update validate privilege (#201)

2025-10-20 17:45:43 +07:00 · 2025-10-20 17:45:43 +07:00 · 45cc074e81
commit 45cc074e81
parent 25f3a6535f
2 changed files with 57 additions and 9 deletions
--- a/src/controllers/OrganizationController.ts
+++ b/src/controllers/OrganizationController.ts
@ -1999,11 +1999,29 @@ export class OrganizationController extends Controller {
    if (isCurrentActive) {
      if (profileAssign && _privilege.privilege !== "OWNER") {
        if(_privilege.privilege == "NORMAL"){
-          _data.root = [profile.current_holders.find((x) => x.orgRevisionId === id)?.orgRootId];
-          _data.child1 = [profile.current_holders.find((x) => x.orgRevisionId === id)?.orgChild1Id];
-          _data.child2 = [profile.current_holders.find((x) => x.orgRevisionId === id)?.orgChild2Id];
-          _data.child3 = [profile.current_holders.find((x) => x.orgRevisionId === id)?.orgChild3Id];
-          _data.child4 = [profile.current_holders.find((x) => x.orgRevisionId === id)?.orgChild4Id];
+          const holder = profile.current_holders.find(x => x.orgRevisionId === id);
+          if (!holder) return;
+          _data.root = [holder.orgRootId];
+          _data.child1 = [holder.orgChild1Id];
+          _data.child2 = [holder.orgChild2Id];
+          _data.child3 = [holder.orgChild3Id];
+          _data.child4 = [holder.orgChild4Id];
+        }else if(_privilege.privilege == "CHILD"){
+          const holder = profile.current_holders.find(x => x.orgRevisionId === id);
+          if (!holder) return;
+          _data.root = [holder.orgRootId];
+          if (_privilege.root && _privilege.child1 === null) {
+          } else if (_privilege.child1 && _privilege.child2 === null) {
+            _data.child1 = [holder.orgChild1Id];
+          } else if (_privilege.child2 && _privilege.child3 === null) {
+            _data.child1 = [holder.orgChild1Id];
+            _data.child2 = [holder.orgChild2Id];
+          } else if (_privilege.child3 && _privilege.child4 === null) {
+            _data.child1 = [holder.orgChild1Id];
+            _data.child2 = [holder.orgChild2Id];
+            _data.child3 = [holder.orgChild3Id];
+            _data.child4 = [holder.orgChild4Id];
+          }
        }else{
          _data.root = [profile.current_holders.find((x) => x.orgRevisionId === id)?.orgRootId];
        }
--- a/src/controllers/PositionController.ts
+++ b/src/controllers/PositionController.ts
@ -2134,7 +2134,6 @@ export class PositionController extends Controller {
          orgChild1Id: IsNull(),
        };
        searchShortName = `CONCAT(orgRoot.orgRootShortName," ",posMaster.posMasterNo) like '%${body.keyword}%'`;
-      } else {
      }
    } else if (body.type === 1) {
      typeCondition = {
@ -2145,7 +2144,6 @@ export class PositionController extends Controller {
          orgChild2Id: IsNull(),
        };
        searchShortName = `CONCAT(orgChild1.orgChild1ShortName," ",posMaster.posMasterNo) like '%${body.keyword}%'`;
-      } else {
      }
    } else if (body.type === 2) {
      typeCondition = {
@ -2156,7 +2154,6 @@ export class PositionController extends Controller {
          orgChild3Id: IsNull(),
        };
        searchShortName = `CONCAT(orgChild2.orgChild2ShortName," ",posMaster.posMasterNo) like '%${body.keyword}%'`;
-      } else {
      }
    } else if (body.type === 3) {
      typeCondition = {
@ -2167,7 +2164,6 @@ export class PositionController extends Controller {
          orgChild4Id: IsNull(),
        };
        searchShortName = `CONCAT(orgChild3.orgChild3ShortName," ",posMaster.posMasterNo) like '%${body.keyword}%'`;
-      } else {
      }
    } else if (body.type === 4) {
      typeCondition = {
@ -2524,6 +2520,40 @@ export class PositionController extends Controller {
        };
      }),
    );
+    
+    if(_data.privilege === 'NORMAL'|| _data.privilege === 'PARENT'|| _data.privilege === 'CHILD'){ //PARENT จะไม่มีทางเห็น ROOT , CHILD ยึดจาก CHILD ที่อยู่ลงไปข้างล่างและจะไม่เห็น CHILD ที่อยู่เหนือกว่า
+      const nextChildMap:any = { //เอาไวเช็ค CHILD ถัดไป
+        0: _data.child1,
+        1: _data.child2,
+        2: _data.child3,
+        3: _data.child4,
+      };
+      const childValue = nextChildMap[body.type];
+      if(_data.privilege === 'NORMAL'){
+        if (Array.isArray(childValue) && childValue.some(item => item != null)) {
+          return new HttpSuccess({ data: {}, total: 0 });
+        }
+      }else if(_data.privilege === 'PARENT'){
+        if (body.type == 0){
+         return new HttpSuccess({ data: {}, total: 0 }); 
+        }
+      } else if (_data.privilege === 'CHILD') {
+        const higherChildChecks = [
+          { type: [0], child: _data.child1, next: _data.child2 },
+          { type: [0, 1], child: _data.child2, next: _data.child3 },
+          { type: [0, 1, 2], child: _data.child3, next: _data.child4 },
+          { type: [0, 1, 2, 3], child: _data.child4, next: true },
+        ];
+
+        for (const check of higherChildChecks) {
+          if (Array.isArray(check.child) && check.next == null) {
+            if (check.type.includes(body.type)) {
+              return new HttpSuccess({ data: {}, total: 0 });
+            }
+          }
+        }
+      }
+    }
    return new HttpSuccess({ data: formattedData, total });
  }