role เมนู ข้าราชการ กทม. สามัญ

src/controllers/ProfileChangeNameController.ts

@@ -63,7 +63,8 @@ export class ProfileChangeNameController extends Controller {
       },
     ],
   })
-  public async getChangeName(@Path() profileId: string) {
+  public async getChangeName(@Path() profileId: string, @Request() req: RequestWithUser) {
+    await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_OFFICER", profileId);
     const lists = await this.changeNameRepository.find({
       where: { profileId: profileId },
       select: ["id", "prefix", "firstName", "lastName", "status"],
@@ -97,7 +98,11 @@ export class ProfileChangeNameController extends Controller {
       },
     ],
   })
-  public async changeNameHistory(@Path() changeNameId: string) {
+  public async changeNameHistory(@Path() changeNameId: string, @Request() req: RequestWithUser) {
+    const _record = await this.changeNameRepository.findOneBy({ id: changeNameId });
+    if (_record) {
+      await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_OFFICER", _record.profileId);
+    }
     const record = await this.changeNameHistoryRepository.find({
       where: { profileChangeNameId: changeNameId },
       select: [
@@ -119,17 +124,16 @@ export class ProfileChangeNameController extends Controller {
     @Request() req: RequestWithUser,
     @Body() body: CreateProfileChangeName,
   ) {
-    await new permission().PermissionCreate(req, "SYS_REGISTRY_OFFICER");
     if (!body.profileId) {
       throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId");
     }
-
+    
     const profile = await this.profileRepository.findOneBy({ id: body.profileId });
-
     if (!profile) {
       throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว");
     }
-
+    await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_OFFICER", profile.id);
+    
     const data = new ProfileChangeName();
 
     const meta = {
@@ -168,10 +172,9 @@ export class ProfileChangeNameController extends Controller {
     @Body() body: UpdateProfileChangeName,
     @Path() changeNameId: string,
   ) {
-    await new permission().PermissionUpdate(req, "SYS_REGISTRY_OFFICER");
     const record = await this.changeNameRepository.findOneBy({ id: changeNameId });
-
     if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล");
+    await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_OFFICER", record.profileId);
 
     const history = new ProfileChangeNameHistory();
 
@@ -223,7 +226,10 @@ export class ProfileChangeNameController extends Controller {
 
   @Delete("{changeNameId}")
   public async deleteTraning(@Path() changeNameId: string, @Request() req: RequestWithUser) {
-    await new permission().PermissionDelete(req, "SYS_REGISTRY_OFFICER");
+    const _record = await this.changeNameRepository.findOneBy({ id: changeNameId });
+    if (_record) {
+      await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_OFFICER", _record.profileId);
+    }
     await this.changeNameHistoryRepository.delete({
       profileChangeNameId: changeNameId,
     });