From 4b42b896fa1f5323a16b339941cb802314ea9b62 Mon Sep 17 00:00:00 2001 From: AdisakKanthawilang Date: Thu, 22 Aug 2024 17:25:25 +0700 Subject: [PATCH] =?UTF-8?q?role=20=E0=B9=80=E0=B8=A1=E0=B8=99=E0=B8=B9=20?= =?UTF-8?q?=E0=B8=82=E0=B9=89=E0=B8=B2=E0=B8=A3=E0=B8=B2=E0=B8=8A=E0=B8=81?= =?UTF-8?q?=E0=B8=B2=E0=B8=A3=20=E0=B8=81=E0=B8=97=E0=B8=A1.=20=E0=B8=AA?= =?UTF-8?q?=E0=B8=B2=E0=B8=A1=E0=B8=B1=E0=B8=8D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/controllers/ProfileAbilityController.ts | 31 ++++++++++++----- src/controllers/ProfileAddressController.ts | 8 +++-- .../ProfileAssessmentsController.ts | 34 ++++++++++++++----- src/controllers/ProfileAvatarController.ts | 21 ++++++++---- .../ProfileCertificateController.ts | 26 +++++++++----- .../ProfileChangeNameController.ts | 24 ++++++++----- src/controllers/ProfileChildrenController.ts | 19 +++++++---- src/controllers/ProfileController.ts | 32 +++++++++++------ .../ProfileDisciplineController.ts | 23 ++++++++----- src/controllers/ProfileDutyController.ts | 22 +++++++----- .../ProfileEducationsController.ts | 20 +++++++---- .../ProfileFamilyCoupleController.ts | 10 +++--- .../ProfileFamilyFatherController.ts | 10 +++--- .../ProfileFamilyMotherController.ts | 11 +++--- .../ProfileGovernmentController.ts | 8 +++-- src/controllers/ProfileHonorController.ts | 23 ++++++++----- src/controllers/ProfileInsigniaController.ts | 26 ++++++++------ src/controllers/ProfileLeaveController.ts | 21 ++++++++---- src/controllers/ProfileNopaidController.ts | 22 +++++++----- src/controllers/ProfileOtherController.ts | 22 +++++++----- src/controllers/ProfileSalaryController.ts | 29 ++++++++++------ src/controllers/ProfileTrainingController.ts | 22 +++++++----- 22 files changed, 307 insertions(+), 157 deletions(-) diff --git a/src/controllers/ProfileAbilityController.ts b/src/controllers/ProfileAbilityController.ts index 3a9fbbcf..a4fdf3bc 100644 --- a/src/controllers/ProfileAbilityController.ts +++ b/src/controllers/ProfileAbilityController.ts @@ -71,7 +71,8 @@ export class ProfileAbilityController extends Controller { }, ], }) - public async detailProfileAbility(@Path() profileId: string) { + public async detailProfileAbility(@Path() profileId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_OFFICER", profileId); const getProfileAbilityId = await this.profileAbilityRepo.findBy({ profileId }); if (!getProfileAbilityId) { throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -118,10 +119,21 @@ export class ProfileAbilityController extends Controller { }, ], }) - public async getProfileAbilityHistory(@Path() abilityId: string) { - const record = await this.profileAbilityHistoryRepo.findBy({ - profileAbilityId: abilityId, + public async getProfileAbilityHistory( + @Path() abilityId: string, + @Request() req: RequestWithUser, + ) { + const _record = await this.profileAbilityRepo.findOne({ + where: { id: abilityId }, }); + if (_record) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_OFFICER", _record.profileId); + } + const record = await this.profileAbilityHistoryRepo.find({ + relations: ["histories"], + where: { profileAbilityId: abilityId }, + }); + if (!record) { throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); } @@ -133,15 +145,15 @@ export class ProfileAbilityController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileAbility, ) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_OFFICER"); if (!body.profileId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } - + const profile = await this.profileRepo.findOneBy({ id: body.profileId }); if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_OFFICER", profile.id);//ตส const data = new ProfileAbility(); const meta = { @@ -168,9 +180,9 @@ export class ProfileAbilityController extends Controller { @Request() req: RequestWithUser, @Path() abilityId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_OFFICER"); const record = await this.profileAbilityRepo.findOneBy({ id: abilityId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_OFFICER", record.profileId); const history = new ProfileAbilityHistory(); @@ -195,7 +207,10 @@ export class ProfileAbilityController extends Controller { @Delete("{abilityId}") public async deleteProfileAbility(@Path() abilityId: string, @Request() req: RequestWithUser) { - await new permission().PermissionDelete(req, "SYS_REGISTRY_OFFICER"); + const _record = await this.profileAbilityRepo.findOneBy({ id: abilityId }); + if (_record) { + await new permission().PermissionOrgUserDelete(req,"SYS_REGISTRY_OFFICER",_record.profileId); + } await this.profileAbilityHistoryRepo.delete({ profileAbilityId: abilityId, }); diff --git a/src/controllers/ProfileAddressController.ts b/src/controllers/ProfileAddressController.ts index e990ac24..0bb28158 100644 --- a/src/controllers/ProfileAddressController.ts +++ b/src/controllers/ProfileAddressController.ts @@ -68,7 +68,8 @@ export class ProfileAddressController extends Controller { * */ @Get("{profileId}") - public async detailProfileAddress(@Path() profileId: string) { + public async detailProfileAddress(@Path() profileId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_OFFICER", profileId); const getProfileAddress = await this.profileRepo.findOne({ where: { id: profileId }, select: [ @@ -139,7 +140,8 @@ export class ProfileAddressController extends Controller { * */ @Get("history/{profileId}") - public async getProfileAddressHistory(@Path() profileId: string) { + public async getProfileAddressHistory(@Path() profileId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_OFFICER", profileId); const record = await this.profileAddressHistoryRepo.find({ where: { profileId: profileId }, relations: { @@ -182,7 +184,7 @@ export class ProfileAddressController extends Controller { @Request() req: RequestWithUser, @Path() profileId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_OFFICER"); + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_OFFICER", profileId); const record = await this.profileRepo.findOneBy({ id: profileId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); diff --git a/src/controllers/ProfileAssessmentsController.ts b/src/controllers/ProfileAssessmentsController.ts index d10a53fe..8fefd219 100644 --- a/src/controllers/ProfileAssessmentsController.ts +++ b/src/controllers/ProfileAssessmentsController.ts @@ -78,7 +78,11 @@ export class ProfileAssessmentsController extends Controller { }, ], }) - public async detailProfileAssessments(@Path() profileId: string) { + public async detailProfileAssessments( + @Path() profileId: string, + @Request() req: RequestWithUser, + ) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_OFFICER", profileId); const getProfileAssessments = await this.profileAssessmentsRepository.findBy({ profileId }); if (!getProfileAssessments) { throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -129,7 +133,10 @@ export class ProfileAssessmentsController extends Controller { }, ], }) - public async getProfileAssessmentsHistory(@Path() assessmentId: string) { + public async getProfileAssessmentsHistory( + @Path() assessmentId: string, + @Request() req: RequestWithUser, + ) { const record = await this.profileAssessmentsHistoryRepository.findBy({ profileAssessmentId: assessmentId, }); @@ -137,7 +144,14 @@ export class ProfileAssessmentsController extends Controller { if (!record) { throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); } - + const _record = await this.profileAssessmentsRepository.findOne({ + where: { + id: assessmentId, + }, + }); + if (_record) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_OFFICER", _record.profileId); + } return new HttpSuccess(record); } @@ -146,15 +160,15 @@ export class ProfileAssessmentsController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileAssessment, ) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_OFFICER"); if (!body.profileId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } - + const profile = await this.profileRepo.findOneBy({ id: body.profileId }); if (!profile) { throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); } + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_OFFICER", profile.id);//ตส const data = new ProfileAssessment(); const meta = { @@ -180,10 +194,11 @@ export class ProfileAssessmentsController extends Controller { @Request() req: RequestWithUser, @Path() assessmentId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_OFFICER"); + const record = await this.profileAssessmentsRepository.findOneBy({ id: assessmentId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); - + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_OFFICER", record.profileId); + const history = new ProfileAssessmentHistory(); Object.assign(record, body); @@ -210,7 +225,10 @@ export class ProfileAssessmentsController extends Controller { @Path() assessmentId: string, @Request() req: RequestWithUser, ) { - await new permission().PermissionDelete(req, "SYS_REGISTRY_OFFICER"); + const _record = await this.profileAssessmentsRepository.findOneBy({ id: assessmentId }); + if (_record) { + await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_OFFICER", _record.profileId); + } await this.profileAssessmentsHistoryRepository.delete({ profileAssessmentId: assessmentId, }); diff --git a/src/controllers/ProfileAvatarController.ts b/src/controllers/ProfileAvatarController.ts index 3eb7e0a4..08ee1486 100644 --- a/src/controllers/ProfileAvatarController.ts +++ b/src/controllers/ProfileAvatarController.ts @@ -15,7 +15,8 @@ export class ProfileAvatarController extends Controller { private avatarRepository = AppDataSource.getRepository(ProfileAvatar); @Get("{profileId}") - public async getAvatar(@Path() profileId: string) { + public async getAvatar(@Path() profileId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_OFFICER", profileId); const lists = await this.avatarRepository.find({ where: { profileId: profileId }, }); @@ -23,7 +24,8 @@ export class ProfileAvatarController extends Controller { } @Get("profileId/{id}") - async getProfile(@Path() id: string) { + async getProfile(@Path() id: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_OFFICER", id); const profile = await this.profileRepository.findOne({ select: ["id", "avatar", "avatarName"], where: { id }, @@ -35,7 +37,8 @@ export class ProfileAvatarController extends Controller { } @Get("select/{profileId}/{id}") - public async selectAvatar(@Path() profileId: string, @Path() id: string) { + public async selectAvatar(@Path() profileId: string, @Path() id: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_OFFICER", profileId); const result = await this.avatarRepository.findOneBy({ id: id }); if (!result) { throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -63,14 +66,14 @@ export class ProfileAvatarController extends Controller { @Post() public async newAvatar(@Request() req: RequestWithUser, @Body() body: CreateProfileAvatar) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_OFFICER"); const profile = await this.profileRepository.findOne({ where: { id: body.profileId }, }); - + if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_OFFICER", profile.id); const data = new ProfileAvatar(); @@ -114,8 +117,12 @@ export class ProfileAvatarController extends Controller { } @Delete("{avatarId}") - public async deleteAvatar(@Path() avatarId: string, @Request() req: RequestWithUser) { - await new permission().PermissionDelete(req, "SYS_REGISTRY_OFFICER"); + public async deleteAvatar(@Path() avatarId: string, @Request() req: RequestWithUser) + { + const _record = await this.avatarRepository.findOneBy({ id: avatarId }); + if (_record) { + await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_OFFICER", _record.profileId); + } const result = await this.avatarRepository.delete({ id: avatarId }); if (result.affected == undefined || result.affected <= 0) { diff --git a/src/controllers/ProfileCertificateController.ts b/src/controllers/ProfileCertificateController.ts index 76002fda..6d2441b8 100644 --- a/src/controllers/ProfileCertificateController.ts +++ b/src/controllers/ProfileCertificateController.ts @@ -67,7 +67,8 @@ export class ProfileCertificateController extends Controller { }, ], }) - public async getCertificate(@Path() profileId: string) { + public async getCertificate(@Path() profileId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_OFFICER", profileId); const record = await this.certificateRepo.findBy({ profileId }); return new HttpSuccess(record); } @@ -109,11 +110,16 @@ export class ProfileCertificateController extends Controller { }, ], }) - public async certificateHistory(@Path() certificateId: string) { + public async certificateHistory(@Path() certificateId: string, @Request() req: RequestWithUser) { + const _record = await this.certificateRepo.findOneBy({ id: certificateId }); + if (_record) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_OFFICER", _record.profileId); + } const record = await this.certificateHistoryRepo.findBy({ profileCertificateId: certificateId, }); return new HttpSuccess(record); + } @Post() @@ -121,16 +127,16 @@ export class ProfileCertificateController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileCertificate, ) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_OFFICER"); if (!body.profileId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } - + const profile = await this.profileRepo.findOneBy({ id: body.profileId }); - + if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_OFFICER", profile.id); const data = new ProfileCertificate(); @@ -158,11 +164,10 @@ export class ProfileCertificateController extends Controller { @Body() body: UpdateProfileCertificate, @Path() certificateId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_OFFICER"); const record = await this.certificateRepo.findOneBy({ id: certificateId }); - if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); - + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_OFFICER", record.profileId); + const history = new ProfileCertificateHistory(); Object.assign(record, body); @@ -186,7 +191,10 @@ export class ProfileCertificateController extends Controller { @Delete("{certificateId}") public async deleteCertificate(@Path() certificateId: string, @Request() req: RequestWithUser) { - await new permission().PermissionDelete(req, "SYS_REGISTRY_OFFICER"); + const _record = await this.certificateRepo.findOneBy({ id: certificateId }); + if (_record) { + await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_OFFICER", _record.profileId); + } await this.certificateHistoryRepo.delete({ profileCertificateId: certificateId, }); diff --git a/src/controllers/ProfileChangeNameController.ts b/src/controllers/ProfileChangeNameController.ts index 069adac3..de4a1600 100644 --- a/src/controllers/ProfileChangeNameController.ts +++ b/src/controllers/ProfileChangeNameController.ts @@ -63,7 +63,8 @@ export class ProfileChangeNameController extends Controller { }, ], }) - public async getChangeName(@Path() profileId: string) { + public async getChangeName(@Path() profileId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_OFFICER", profileId); const lists = await this.changeNameRepository.find({ where: { profileId: profileId }, select: ["id", "prefix", "firstName", "lastName", "status"], @@ -97,7 +98,11 @@ export class ProfileChangeNameController extends Controller { }, ], }) - public async changeNameHistory(@Path() changeNameId: string) { + public async changeNameHistory(@Path() changeNameId: string, @Request() req: RequestWithUser) { + const _record = await this.changeNameRepository.findOneBy({ id: changeNameId }); + if (_record) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_OFFICER", _record.profileId); + } const record = await this.changeNameHistoryRepository.find({ where: { profileChangeNameId: changeNameId }, select: [ @@ -119,17 +124,16 @@ export class ProfileChangeNameController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileChangeName, ) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_OFFICER"); if (!body.profileId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } - + const profile = await this.profileRepository.findOneBy({ id: body.profileId }); - if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } - + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_OFFICER", profile.id); + const data = new ProfileChangeName(); const meta = { @@ -168,10 +172,9 @@ export class ProfileChangeNameController extends Controller { @Body() body: UpdateProfileChangeName, @Path() changeNameId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_OFFICER"); const record = await this.changeNameRepository.findOneBy({ id: changeNameId }); - if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_OFFICER", record.profileId); const history = new ProfileChangeNameHistory(); @@ -223,7 +226,10 @@ export class ProfileChangeNameController extends Controller { @Delete("{changeNameId}") public async deleteTraning(@Path() changeNameId: string, @Request() req: RequestWithUser) { - await new permission().PermissionDelete(req, "SYS_REGISTRY_OFFICER"); + const _record = await this.changeNameRepository.findOneBy({ id: changeNameId }); + if (_record) { + await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_OFFICER", _record.profileId); + } await this.changeNameHistoryRepository.delete({ profileChangeNameId: changeNameId, }); diff --git a/src/controllers/ProfileChildrenController.ts b/src/controllers/ProfileChildrenController.ts index f2a1ad73..5cb15421 100644 --- a/src/controllers/ProfileChildrenController.ts +++ b/src/controllers/ProfileChildrenController.ts @@ -47,7 +47,8 @@ export class ProfileChildrenController extends Controller { } @Get("{profileId}") - public async getChildren(@Path() profileId: string) { + public async getChildren(@Path() profileId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_OFFICER", profileId); const lists = await this.childrenRepository.find({ where: { profileId: profileId }, }); @@ -55,7 +56,11 @@ export class ProfileChildrenController extends Controller { } @Get("history/{childrenId}") - public async childrenHistory(@Path() childrenId: string) { + public async childrenHistory(@Path() childrenId: string, @Request() req: RequestWithUser) { + const _record = await this.childrenRepository.findOneBy({ id: childrenId }); + if (_record) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_OFFICER", _record.profileId); + } const record = await this.childrenHistoryRepository.find({ where: { profileChildrenId: childrenId }, order: { createdAt: "DESC" }, @@ -65,12 +70,11 @@ export class ProfileChildrenController extends Controller { @Post() public async newChildren(@Request() req: RequestWithUser, @Body() body: CreateProfileChildren) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_OFFICER"); const profile = await this.profileRepository.findOneBy({ id: body.profileId }); - if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_OFFICER", profile.id); const data = new ProfileChildren(); const meta = { @@ -99,9 +103,9 @@ export class ProfileChildrenController extends Controller { @Body() body: UpdateProfileChildren, @Path() childrenId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_OFFICER"); const record = await this.childrenRepository.findOneBy({ id: childrenId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_OFFICER", record.profileId); const history = new ProfileChildrenHistory(); Object.assign(record, body); @@ -125,7 +129,10 @@ export class ProfileChildrenController extends Controller { @Delete("{childrenId}") public async deleteTraning(@Path() childrenId: string, @Request() req: RequestWithUser) { - await new permission().PermissionDelete(req, "SYS_REGISTRY_OFFICER"); + const _record = await this.childrenRepository.findOneBy({ id: childrenId }); + if (_record) { + await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_OFFICER", _record.profileId); + } await this.childrenHistoryRepository.delete({ profileChildrenId: childrenId, }); diff --git a/src/controllers/ProfileController.ts b/src/controllers/ProfileController.ts index dc01fbe0..93d27260 100644 --- a/src/controllers/ProfileController.ts +++ b/src/controllers/ProfileController.ts @@ -108,7 +108,8 @@ export class ProfileController extends Controller { * @param {string} id Id โปรไฟล์ */ @Get("kp7-short/{id}") - async kp7ShortById(@Path() id: string) { + async kp7ShortById(@Path() id: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_OFFICER", id); const orgRevision = await this.orgRevisionRepo.findOne({ where: { orgRevisionIsCurrent: true }, }); @@ -248,7 +249,8 @@ export class ProfileController extends Controller { * @param {string} id Id โปรไฟล์ */ @Get("kk1/{id}") - public async getKk1(@Path() id: string) { + public async getKk1(@Path() id: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_OFFICER", id); const profiles = await this.profileRepo.findOne({ // select: [ // "citizenId", @@ -581,7 +583,7 @@ export class ProfileController extends Controller { * @param {string} id Id ทะเบียนประวัติ */ @Get("placement/{id}") - async getProfilePlacement(@Request() request: RequestWithUser, @Path() id: string) { + async getProfilePlacement(@Path() id: string) { const profile = await this.profileRepo.findOne({ where: { id: id }, }); @@ -992,6 +994,7 @@ export class ProfileController extends Controller { */ @Get("commander/{profileId}") async getProfileCommanderUser(@Request() request: RequestWithUser, @Path() profileId: string) { + await new permission().PermissionOrgUserGet(request, "SYS_REGISTRY_OFFICER", profileId); const profile = await this.profileRepo.findOne({ where: { id: profileId }, }); @@ -2280,7 +2283,10 @@ export class ProfileController extends Controller { @Path() id: string, @Body() body: UpdateProfile, ) { - await new permission().PermissionUpdate(request, "SYS_REGISTRY_OFFICER"); + const _record = await this.profileRepo.findOneBy({ id: id }); + if (_record) { + await new permission().PermissionOrgUserUpdate(request, "SYS_REGISTRY_OFFICER", id);//ตส + } const exists = !!body.citizenId && (await this.profileRepo.findOne({ @@ -2496,7 +2502,8 @@ export class ProfileController extends Controller { // } @Get("history/{id}") - async getProfileHistory(@Path() id: string) { + async getProfileHistory(@Path() id: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_OFFICER", id); const profile = await this.profileHistoryRepo.find({ relations: { posLevel: true, @@ -3153,9 +3160,10 @@ export class ProfileController extends Controller { */ @Get("profileid/position/{id}") async getProfileByProfileid( - @Request() request: { user: Record }, + @Request() request: RequestWithUser, @Path() id: string, ) { + await new permission().PermissionOrgUserGet(request, "SYS_REGISTRY_OFFICER", id); const profile = await this.profileRepo.findOne({ where: { id: id }, relations: ["posLevel", "posType", "current_holders", "current_holders.orgRoot"], @@ -3369,7 +3377,7 @@ export class ProfileController extends Controller { */ @Get("keycloakid/position/{id}") async getProfileByKeycloakid( - @Request() request: { user: Record }, + @Request() request: RequestWithUser, @Path() id: string, ) { const profile = await this.profileRepo.findOne({ @@ -3379,6 +3387,7 @@ export class ProfileController extends Controller { if (!profile) { throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลบุคคลนี้ในระบบ"); } + await new permission().PermissionOrgUserList(request, "SYS_REGISTRY_OFFICER", profile.id); return new HttpSuccess(profile); } @@ -3391,7 +3400,7 @@ export class ProfileController extends Controller { */ @Get("citizenid/position/{id}") async getProfileByCitizenId( - @Request() request: { user: Record }, + @Request() request: RequestWithUser, @Path() id: string, ) { const profile = await this.profileRepo.findOne({ @@ -3401,6 +3410,7 @@ export class ProfileController extends Controller { if (!profile) { throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลบุคคลนี้ในระบบ"); } + await new permission().PermissionOrgUserList(request, "SYS_REGISTRY_OFFICER", profile.id); const orgRevisionPublish = await this.orgRevisionRepo .createQueryBuilder("orgRevision") @@ -3515,9 +3525,10 @@ export class ProfileController extends Controller { */ @Get("profileempid/position/{id}") async getProfileByProfileempid( - @Request() request: { user: Record }, + @Request() request: RequestWithUser, @Path() id: string, ) { + await new permission().PermissionOrgUserList(request, "SYS_REGISTRY_OFFICER", id); const profile = await this.profileEmpRepo.findOne({ where: { id: id }, relations: ["posLevel", "posType", "current_holders", "current_holders.orgRoot"], @@ -4715,7 +4726,7 @@ export class ProfileController extends Controller { @Get("keycloak/position/{revisionId}") async getProfileByKeycloakByRevision( @Path() revisionId: string, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { const profile = await this.profileRepo.findOne({ where: { keycloak: request.user.sub }, @@ -4724,6 +4735,7 @@ export class ProfileController extends Controller { if (!profile) { throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลบุคคลนี้ในระบบ"); } + await new permission().PermissionOrgUserList(request, "SYS_REGISTRY_OFFICER", profile.id); const posMaster = await this.posMasterRepo.findOne({ where: { diff --git a/src/controllers/ProfileDisciplineController.ts b/src/controllers/ProfileDisciplineController.ts index 32adf030..d1a4a71a 100644 --- a/src/controllers/ProfileDisciplineController.ts +++ b/src/controllers/ProfileDisciplineController.ts @@ -57,7 +57,8 @@ export class ProfileDisciplineController extends Controller { } @Get("{profileId}") - public async getDiscipline(@Path() profileId: string) { + public async getDiscipline(@Path() profileId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_OFFICER", profileId); const lists = await this.disciplineRepository.find({ where: { profileId: profileId }, select: [ @@ -100,7 +101,11 @@ export class ProfileDisciplineController extends Controller { }, ], }) - public async disciplineHistory(@Path() disciplineId: string) { + public async disciplineHistory(@Path() disciplineId: string, @Request() req: RequestWithUser) { + const _record = await this.disciplineRepository.findOneBy({ id: disciplineId }); + if (_record) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_OFFICER", _record.profileId); + } const record = await this.disciplineHistoryRepository.find({ where: { profileDisciplineId: disciplineId }, select: [ @@ -124,16 +129,16 @@ export class ProfileDisciplineController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileDiscipline, ) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_OFFICER"); if (!body.profileId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } - + const profile = await this.profileRepository.findOneBy({ id: body.profileId }); - + if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_OFFICER", profile.id); const data = new ProfileDiscipline(); @@ -161,10 +166,9 @@ export class ProfileDisciplineController extends Controller { @Body() body: UpdateProfileDiscipline, @Path() disciplineId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_OFFICER"); const record = await this.disciplineRepository.findOneBy({ id: disciplineId }); - if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_OFFICER", record.profileId); const history = new ProfileDisciplineHistory(); @@ -189,7 +193,10 @@ export class ProfileDisciplineController extends Controller { @Delete("{disciplineId}") public async deleteDiscipline(@Path() disciplineId: string, @Request() req: RequestWithUser) { - await new permission().PermissionDelete(req, "SYS_REGISTRY_OFFICER"); + const _record = await this.disciplineRepository.findOneBy({ id: disciplineId }); + if (_record) { + await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_OFFICER", _record.profileId); + } await this.disciplineHistoryRepository.delete({ profileDisciplineId: disciplineId, }); diff --git a/src/controllers/ProfileDutyController.ts b/src/controllers/ProfileDutyController.ts index 7cbe8265..76fe9f14 100644 --- a/src/controllers/ProfileDutyController.ts +++ b/src/controllers/ProfileDutyController.ts @@ -66,7 +66,8 @@ export class ProfileDutyController extends Controller { }, ], }) - public async getDuty(@Path() profileId: string) { + public async getDuty(@Path() profileId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_OFFICER", profileId); const lists = await this.dutyRepository.find({ where: { profileId: profileId }, select: [ @@ -107,7 +108,11 @@ export class ProfileDutyController extends Controller { }, ], }) - public async dutyHistory(@Path() dutyId: string) { + public async dutyHistory(@Path() dutyId: string, @Request() req: RequestWithUser) { + const _record = await this.dutyRepository.findOneBy({ id: dutyId }); + if (_record) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_OFFICER", _record.profileId); + } const record = await this.dutyHistoryRepository.find({ where: { profileDutyId: dutyId }, select: [ @@ -128,16 +133,15 @@ export class ProfileDutyController extends Controller { @Post() public async newDuty(@Request() req: RequestWithUser, @Body() body: CreateProfileDuty) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_OFFICER"); if (!body.profileId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } - + const profile = await this.profileRepository.findOneBy({ id: body.profileId }); - if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_OFFICER", profile.id);//ตส const data = new ProfileDuty(); @@ -165,10 +169,9 @@ export class ProfileDutyController extends Controller { @Body() body: UpdateProfileDuty, @Path() dutyId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_OFFICER"); const record = await this.dutyRepository.findOneBy({ id: dutyId }); - if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_OFFICER", record.profileId); const history = new ProfileDutyHistory(); @@ -190,7 +193,10 @@ export class ProfileDutyController extends Controller { @Delete("{dutyId}") public async deleteDuty(@Path() dutyId: string, @Request() req: RequestWithUser) { - await new permission().PermissionDelete(req, "SYS_REGISTRY_OFFICER"); + const _record = await this.dutyRepository.findOneBy({ id: dutyId }); + if (_record) { + await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_OFFICER", _record.profileId); + } await this.dutyHistoryRepository.delete({ profileDutyId: dutyId, }); diff --git a/src/controllers/ProfileEducationsController.ts b/src/controllers/ProfileEducationsController.ts index 48a76f74..3f70a451 100644 --- a/src/controllers/ProfileEducationsController.ts +++ b/src/controllers/ProfileEducationsController.ts @@ -91,7 +91,8 @@ export class ProfileEducationsController extends Controller { }, ], }) - public async detailProfileEducation(@Path() profileId: string) { + public async detailProfileEducation(@Path() profileId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_OFFICER", profileId); const getProfileEducation = await this.profileEducationRepo.findBy({ profileId }); if (!getProfileEducation) { throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -166,7 +167,11 @@ export class ProfileEducationsController extends Controller { }, ], }) - public async getProfileEducationHistory(@Path() educationId: string) { + public async getProfileEducationHistory(@Path() educationId: string, @Request() req: RequestWithUser) { + const _record = await this.profileEducationRepo.findOneBy({ id: educationId }); + if (_record) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_OFFICER", _record.profileId); + } const record = await this.profileEducationHistoryRepo.findBy({ profileEducationId: educationId, }); @@ -181,15 +186,15 @@ export class ProfileEducationsController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileEducation, ) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_OFFICER"); if (!body.profileId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } - + const profile = await this.profileRepo.findOneBy({ id: body.profileId }); if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_OFFICER", profile.id); const data = new ProfileEducation(); const meta = { @@ -216,9 +221,9 @@ export class ProfileEducationsController extends Controller { @Request() req: RequestWithUser, @Path() educationId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_OFFICER"); const record = await this.profileEducationRepo.findOneBy({ id: educationId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_OFFICER", record.profileId); const history = new ProfileEducationHistory(); @@ -246,7 +251,10 @@ export class ProfileEducationsController extends Controller { @Path() educationId: string, @Request() req: RequestWithUser, ) { - await new permission().PermissionDelete(req, "SYS_REGISTRY_OFFICER"); + const record = await this.profileEducationRepo.findOneBy({ id: educationId }); + if (record) { + await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_OFFICER", record.profileId); + } await this.profileEducationHistoryRepo.delete({ profileEducationId: educationId, }); diff --git a/src/controllers/ProfileFamilyCoupleController.ts b/src/controllers/ProfileFamilyCoupleController.ts index afdabed9..db377fbe 100644 --- a/src/controllers/ProfileFamilyCoupleController.ts +++ b/src/controllers/ProfileFamilyCoupleController.ts @@ -77,7 +77,8 @@ export class ProfileFamilyCoupleController extends Controller { profileId: "1526d9d3-d8b1-43ab-81b5-a84dfbe99201", }, }) - public async getFamilyCouple(@Path() profileId: string) { + public async getFamilyCouple(@Path() profileId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_OFFICER", profileId); const profile = await this.profileRepo.findOne({ where: { id: profileId }, }); @@ -176,7 +177,8 @@ export class ProfileFamilyCoupleController extends Controller { }, ], }) - public async familyCoupleHistory(@Path() profileId: string) { + public async familyCoupleHistory(@Path() profileId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_OFFICER", profileId); const profile = await this.profileRepo.findOne({ where: { id: profileId }, }); @@ -220,7 +222,6 @@ export class ProfileFamilyCoupleController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileFamilyCouple, ) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_OFFICER"); const familyCouple = Object.assign(new ProfileFamilyCouple(), body); if (!familyCouple) { throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -229,6 +230,7 @@ export class ProfileFamilyCoupleController extends Controller { if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_OFFICER", profile.id);//ตส familyCouple.coupleCitizenId = Extension.CheckCitizen(String(body.coupleCitizenId)); familyCouple.createdUserId = req.user.sub; familyCouple.createdFullName = req.user.name; @@ -253,7 +255,7 @@ export class ProfileFamilyCoupleController extends Controller { @Body() body: UpdateProfileFamilyCouple, @Path() profileId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_OFFICER"); + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_OFFICER", profileId); const familyCouple = await this.ProfileFamilyCouple.findOneBy({ profileId: profileId }); if (!familyCouple) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); diff --git a/src/controllers/ProfileFamilyFatherController.ts b/src/controllers/ProfileFamilyFatherController.ts index 0fd7eee0..99c1e50c 100644 --- a/src/controllers/ProfileFamilyFatherController.ts +++ b/src/controllers/ProfileFamilyFatherController.ts @@ -73,7 +73,8 @@ export class ProfileFamilyFatherController extends Controller { profileId: "1526d9d3-d8b1-43ab-81b5-a84dfbe99201", }, }) - public async getFamilyFather(@Path() profileId: string) { + public async getFamilyFather(@Path() profileId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_OFFICER", profileId); const profile = await this.profileRepo.findOne({ where: { id: profileId }, }); @@ -164,7 +165,8 @@ export class ProfileFamilyFatherController extends Controller { }, ], }) - public async familyFatherHistory(@Path() profileId: string) { + public async familyFatherHistory(@Path() profileId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_OFFICER", profileId); const profile = await this.profileRepo.findOne({ where: { id: profileId }, }); @@ -206,7 +208,6 @@ export class ProfileFamilyFatherController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileFamilyFather, ) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_OFFICER"); const familyFather = Object.assign(new ProfileFamilyFather(), body); if (!familyFather) { throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -215,6 +216,7 @@ export class ProfileFamilyFatherController extends Controller { if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_OFFICER", profile.id);//ตส familyFather.fatherCitizenId = Extension.CheckCitizen(String(body.fatherCitizenId)); familyFather.createdUserId = req.user.sub; familyFather.createdFullName = req.user.name; @@ -237,7 +239,7 @@ export class ProfileFamilyFatherController extends Controller { @Body() body: UpdateProfileFamilyFather, @Path() profileId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_OFFICER"); + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_OFFICER", profileId);//ตส const familyFather = await this.ProfileFamilyFather.findOneBy({ profileId: profileId }); if (!familyFather) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); diff --git a/src/controllers/ProfileFamilyMotherController.ts b/src/controllers/ProfileFamilyMotherController.ts index cdcfc5f0..77965d49 100644 --- a/src/controllers/ProfileFamilyMotherController.ts +++ b/src/controllers/ProfileFamilyMotherController.ts @@ -73,7 +73,8 @@ export class ProfileFamilyMotherController extends Controller { profileId: "1526d9d3-d8b1-43ab-81b5-a84dfbe99201", }, }) - public async getFamilyMother(@Path() profileId: string) { + public async getFamilyMother(@Path() profileId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_OFFICER", profileId); const profile = await this.profileRepo.findOne({ where: { id: profileId }, }); @@ -164,14 +165,14 @@ export class ProfileFamilyMotherController extends Controller { }, ], }) - public async familyMotherHistory(@Path() profileId: string) { + public async familyMotherHistory(@Path() profileId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_OFFICER", profileId); const profile = await this.profileRepo.findOne({ where: { id: profileId }, }); if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } - const familyMother = await this.ProfileFamilyMother.find({ relations: ["histories"], order: { lastUpdatedAt: "DESC" }, @@ -206,7 +207,6 @@ export class ProfileFamilyMotherController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileFamilyMother, ) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_OFFICER"); const familyMother = Object.assign(new ProfileFamilyMother(), body); if (!familyMother) { throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -215,6 +215,7 @@ export class ProfileFamilyMotherController extends Controller { if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_OFFICER",profile.id);//ตส familyMother.motherCitizenId = Extension.CheckCitizen(String(body.motherCitizenId)); familyMother.createdUserId = req.user.sub; familyMother.createdFullName = req.user.name; @@ -237,7 +238,7 @@ export class ProfileFamilyMotherController extends Controller { @Body() body: UpdateProfileFamilyMother, @Path() profileId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_OFFICER"); + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_OFFICER",profileId);//ตส const familyMother = await this.ProfileFamilyMother.findOneBy({ profileId: profileId }); if (!familyMother) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); diff --git a/src/controllers/ProfileGovernmentController.ts b/src/controllers/ProfileGovernmentController.ts index 01c88bac..33d31e0a 100644 --- a/src/controllers/ProfileGovernmentController.ts +++ b/src/controllers/ProfileGovernmentController.ts @@ -127,7 +127,8 @@ export class ProfileGovernmentHistoryController extends Controller { */ @Get("{profileId}") @Example({}) - public async getGovHistory(@Path() profileId: string) { + public async getGovHistory(@Path() profileId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_OFFICER", profileId); const record = await this.profileRepo.findOne({ where: { id: profileId }, relations: { @@ -243,7 +244,8 @@ export class ProfileGovernmentHistoryController extends Controller { */ @Get("history/{profileId}") @Example({}) - public async govHistory(@Path() profileId: string) { + public async govHistory(@Path() profileId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_OFFICER", profileId); const record = await this.govRepo.find({ order: { lastUpdatedAt: "DESC" }, where: { profileId: profileId }, @@ -265,7 +267,7 @@ export class ProfileGovernmentHistoryController extends Controller { @Body() body: UpdateProfileGovernment, @Path() profileId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_OFFICER"); + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_OFFICER", profileId); const record = await this.profileRepo.findOne({ where: { id: profileId }, }); diff --git a/src/controllers/ProfileHonorController.ts b/src/controllers/ProfileHonorController.ts index bf31bc16..f6f904fc 100644 --- a/src/controllers/ProfileHonorController.ts +++ b/src/controllers/ProfileHonorController.ts @@ -64,7 +64,8 @@ export class ProfileHonorController extends Controller { }, ], }) - public async getHonor(@Path() profileId: string) { + public async getHonor(@Path() profileId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_OFFICER", profileId); const record = await this.honorRepo.findBy({ profileId }); return new HttpSuccess(record); } @@ -129,7 +130,11 @@ export class ProfileHonorController extends Controller { }, ], }) - public async honorHistory(@Path() honorId: string) { + public async honorHistory(@Path() honorId: string, @Request() req: RequestWithUser) { + const _record = await this.honorRepo.findOneBy({ id: honorId }); + if (_record) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_OFFICER", _record.profileId); + } const record = await this.honorHistoryRepo.findBy({ profileHonorId: honorId, }); @@ -138,16 +143,16 @@ export class ProfileHonorController extends Controller { @Post() public async newHonor(@Request() req: RequestWithUser, @Body() body: CreateProfileHonor) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_OFFICER"); if (!body.profileId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } - + const profile = await this.profileRepo.findOneBy({ id: body.profileId }); - + if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_OFFICER", profile.id); const data = new ProfileHonor(); @@ -175,10 +180,9 @@ export class ProfileHonorController extends Controller { @Body() body: UpdateProfileHonor, @Path() honorId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_OFFICER"); const record = await this.honorRepo.findOneBy({ id: honorId }); - if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_OFFICER", record.profileId); const history = new ProfileHonorHistory(); @@ -200,7 +204,10 @@ export class ProfileHonorController extends Controller { @Delete("{honorId}") public async deleteTraning(@Path() honorId: string, @Request() req: RequestWithUser) { - await new permission().PermissionDelete(req, "SYS_REGISTRY_OFFICER"); + const _record = await this.honorRepo.findOneBy({ id: honorId }); + if (_record) { + await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_OFFICER", _record.id); + } await this.honorHistoryRepo.delete({ profileHonorId: honorId, }); diff --git a/src/controllers/ProfileInsigniaController.ts b/src/controllers/ProfileInsigniaController.ts index 6ed3216e..9a868b0e 100644 --- a/src/controllers/ProfileInsigniaController.ts +++ b/src/controllers/ProfileInsigniaController.ts @@ -83,7 +83,8 @@ export class ProfileInsigniaController extends Controller { }, ], }) - public async getInsignia(@Path() profileId: string) { + public async getInsignia(@Path() profileId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_OFFICER", profileId); const record = await this.insigniaRepo.find({ relations: { insignia: { @@ -150,7 +151,11 @@ export class ProfileInsigniaController extends Controller { }, ], }) - public async getInsigniaHistory(@Path() InsigniaId: string) { + public async getInsigniaHistory(@Path() InsigniaId: string, @Request() req: RequestWithUser) { + const _record = await this.insigniaRepo.findOneBy({ id: InsigniaId }); + if (_record) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_OFFICER", _record.profileId); + } const record = await this.insigniaHistoryRepo.find({ relations: { insignia: { @@ -166,16 +171,15 @@ export class ProfileInsigniaController extends Controller { @Post() public async newInsignia(@Request() req: RequestWithUser, @Body() body: CreateProfileInsignia) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_OFFICER"); if (!body.profileId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } - + const profile = await this.profileRepo.findOneBy({ id: body.profileId }); - if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_OFFICER", profile.id); const insignia = await this.insigniaMetaRepo.findOne({ where: { id: body.insigniaId }, @@ -210,10 +214,9 @@ export class ProfileInsigniaController extends Controller { @Body() body: UpdateProfileInsignia, @Path() insigniaId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_OFFICER"); const record = await this.insigniaRepo.findOneBy({ id: insigniaId }); - if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_OFFICER", record.profileId); const insignia = await this.insigniaMetaRepo.findOne({ where: { id: body.insigniaId }, @@ -242,13 +245,16 @@ export class ProfileInsigniaController extends Controller { @Delete("{insigniaId}") public async deleteInsignia(@Path() insigniaId: string, @Request() req: RequestWithUser) { - await new permission().PermissionDelete(req, "SYS_REGISTRY_OFFICER"); + const _record = await this.insigniaRepo.findOneBy({ id: insigniaId }); + if (_record) { + await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_OFFICER", _record.profileId); + } await this.insigniaHistoryRepo.delete({ profileInsigniaId: insigniaId, }); - + const result = await this.insigniaRepo.delete({ id: insigniaId }); - + if (result.affected == undefined || result.affected <= 0) { throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); } diff --git a/src/controllers/ProfileLeaveController.ts b/src/controllers/ProfileLeaveController.ts index 0e56d39b..3ea4e820 100644 --- a/src/controllers/ProfileLeaveController.ts +++ b/src/controllers/ProfileLeaveController.ts @@ -160,7 +160,8 @@ export class ProfileLeaveController extends Controller { }, }, }) - public async getLeave(@Path() profileId: string) { + public async getLeave(@Path() profileId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_OFFICER", profileId); const record = await this.leaveRepo.find({ relations: { leaveType: true }, where: { profileId }, @@ -237,7 +238,11 @@ export class ProfileLeaveController extends Controller { }, ], }) - public async leaveHistory(@Path() leaveId: string) { + public async leaveHistory(@Path() leaveId: string, @Request() req: RequestWithUser) { + const _record = await this.leaveRepo.findOneBy({ id: leaveId }); + if (_record) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_OFFICER", _record.profileId); + } const record = await this.leaveHistoryRepo.find({ relations: { leaveType: true }, where: { profileLeaveId: leaveId }, @@ -247,16 +252,16 @@ export class ProfileLeaveController extends Controller { @Post() public async newLeave(@Request() req: RequestWithUser, @Body() body: CreateProfileLeave) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_OFFICER"); if (!body.profileId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } const profile = await this.profileRepo.findOneBy({ id: body.profileId }); - if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_OFFICER", profile.id); + const leaveType = await this.leaveTypeRepository.findOne({ where: { id: body.leaveTypeId }, }); @@ -290,10 +295,9 @@ export class ProfileLeaveController extends Controller { @Body() body: UpdateProfileLeave, @Path() leaveId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_OFFICER"); const record = await this.leaveRepo.findOneBy({ id: leaveId }); - if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_OFFICER", record.profileId); const leaveType = await this.leaveTypeRepository.findOne({ where: { id: body.leaveTypeId }, @@ -322,7 +326,10 @@ export class ProfileLeaveController extends Controller { @Delete("{leaveId}") public async deleteLeave(@Path() leaveId: string, @Request() req: RequestWithUser) { - await new permission().PermissionDelete(req, "SYS_REGISTRY_OFFICER"); + const _record = await this.leaveRepo.findOneBy({ id: leaveId }); + if (_record) { + await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_OFFICER", _record.profileId); + } await this.leaveHistoryRepo.delete({ profileLeaveId: leaveId, }); diff --git a/src/controllers/ProfileNopaidController.ts b/src/controllers/ProfileNopaidController.ts index c6e7b2ba..5165d5bc 100644 --- a/src/controllers/ProfileNopaidController.ts +++ b/src/controllers/ProfileNopaidController.ts @@ -56,7 +56,8 @@ export class ProfileNopaidController extends Controller { }, ], }) - public async getNopaid(@Path() profileId: string) { + public async getNopaid(@Path() profileId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_OFFICER", profileId); const lists = await this.nopaidRepository.find({ where: { profileId }, }); @@ -86,7 +87,11 @@ export class ProfileNopaidController extends Controller { }, ], }) - public async nopaidHistory(@Path() nopaidId: string) { + public async nopaidHistory(@Path() nopaidId: string, @Request() req: RequestWithUser) { + const _record = await this.nopaidRepository.findOneBy({ id: nopaidId }); + if (_record) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_OFFICER", _record.profileId); + }; const record = await this.nopaidHistoryRepository.find({ where: { profileNopaidId: nopaidId }, order: { createdAt: "DESC" }, @@ -96,16 +101,15 @@ export class ProfileNopaidController extends Controller { @Post() public async newNopaid(@Request() req: RequestWithUser, @Body() body: CreateProfileNopaid) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_OFFICER"); if (!body.profileId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } - + const profile = await this.profileRepository.findOneBy({ id: body.profileId }); - if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_OFFICER", profile.id); const data = new ProfileNopaid(); @@ -133,10 +137,9 @@ export class ProfileNopaidController extends Controller { @Body() body: UpdateProfileNopaid, @Path() nopaidId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_OFFICER"); const record = await this.nopaidRepository.findOneBy({ id: nopaidId }); - if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_OFFICER", record.profileId); const history = new ProfileNopaidHistory(); @@ -161,7 +164,10 @@ export class ProfileNopaidController extends Controller { @Delete("{nopaidId}") public async deleteNopaid(@Path() nopaidId: string, @Request() req: RequestWithUser) { - await new permission().PermissionDelete(req, "SYS_REGISTRY_OFFICER"); + const _record = await this.nopaidRepository.findOneBy({ id: nopaidId }); + if (_record) { + await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_OFFICER", _record.profileId); + } await this.nopaidHistoryRepository.delete({ profileNopaidId: nopaidId, }); diff --git a/src/controllers/ProfileOtherController.ts b/src/controllers/ProfileOtherController.ts index b64da50f..8109372e 100644 --- a/src/controllers/ProfileOtherController.ts +++ b/src/controllers/ProfileOtherController.ts @@ -57,7 +57,8 @@ export class ProfileOtherController extends Controller { }, ], }) - public async getOther(@Path() profileId: string) { + public async getOther(@Path() profileId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_OFFICER", profileId); const lists = await this.otherRepository.find({ where: { profileId: profileId }, }); @@ -83,7 +84,11 @@ export class ProfileOtherController extends Controller { }, ], }) - public async otherHistory(@Path() otherId: string) { + public async otherHistory(@Path() otherId: string, @Request() req: RequestWithUser) { + const _record = await this.otherRepository.findOneBy({ id: otherId }); + if (_record) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_OFFICER", _record.profileId); + } const record = await this.otherHistoryRepository.find({ where: { profileOtherId: otherId }, order: { createdAt: "DESC" }, @@ -93,16 +98,15 @@ export class ProfileOtherController extends Controller { @Post() public async newOther(@Request() req: RequestWithUser, @Body() body: CreateProfileOther) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_OFFICER"); if (!body.profileId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } - + const profile = await this.profileRepository.findOneBy({ id: body.profileId }); - if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_OFFICER", profile.id); const data = new ProfileOther(); @@ -130,10 +134,9 @@ export class ProfileOtherController extends Controller { @Body() body: UpdateProfileOther, @Path() otherId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_OFFICER"); const record = await this.otherRepository.findOneBy({ id: otherId }); - if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_OFFICER", record.profileId); const history = new ProfileOtherHistory(); @@ -158,7 +161,10 @@ export class ProfileOtherController extends Controller { @Delete("{otherId}") public async deleteOther(@Path() otherId: string, @Request() req: RequestWithUser) { - await new permission().PermissionDelete(req, "SYS_REGISTRY_OFFICER"); + const _record = await this.otherRepository.findOneBy({ id: otherId }); + if (_record) { + await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_OFFICER", _record.profileId); + } await this.otherHistoryRepository.delete({ profileOtherId: otherId, }); diff --git a/src/controllers/ProfileSalaryController.ts b/src/controllers/ProfileSalaryController.ts index fe72ce1b..5ad8459c 100644 --- a/src/controllers/ProfileSalaryController.ts +++ b/src/controllers/ProfileSalaryController.ts @@ -72,7 +72,8 @@ export class ProfileSalaryController extends Controller { }, ], }) - public async getSalary(@Path() profileId: string) { + public async getSalary(@Path() profileId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_OFFICER", profileId); const record = await this.salaryRepo.find({ where: { profileId: profileId }, order: { order: "ASC" }, @@ -131,7 +132,11 @@ export class ProfileSalaryController extends Controller { }, ], }) - public async salaryHistory(@Path() salaryId: string) { + public async salaryHistory(@Path() salaryId: string, @Request() req: RequestWithUser) { + const _record = await this.salaryRepo.findOneBy({ id: salaryId }); + if (_record) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_OFFICER", _record.profileId); + } const record = await this.salaryHistoryRepo.findBy({ profileSalaryId: salaryId, }); @@ -140,16 +145,15 @@ export class ProfileSalaryController extends Controller { @Post() public async newSalary(@Request() req: RequestWithUser, @Body() body: CreateProfileSalary) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_OFFICER"); if (!body.profileId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } - + const profile = await this.profileRepo.findOneBy({ id: body.profileId }); - if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_OFFICER", profile.id); const dest_item = await this.salaryRepo.findOne({ where: { profileId: body.profileId }, @@ -183,11 +187,10 @@ export class ProfileSalaryController extends Controller { @Body() body: UpdateProfileSalary, @Path() salaryId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_OFFICER"); const record = await this.salaryRepo.findOneBy({ id: salaryId }); - if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); - + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_OFFICER", record.profileId); + const history = new ProfileSalaryHistory(); Object.assign(record, body); @@ -208,7 +211,10 @@ export class ProfileSalaryController extends Controller { @Delete("{salaryId}") public async deleteSalary(@Path() salaryId: string, @Request() req: RequestWithUser) { - await new permission().PermissionDelete(req, "SYS_REGISTRY_OFFICER"); + const _record = await this.salaryRepo.findOneBy({ id: salaryId }); + if (_record) { + await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_OFFICER", _record.profileId); + } await this.salaryHistoryRepo.delete({ profileSalaryId: salaryId, }); @@ -223,8 +229,11 @@ export class ProfileSalaryController extends Controller { } @Get("swap/{direction}/{salaryId}") - public async swapSalary(@Path() direction: string, salaryId: string) { + public async swapSalary(@Path() direction: string, salaryId: string, @Request() req: RequestWithUser) { const source_item = await this.salaryRepo.findOne({ where: { id: salaryId } }); + if (source_item) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_OFFICER", source_item.profileId); + } if (source_item == null) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); const sourceOrder = source_item.order; if (direction.trim().toUpperCase() == "UP") { diff --git a/src/controllers/ProfileTrainingController.ts b/src/controllers/ProfileTrainingController.ts index 99972727..800d613c 100644 --- a/src/controllers/ProfileTrainingController.ts +++ b/src/controllers/ProfileTrainingController.ts @@ -74,7 +74,8 @@ export class ProfileTrainingController extends Controller { }, ], }) - public async getTraining(@Path() profileId: string) { + public async getTraining(@Path() profileId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_OFFICER", profileId); const record = await this.trainingRepo.findBy({ profileId }); return new HttpSuccess(record); } @@ -130,7 +131,11 @@ export class ProfileTrainingController extends Controller { }, ], }) - public async trainingHistory(@Path() trainingId: string) { + public async trainingHistory(@Path() trainingId: string, @Request() req: RequestWithUser) { + const _record = await this.trainingRepo.findOneBy({ id: trainingId }); + if (_record) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_OFFICER", _record.profileId); + } const record = await this.trainingHistoryRepo.findBy({ profileTrainingId: trainingId, }); @@ -139,16 +144,15 @@ export class ProfileTrainingController extends Controller { @Post() public async newTraining(@Request() req: RequestWithUser, @Body() body: CreateProfileTraining) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_OFFICER"); if (!body.profileId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } - + const profile = await this.profileRepo.findOneBy({ id: body.profileId }); - if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_OFFICER", profile.id); const data = new ProfileTraining(); @@ -176,10 +180,9 @@ export class ProfileTrainingController extends Controller { @Body() body: UpdateProfileTraining, @Path() trainingId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_OFFICER"); const record = await this.trainingRepo.findOneBy({ id: trainingId }); - if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_OFFICER", record.profileId); const history = new ProfileTrainingHistory(); @@ -201,7 +204,10 @@ export class ProfileTrainingController extends Controller { @Delete("{trainingId}") public async deleteTraining(@Path() trainingId: string, @Request() req: RequestWithUser) { - await new permission().PermissionDelete(req, "SYS_REGISTRY_OFFICER"); + const _record = await this.trainingRepo.findOneBy({ id: trainingId }); + if (_record) { + await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_OFFICER", _record.profileId); + } await this.trainingHistoryRepo.delete({ profileTrainingId: trainingId, });