From 3c8b377764794ff37d93e44e3e64a392f00293db Mon Sep 17 00:00:00 2001
From: harid <harid_pr61@live.rmutl.com>
Date: Thu, 14 May 2026 17:15:39 +0700
Subject: [PATCH] =?UTF-8?q?fix=20=E0=B8=A3=E0=B8=B0=E0=B8=9A=E0=B8=9A?=
 =?UTF-8?q?=E0=B9=81=E0=B8=88=E0=B9=89=E0=B8=87=20Noti=20=E0=B9=84?=
 =?UTF-8?q?=E0=B8=A1=E0=B9=88=E0=B8=95=E0=B8=A3=E0=B8=87=E0=B8=95=E0=B8=B2?=
 =?UTF-8?q?=E0=B8=A1=E0=B8=AA=E0=B8=B4=E0=B8=97=E0=B8=98=E0=B8=B4=E0=B9=8C?=
 =?UTF-8?q?=E0=B8=97=E0=B8=B5=E0=B9=88=E0=B9=84=E0=B8=94=E0=B9=89=E0=B8=A3?=
 =?UTF-8?q?=E0=B8=B1=E0=B8=9A=20#2488?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../OrganizationDotnetController.ts           | 145 +++++++++++++++++-
 1 file changed, 143 insertions(+), 2 deletions(-)

diff --git a/src/controllers/OrganizationDotnetController.ts b/src/controllers/OrganizationDotnetController.ts
index 86405850..e61bc4d8 100644
--- a/src/controllers/OrganizationDotnetController.ts
+++ b/src/controllers/OrganizationDotnetController.ts
@@ -8720,7 +8720,16 @@ export class OrganizationDotnetController extends Controller {
   ) {
     const profile = await this.profileRepo.findOne({
       where: { id: requestBody.profileId },
-      relations: ["current_holders", "current_holders.orgRevision"],
+      relations: {
+        current_holders: {
+          orgRevision: true,
+          orgRoot: true,
+          orgChild1: true,
+          orgChild2: true,
+          orgChild3: true,
+          orgChild4: true
+        }
+      }
     });
 
     if (!profile) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลโปรไฟล์");
@@ -8755,10 +8764,21 @@ export class OrganizationDotnetController extends Controller {
         "orgChild2.ancestorDNA AS child2DnaId",
         "orgChild3.ancestorDNA AS child3DnaId",
         "orgChild4.ancestorDNA AS child4DnaId",
+        "authRoleAttr.attrPrivilege AS attrPrivilege",
       ])
       .distinct(true)
       // ต้องมี posMasterAssign
       .innerJoin("posMasterAssign", "assign", "assign.posMasterId = pm.id")
+      // INNER JOIN เพื่อเอาเฉพาะที่มี attrPrivilege
+      .innerJoin("pm.authRole", "authRole")
+      .innerJoin(
+        "authRole.authRoles", "authRoleAttr",
+        "authRoleAttr.authSysId = :authSysId AND authRoleAttr.attrIsList = :attrIsList",
+        { 
+          attrIsList: true,
+          authSysId: assign.id
+        }
+      )
       // join เพื่อเอา ancestorDNA
       .leftJoin("pm.orgRoot", "orgRoot")
       .leftJoin("pm.orgChild1", "orgChild1")
@@ -8780,6 +8800,127 @@ export class OrganizationDotnetController extends Controller {
       })
       .getRawMany();
 
-    return new HttpSuccess(posMasters);
+    // ────────────────────────────────────────────────────────
+    // กรองตามสิทธิ์ (NORMAL, CHILD, BROTHER)
+    // ROOT และ PARENT ให้ผ่านทุกคน เพราะ filter orgRootId อยู่แล้ว
+    // ────────────────────────────────────────────────────────
+
+    // 1. หา User Node
+    const userNode = currentHolder.orgChild4Id ? 4
+      : currentHolder.orgChild3Id ? 3
+      : currentHolder.orgChild2Id ? 2
+      : currentHolder.orgChild1Id ? 1
+      : 0;
+
+    // 2. หา User DNA แต่ละระดับ
+    const userDna = {
+      root: currentHolder.orgRoot?.ancestorDNA ?? null,
+      child1: currentHolder.orgChild1?.ancestorDNA ?? null,
+      child2: currentHolder.orgChild2?.ancestorDNA ?? null,
+      child3: currentHolder.orgChild3?.ancestorDNA ?? null,
+      child4: currentHolder.orgChild4?.ancestorDNA ?? null,
+    };
+    
+    // 3. กรอง posMasters ตามสิทธิ์
+    const filteredPosMasters = posMasters.filter((staff) => {
+      const privilege = staff.attrPrivilege;
+
+      // ROOT และ PARENT: ให้ผ่านทุกคน เพราะ filter orgRootId อยู่แล้ว
+      if (privilege === "ROOT" || privilege === "PARENT" || privilege === "OWNER") {
+        return true;
+      }
+
+      // หา Staff Node
+      const staffNode = staff.orgChild4Id ? 4
+        : staff.orgChild3Id ? 3
+        : staff.orgChild2Id ? 2
+        : staff.orgChild1Id ? 1
+        : 0;
+
+      // หา Staff DNA
+      const staffDna = {
+        root: staff.rootDnaId,
+        child1: staff.child1DnaId,
+        child2: staff.child2DnaId,
+        child3: staff.child3DnaId,
+        child4: staff.child4DnaId,
+      };
+
+      // NORMAL: Node เท่ากัน + DNA เหมือนกันทุกตัว
+      if (privilege === "NORMAL") {
+        return (
+          staffNode === userNode &&
+          staffDna.root === userDna.root &&
+          (staffNode < 1 || staffDna.child1 === userDna.child1) &&
+          (staffNode < 2 || staffDna.child2 === userDna.child2) &&
+          (staffNode < 3 || staffDna.child3 === userDna.child3) &&
+          (staffNode < 4 || staffDna.child4 === userDna.child4)
+        );
+      }
+
+      // CHILD: Staff เห็น User ที่อยู่ในกิ่งลูก
+      if (privilege === "CHILD") {
+        // Staff ต้องอยู่บนกว่าหรือเท่ากับ User
+        if (staffNode > userNode) return false;
+
+        // เช็ค DNA ตรงกันที่ระดับ Staff
+        switch (staffNode) {
+          case 0:
+            if (staffDna.root !== userDna.root) return false;
+            break;
+          case 1:
+            if (staffDna.root !== userDna.root) return false;
+            if (staffDna.child1 !== userDna.child1) return false;
+            break;
+          case 2:
+            if (staffDna.root !== userDna.root) return false;
+            if (staffDna.child1 !== userDna.child1) return false;
+            if (staffDna.child2 !== userDna.child2) return false;
+            break;
+          case 3:
+            if (staffDna.root !== userDna.root) return false;
+            if (staffDna.child1 !== userDna.child1) return false;
+            if (staffDna.child2 !== userDna.child2) return false;
+            if (staffDna.child3 !== userDna.child3) return false;
+            break;
+          case 4:
+            if (staffDna.root !== userDna.root) return false;
+            if (staffDna.child1 !== userDna.child1) return false;
+            if (staffDna.child2 !== userDna.child2) return false;
+            if (staffDna.child3 !== userDna.child3) return false;
+            if (staffDna.child4 !== userDna.child4) return false;
+            break;
+        }
+        return true;
+      }
+
+      // BROTHER: Staff เห็น User ที่อยู่ในกิ่งข้างบนและลูก
+      if (privilege === "BROTHER") {
+        // User ต้องอยู่ในช่วง [Staff Node - 1, 4]
+        if (userNode < staffNode - 1 || userNode > 4) return false;
+
+        // เช็ค DNA ตรงกันตามระดับของ Staff
+        if (staffNode === 0) {
+          if (staffDna.root !== userDna.root) return false;
+        } else if (staffNode === 1) {
+          if (staffDna.root !== userDna.root) return false;
+          if (staffDna.child1 !== userDna.child1) return false;
+        } else if (staffNode === 2) {
+          if (staffDna.child1 !== userDna.child1) return false;
+          if (staffDna.child2 !== userDna.child2) return false;
+          if (staffDna.child3 !== userDna.child3) return false;
+        } else if (staffNode === 3) {
+          if (staffDna.child2 !== userDna.child2) return false;
+          if (staffDna.child3 !== userDna.child3) return false;
+        } else if (staffNode === 4) {
+          if (staffDna.child3 !== userDna.child3) return false;
+          if (staffDna.child4 !== userDna.child4) return false;
+        }
+        return true;
+      }
+      // กรณีอื่นๆ ให้ผ่าน
+      return true;
+    });
+    return new HttpSuccess(filteredPosMasters);
   }
 }