@ export class OrgChild1Controller { * @param {string} id id สร้างโครงสร้างระดับ1 */ @Delete("{id}") - async delete(@Path() id: string) { + async delete(@Path() id: string, @Request() request: RequestWithUser) { + await new permission().PermissionDelete(request, "SYS_ORG"); const child1 = await this.child1Repository.findOne({ where: { id } }); if (!child1) { throw new HttpError(HttpStatusCode.NOT_FOUND, "not found."); diff --git a/src/controllers/OrgChild2Controller.ts b/src/controllers/OrgChild2Controller.ts index 5a734cde..4d35f197 100644 --- a/src/controllers/OrgChild2Controller.ts +++ b/src/controllers/OrgChild2Controller.ts @@ -30,6 +30,8 @@ import { PosMaster } from "../entities/PosMaster"; import { Position } from "../entities/Position"; import { EmployeePosMaster } from "../entities/EmployeePosMaster"; import { EmployeePosition } from "../entities/EmployeePosition"; +import { RequestWithUser } from "../middlewares/user"; +import permission from "../interfaces/permission"; @Route("api/v1/org/child2") @Tags("OrgChild2") @Security("bearerAuth") @@ -108,8 +110,9 @@ export class OrgChild2Controller extends Controller { async create( @Body() requestBody: CreateOrgChild2, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionCreate(request, "SYS_ORG"); const child1 = await this.child1Repository.findOne({ where: { id: requestBody.orgChild1Id }, }); @@ -183,8 +186,9 @@ export class OrgChild2Controller extends Controller { @Path() id: string, @Body() requestBody: UpdateOrgChild2, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionUpdate(request, "SYS_ORG"); const child1IdExits = await this.child1Repository.findOne({ where: { id: requestBody.orgChild1Id }, }); @@ -239,7 +243,8 @@ export class OrgChild2Controller extends Controller { * @param {string} id Guid, *Id Child2 */ @Delete("{id}") - async delete(@Path() id: string) { + async delete(@Path() id: string, @Request() request: RequestWithUser) { + await new permission().PermissionDelete(request, "SYS_ORG"); const child2 = await this.child2Repository.findOne({ where: { id } }); if (!child2) { throw new HttpError(HttpStatusCode.NOT_FOUND, "not found."); @@ -280,7 +285,7 @@ export class OrgChild2Controller extends Controller { const empPositions = await this.empPositionRepository.find({ where: [{ posMasterId: In(empPosMasters.map((x) => x.id)) }], }); - + await this.empPositionRepository.remove(empPositions); await this.empPosMasterRepository.remove(empPosMasters); await this.positionRepository.remove(positions); diff --git a/src/controllers/OrgChild3Controller.ts b/src/controllers/OrgChild3Controller.ts index 1f29d8c7..596fec4a 100644 --- a/src/controllers/OrgChild3Controller.ts +++ b/src/controllers/OrgChild3Controller.ts @@ -27,6 +27,8 @@ import { PosMaster } from "../entities/PosMaster"; import { Position } from "../entities/Position"; import { EmployeePosMaster } from "../entities/EmployeePosMaster"; import { EmployeePosition } from "../entities/EmployeePosition"; +import { RequestWithUser } from "../middlewares/user"; +import permission from "../interfaces/permission"; @Route("api/v1/org/child3") @Tags("OrgChild3") @Security("bearerAuth") @@ -88,10 +90,8 @@ export class OrgChild3Controller { * */ @Post() - async save( - @Body() requestBody: CreateOrgChild3, - @Request() request: { user: Record }, - ) { + async save(@Body() requestBody: CreateOrgChild3, @Request() request: RequestWithUser) { + await new permission().PermissionCreate(request, "SYS_ORG"); const child2 = await this.child2Repository.findOne({ where: { id: requestBody.orgChild2Id }, }); @@ -152,8 +152,9 @@ export class OrgChild3Controller { async Edit( @Path() id: string, @Body() requestBody: UpdateOrgChild3, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionUpdate(request, "SYS_ORG"); const child2IdExits = await this.child2Repository.findOne({ where: { id: requestBody.orgChild2Id }, }); @@ -209,7 +210,8 @@ export class OrgChild3Controller { * @param {string} id id สร้างโครงสร้างระดับ3 */ @Delete("{id}") - async delete(@Path() id: string) { + async delete(@Path() id: string, @Request() request: RequestWithUser) { + await new permission().PermissionDelete(request, "SYS_ORG"); const child3 = await this.child3Repository.findOne({ where: { id } }); if (!child3) { throw new HttpError(HttpStatusCode.NOT_FOUND, "not found."); @@ -250,7 +252,7 @@ export class OrgChild3Controller { const empPositions = await this.empPositionRepository.find({ where: [{ posMasterId: In(empPosMasters.map((x) => x.id)) }], }); - + await this.empPositionRepository.remove(empPositions); await this.empPosMasterRepository.remove(empPosMasters); await this.positionRepository.remove(positions); diff --git a/src/controllers/OrgChild4Controller.ts b/src/controllers/OrgChild4Controller.ts index 430f8dd0..859607f2 100644 --- a/src/controllers/OrgChild4Controller.ts +++ b/src/controllers/OrgChild4Controller.ts @@ -29,6 +29,8 @@ import { PosMaster } from "../entities/PosMaster"; import { Position } from "../entities/Position"; import { EmployeePosMaster } from "../entities/EmployeePosMaster"; import { EmployeePosition } from "../entities/EmployeePosition"; +import { RequestWithUser } from "../middlewares/user"; +import permission from "../interfaces/permission"; @Route("api/v1/org/child4") @Tags("OrgChild4") @@ -106,8 +108,9 @@ export class OrgChild4Controller extends Controller { async create( @Body() requestBody: CreateOrgChild4, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionCreate(request, "SYS_ORG"); const child3 = await this.child3Repository.findOne({ where: { id: requestBody.orgChild3Id }, }); @@ -184,8 +187,9 @@ export class OrgChild4Controller extends Controller { @Path() id: string, @Body() requestBody: UpdateOrgChild4, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionUpdate(request, "SYS_ORG"); const child3IdExits = await this.child3Repository.findOne({ where: { id: requestBody.orgChild3Id }, }); @@ -242,7 +246,8 @@ export class OrgChild4Controller extends Controller { * @param {string} id Guid, *Id Child4 */ @Delete("{id}") - async delete(@Path() id: string) { + async delete(@Path() id: string, @Request() request: RequestWithUser) { + await new permission().PermissionUpdate(request, "SYS_ORG"); const child4 = await this.child4Repository.findOne({ where: { id } }); if (!child4) { throw new HttpError(HttpStatusCode.NOT_FOUND, "not found."); @@ -275,7 +280,7 @@ export class OrgChild4Controller extends Controller { const empPositions = await this.empPositionRepository.find({ where: [{ posMasterId: In(empPosMasters.map((x) => x.id)) }], }); - + await this.empPositionRepository.remove(empPositions); await this.empPosMasterRepository.remove(empPosMasters); await this.positionRepository.remove(positions); diff --git a/src/controllers/OrgRootController.ts b/src/controllers/OrgRootController.ts index 9cc3b768..39a09ea4 100644 --- a/src/controllers/OrgRootController.ts +++ b/src/controllers/OrgRootController.ts @@ -28,6 +28,8 @@ import { PosMaster } from "../entities/PosMaster"; import { Position } from "../entities/Position"; import { EmployeePosMaster } from "../entities/EmployeePosMaster"; import { EmployeePosition } from "../entities/EmployeePosition"; +import permission from "../interfaces/permission"; +import { RequestWithUser } from "../middlewares/user"; @Route("api/v1/org/root") @Tags("OrgRoot") @@ -97,8 +99,9 @@ export class OrgRootController extends Controller { // @Path() id: string, @Body() requestBody: CreateOrgRoot, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionCreate(request, "SYS_ORG"); const validOrgRootRanks = ["DEPARTMENT", "OFFICE", "DIVISION", "SECTION"]; if (!validOrgRootRanks.includes(requestBody.orgRootRank.toUpperCase())) { throw new HttpError(HttpStatusCode.NOT_FOUND, "not found. orgRootRank"); @@ -178,11 +181,12 @@ export class OrgRootController extends Controller { @Path() id: string, @Body() requestBody: CreateOrgRoot, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionUpdate(request, "SYS_ORG"); const validOrgRootRanks = ["DEPARTMENT", "OFFICE", "DIVISION", "SECTION"]; if (!validOrgRootRanks.includes(requestBody.orgRootRank.toUpperCase())) { - throw new HttpError(HttpStatusCode.NOT_FOUND, "not found. orgRootRank"); + throw new HttpError(HttpStatusCode.NOT_FOUND, "not found. orgRo otRank"); } const revisionIdExits = await this.orgRevisionRepository.findOne({ @@ -322,7 +326,8 @@ export class OrgRootController extends Controller { * @param {string} id Guid, *Id root */ @Delete("{id}") - async delete(@Path() id: string) { + async delete(@Path() id: string, @Request() request: RequestWithUser) { + await new permission().PermissionDelete(request, "SYS_ORG"); const orgRoot = await this.orgRootRepository.findOne({ where: { id } }); if (!orgRoot) { throw new HttpError(HttpStatusCode.NOT_FOUND, "ไม่พบข้อมูลโครงสร้างระดับ Root นี้"); diff --git a/src/controllers/OrganizationController.ts b/src/controllers/OrganizationController.ts index ef8e35a0..25a5163d 100644 --- a/src/controllers/OrganizationController.ts +++ b/src/controllers/OrganizationController.ts @@ -28,6 +28,9 @@ import { Position } from "../entities/Position"; import CallAPI from "../interfaces/call-api"; import { ProfileSalary } from "../entities/ProfileSalary"; import { Profile } from "../entities/Profile"; +import { request } from "axios"; +import { RequestWithUser } from "../middlewares/user"; +import permission from "../interfaces/permission"; @Route("api/v1/org") @Tags("Organization") @@ -1483,7 +1486,8 @@ export class OrganizationController extends Controller { * */ @Post("sort") - async Sort(@Body() requestBody: { id: string; type: number; sortId: string[] }) { + async Sort(@Body() requestBody: { id: string; type: number; sortId: string[] }, @Request() request: RequestWithUser) { + await new permission().PermissionUpdate(request, "SYS_ORG"); switch (requestBody.type) { case 0: { const revisionId = await this.orgRevisionRepository.findOne({ diff --git a/src/controllers/PositionController.ts b/src/controllers/PositionController.ts index b46b60d4..75f3d7ee 100644 --- a/src/controllers/PositionController.ts +++ b/src/controllers/PositionController.ts @@ -38,6 +38,9 @@ import { EmployeePosMaster } from "../entities/EmployeePosMaster"; import { EmployeePosType } from "../entities/EmployeePosType"; import { EmployeePosLevel } from "../entities/EmployeePosLevel"; import { AuthRole } from "../entities/AuthRole"; +import { RequestWithUser } from "../middlewares/user"; +import permission from "../interfaces/permission"; +import { request } from "axios"; @Route("api/v1/org/pos") @Tags("Position") @Security("bearerAuth") @@ -85,8 +88,9 @@ export class PositionController extends Controller { async createPosition( @Body() requestBody: CreatePosDict, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionCreate(request, "SYS_ORG"); const posDict = Object.assign(new PosDict(), requestBody); if (!posDict) { throw new HttpError(HttpStatusCode.NOT_FOUND, "ไม่พบข้อมูล"); @@ -164,8 +168,9 @@ export class PositionController extends Controller { async createPositionNameExe( @Body() requestBody: CreatePosDictExe, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionCreate(request, "SYS_ORG"); // let posDict: PosDict; let posDict: any = new PosDict(); posDict.posDictName = requestBody.posDictName; @@ -267,8 +272,9 @@ export class PositionController extends Controller { @Path() id: string, @Body() requestBody: UpdatePosDict, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionUpdate(request, "SYS_ORG"); const posDict = await this.posDictRepository.findOne({ where: { id: id }, }); @@ -348,7 +354,8 @@ export class PositionController extends Controller { * @param {string} id Id ตำแหน่ง */ @Delete("position/{id}") - async delete(@Path() id: string) { + async delete(@Path() id: string, @Request() request: RequestWithUser) { + await new permission().PermissionDelete(request, "SYS_ORG"); const delPosDict = await this.posDictRepository.findOne({ where: { id } }); if (!delPosDict) { throw new HttpError(HttpStatusCode.NOT_FOUND, "ไม่พบข้อมูลตำแหน่งในสายงานนี้"); @@ -517,8 +524,9 @@ export class PositionController extends Controller { async createMaster( @Body() requestBody: CreatePosMaster, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionCreate(request, "SYS_ORG"); const posMaster = Object.assign(new PosMaster(), requestBody); if (!posMaster) { throw new HttpError(HttpStatusCode.NOT_FOUND, "ไม่พบข้อมูล"); @@ -793,8 +801,9 @@ export class PositionController extends Controller { @Path() id: string, @Body() requestBody: CreatePosMaster, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionUpdate(request, "SYS_ORG"); const posMaster = await this.posMasterRepository.findOne({ where: { id: id } }); if (!posMaster) { throw new HttpError(HttpStatusCode.NOT_FOUND, "ไม่พบข้อมูลอัตรากำลัง"); @@ -1022,7 +1031,8 @@ export class PositionController extends Controller { * @param {string} id Id ตำแหน่ง */ @Delete("master/{id}") - async deletePosMaster(@Path() id: string) { + async deletePosMaster(@Path() id: string, @Request() request: RequestWithUser) { + await new permission().PermissionUpdate(request, "SYS_ORG"); const delPosMaster = await this.posMasterRepository.findOne({ where: { id }, // relations: ["position"], @@ -1397,7 +1407,8 @@ export class PositionController extends Controller { * */ @Post("sort") - async Sort(@Body() requestBody: { id: string; type: number; sortId: string[] }) { + async Sort(@Body() requestBody: { id: string; type: number; sortId: string[] }, @Request() request: RequestWithUser) { + await new permission().PermissionUpdate(request, "SYS_ORG"); switch (requestBody.type) { case 0: { const rootId = await this.posMasterRepository.findOne({ @@ -1626,8 +1637,9 @@ export class PositionController extends Controller { @Post("move") async movePosMaster( @Body() requestBody: { id: string; type: number; positionMaster: string[] }, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionUpdate(request, "SYS_ORG"); const posMasters = await this.posMasterRepository.find({ where: { id: In(requestBody.positionMaster) }, }); @@ -2464,7 +2476,9 @@ export class PositionController extends Controller { @Post("profile") async createHolder( @Body() requestBody: { posMaster: string; position: string; profileId: string; isSit: boolean }, + @Request() request: RequestWithUser ) { + await new permission().PermissionUpdate(request, "SYS_ORG"); const dataMaster = await this.posMasterRepository.findOne({ where: { id: requestBody.posMaster }, relations: ["positions"], @@ -2496,7 +2510,8 @@ export class PositionController extends Controller { * @param {string} id *Id posMaster */ @Post("profile/delete/{id}") - async deleteHolder(@Path() id: string) { + async deleteHolder(@Path() id: string, @Request() request: RequestWithUser) { + await new permission().PermissionDelete(request, "SYS_ORG"); const dataMaster = await this.posMasterRepository.findOne({ where: { id: id }, relations: ["positions"], @@ -2525,7 +2540,8 @@ export class PositionController extends Controller { * */ @Post("dna") - async dna(@Body() requestBody: { draftPositionId: string; publishPositionId: string }) { + async dna(@Body() requestBody: { draftPositionId: string; publishPositionId: string }, @Request() request: RequestWithUser) { + await new permission().PermissionUpdate(request, "SYS_ORG"); const findDraft = await this.orgRevisionRepository.findOne({ where: { orgRevisionIsDraft: true, diff --git a/src/controllers/ProfileEmployeeController.ts b/src/controllers/ProfileEmployeeController.ts index 940060a5..be37ed8a 100644 --- a/src/controllers/ProfileEmployeeController.ts +++ b/src/controllers/ProfileEmployeeController.ts @@ -66,6 +66,7 @@ import { EmployeePosition } from "../entities/EmployeePosition"; import { ProfileInsignia } from "../entities/ProfileInsignia"; import { ProfileLeave } from "../entities/ProfileLeave"; import permission from "../interfaces/permission"; +import { request } from "axios"; @Route("api/v1/org/profile-employee") @Tags("ProfileEmployee") @Security("bearerAuth") @@ -2029,6 +2030,7 @@ export class ProfileEmployeeController extends Controller { @Path() id: string, @Body() body: UpdatePositionTempProfileEmployee, ) { + await new permission().PermissionCreate(request, "SYS_REGISTRY_TEMP"); if (body.posLevelId === "") body.posLevelId = null; if (body.posTypeId === "") body.posTypeId = null; @@ -2841,6 +2843,7 @@ export class ProfileEmployeeController extends Controller { @Path() profileEmployeeId: string, @Body() body: UpdateInformationProfileEmployee, ) { + await new permission().PermissionUpdate(request, "SYS_REGISTRY_TEMP"); const profileEmp = await this.profileRepo.findOneBy({ id: profileEmployeeId }); if (!profileEmp) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลโปรไฟล์นี้"); @@ -3030,7 +3033,8 @@ export class ProfileEmployeeController extends Controller { * @param {string} id Id ข้อมูลการจ้าง */ @Delete("employment/{id}") - async DeleteEmployment(@Path() id: string) { + async DeleteEmployment(@Path() id: string, @Request() request: RequestWithUser) { + await new permission().PermissionDelete(request, "SYS_REGISTRY_TEMP"); await this.employmentHistoryRepository.delete({ profileEmployeeEmploymentId: id, }); @@ -3055,6 +3059,7 @@ export class ProfileEmployeeController extends Controller { @Path() id: string, @Body() body: UpdateEmploymentProfileEmployee, ) { + await new permission().PermissionUpdate(request, "SYS_REGISTRY_TEMP"); const employment = await this.employmentRepository.findOneBy({ id }); if (!employment) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล");