diff --git a/src/controllers/ProfileAbilityEmployeeController.ts b/src/controllers/ProfileAbilityEmployeeController.ts index 5ef31b5f..f3ac528a 100644 --- a/src/controllers/ProfileAbilityEmployeeController.ts +++ b/src/controllers/ProfileAbilityEmployeeController.ts @@ -73,7 +73,8 @@ export class ProfileAbilityEmployeeController extends Controller { }, ], }) - public async detailProfileAbility(@Path() profileEmployeeId: string) { + public async detailProfileAbility(@Path() profileEmployeeId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_EMP", profileEmployeeId); const getProfileAbilityId = await this.profileAbilityRepo.findBy({ profileEmployeeId }); if (!getProfileAbilityId) { throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -120,7 +121,15 @@ export class ProfileAbilityEmployeeController extends Controller { }, ], }) - public async getProfileAbilityHistory(@Path() abilityId: string) { + public async getProfileAbilityHistory(@Path() abilityId: string, @Request() req: RequestWithUser) { + const _record = await this.profileAbilityRepo.findOneBy({ id: abilityId }); + if (_record) { + await new permission().PermissionOrgUserList( + req, + "SYS_REGISTRY_EMP", + _record.profileEmployeeId, + ); + } const record = await this.profileAbilityHistoryRepo.findBy({ profileAbilityId: abilityId, }); @@ -135,15 +144,15 @@ export class ProfileAbilityEmployeeController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileAbilityEmployee, ) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_EMP"); if (!body.profileEmployeeId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileEmployeeId"); } - + const profile = await this.profileEmployeeRepo.findOneBy({ id: body.profileEmployeeId }); if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_EMP", profile.id); const data = new ProfileAbility(); const meta = { @@ -170,10 +179,10 @@ export class ProfileAbilityEmployeeController extends Controller { @Request() req: RequestWithUser, @Path() abilityId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_EMP"); const record = await this.profileAbilityRepo.findOneBy({ id: abilityId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); - + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_EMP", record.profileEmployeeId); + const history = new ProfileAbilityHistory(); Object.assign(record, body); @@ -197,7 +206,14 @@ export class ProfileAbilityEmployeeController extends Controller { @Delete("{abilityId}") public async deleteProfileAbility(@Path() abilityId: string, @Request() req: RequestWithUser) { - await new permission().PermissionDelete(req, "SYS_REGISTRY_EMP"); + const _record = await this.profileAbilityRepo.findOneBy({ id: abilityId }); + if (_record) { + await new permission().PermissionOrgUserDelete( + req, + "SYS_REGISTRY_EMP", + _record.profileEmployeeId, + ); + } await this.profileAbilityHistoryRepo.delete({ profileAbilityId: abilityId, }); diff --git a/src/controllers/ProfileAddressEmployeeController.ts b/src/controllers/ProfileAddressEmployeeController.ts index 8202b86e..c3da8f5d 100644 --- a/src/controllers/ProfileAddressEmployeeController.ts +++ b/src/controllers/ProfileAddressEmployeeController.ts @@ -69,7 +69,8 @@ export class ProfileAddressEmployeeController extends Controller { * */ @Get("{profileEmployeeId}") - public async detailProfileAddress(@Path() profileEmployeeId: string) { + public async detailProfileAddress(@Path() profileEmployeeId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_EMP", profileEmployeeId); const getProfileAddress = await this.profileEmployeeRepo.findOne({ where: { id: profileEmployeeId }, select: [ @@ -140,7 +141,8 @@ export class ProfileAddressEmployeeController extends Controller { * */ @Get("history/{profileId}") - public async getProfileAddressHistory(@Path() profileId: string) { + public async getProfileAddressHistory(@Path() profileId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_EMP", profileId); const record = await this.profileAddressHistoryRepo.find({ where: { profileEmployeeId: profileId }, relations: { @@ -183,10 +185,10 @@ export class ProfileAddressEmployeeController extends Controller { @Request() req: RequestWithUser, @Path() profileId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_EMP"); const record = await this.profileEmployeeRepo.findOneBy({ id: profileId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); - + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_EMP", record.id); + const history = new ProfileAddressHistory(); Object.assign(record, body); diff --git a/src/controllers/ProfileAssessmentsEmployeeController.ts b/src/controllers/ProfileAssessmentsEmployeeController.ts index 6a541533..6fab317b 100644 --- a/src/controllers/ProfileAssessmentsEmployeeController.ts +++ b/src/controllers/ProfileAssessmentsEmployeeController.ts @@ -78,7 +78,8 @@ export class ProfileAssessmentsEmployeeController extends Controller { }, ], }) - public async detailProfileAssessments(@Path() profileEmployeeId: string) { + public async detailProfileAssessments(@Path() profileEmployeeId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_EMP", profileEmployeeId); const getProfileAssessments = await this.profileAssessmentsRepository.findBy({ profileEmployeeId, }); @@ -131,11 +132,14 @@ export class ProfileAssessmentsEmployeeController extends Controller { }, ], }) - public async getProfileAssessmentsHistory(@Path() assessmentId: string) { + public async getProfileAssessmentsHistory(@Path() assessmentId: string, @Request() req: RequestWithUser) { + const _record = await this.profileAssessmentsRepository.findOneBy({ id: assessmentId }); + if (_record) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_EMP", _record.profileId); + } const record = await this.profileAssessmentsHistoryRepository.findBy({ profileAssessmentId: assessmentId, }); - if (!record) { throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); } @@ -148,15 +152,15 @@ export class ProfileAssessmentsEmployeeController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileEmployeeAssessment, ) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_EMP"); if (!body.profileEmployeeId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileEmployeeId"); } - + const profile = await this.profileEmployeeRepo.findOneBy({ id: body.profileEmployeeId }); if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_EMP", profile.id); const data = new ProfileAssessment(); const meta = { @@ -182,9 +186,9 @@ export class ProfileAssessmentsEmployeeController extends Controller { @Request() req: RequestWithUser, @Path() assessmentId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_EMP"); const record = await this.profileAssessmentsRepository.findOneBy({ id: assessmentId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_EMP", record.profileEmployeeId); const history = new ProfileAssessmentHistory(); @@ -212,7 +216,10 @@ export class ProfileAssessmentsEmployeeController extends Controller { @Path() assessmentId: string, @Request() req: RequestWithUser, ) { - await new permission().PermissionDelete(req, "SYS_REGISTRY_EMP"); + const _record = await this.profileAssessmentsRepository.findOneBy({ id: assessmentId }); + if (_record) { + await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_EMP", _record.profileEmployeeId); + } await this.profileAssessmentsHistoryRepository.delete({ profileAssessmentId: assessmentId, }); diff --git a/src/controllers/ProfileAvatarEmployeeController.ts b/src/controllers/ProfileAvatarEmployeeController.ts index 587ff49b..3bd3b948 100644 --- a/src/controllers/ProfileAvatarEmployeeController.ts +++ b/src/controllers/ProfileAvatarEmployeeController.ts @@ -15,7 +15,11 @@ export class ProfileAvatarEmployeeController extends Controller { private avatarRepository = AppDataSource.getRepository(ProfileAvatar); @Get("{profileEmployeeId}") - public async getAvatarEmployee(@Path() profileEmployeeId: string) { + public async getAvatarEmployee( + @Path() profileEmployeeId: string, + @Request() req: RequestWithUser, + ) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_EMP", profileEmployeeId); const lists = await this.avatarRepository.find({ where: { profileEmployeeId }, }); @@ -23,7 +27,12 @@ export class ProfileAvatarEmployeeController extends Controller { } @Get("select/{profileEmployeeId}/{id}") - public async selectAvatarEmployee(@Path() profileEmployeeId: string, @Path() id: string) { + public async selectAvatarEmployee( + @Path() profileEmployeeId: string, + @Path() id: string, + @Request() req: RequestWithUser, + ) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_EMP", profileEmployeeId); const result = await this.avatarRepository.findOneBy({ id: id }); if (!result) { throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -54,14 +63,13 @@ export class ProfileAvatarEmployeeController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileEmployeeAvatar, ) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_EMP"); const profile = await this.profileRepository.findOne({ where: { id: body.profileEmployeeId }, }); - if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_EMP", profile.id); const data = new ProfileAvatar(); @@ -106,7 +114,10 @@ export class ProfileAvatarEmployeeController extends Controller { @Delete("{avatarId}") public async deleteAvatarEmployee(@Path() avatarId: string, @Request() req: RequestWithUser) { - await new permission().PermissionDelete(req, "SYS_REGISTRY_EMP"); + const _record = await this.avatarRepository.findOneBy({ id: avatarId }); + if (_record) { + await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_EMP", _record.profileEmployeeId); + } const result = await this.avatarRepository.delete({ id: avatarId }); if (result.affected == undefined || result.affected <= 0) { diff --git a/src/controllers/ProfileCertificateEmployeeController.ts b/src/controllers/ProfileCertificateEmployeeController.ts index d832f095..75e52508 100644 --- a/src/controllers/ProfileCertificateEmployeeController.ts +++ b/src/controllers/ProfileCertificateEmployeeController.ts @@ -67,7 +67,8 @@ export class ProfileCertificateEmployeeController extends Controller { }, ], }) - public async getCertificate(@Path() profileEmployeeId: string) { + public async getCertificate(@Path() profileEmployeeId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_EMP", profileEmployeeId); const record = await this.certificateRepo.findBy({ profileEmployeeId }); return new HttpSuccess(record); } @@ -109,7 +110,11 @@ export class ProfileCertificateEmployeeController extends Controller { }, ], }) - public async certificateHistory(@Path() certificateId: string) { + public async certificateHistory(@Path() certificateId: string, @Request() req: RequestWithUser) { + const _record = await this.certificateRepo.findOneBy({ id: certificateId }); + if (_record) { + await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_EMP", _record.profileEmployeeId); + } const record = await this.certificateHistoryRepo.findBy({ profileCertificateId: certificateId, }); @@ -121,16 +126,15 @@ export class ProfileCertificateEmployeeController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileEmployeeCertificate, ) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_EMP"); if (!body.profileEmployeeId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileEmployeeId"); } - + const profile = await this.profileEmployeeRepo.findOneBy({ id: body.profileEmployeeId }); - if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_EMP", profile.id); const data = new ProfileCertificate(); @@ -158,10 +162,9 @@ export class ProfileCertificateEmployeeController extends Controller { @Body() body: UpdateProfileCertificate, @Path() certificateId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_EMP"); const record = await this.certificateRepo.findOneBy({ id: certificateId }); - if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_EMP", record.profileEmployeeId); const history = new ProfileCertificateHistory(); @@ -186,7 +189,10 @@ export class ProfileCertificateEmployeeController extends Controller { @Delete("{certificateId}") public async deleteCertificate(@Path() certificateId: string, @Request() req: RequestWithUser) { - await new permission().PermissionDelete(req, "SYS_REGISTRY_EMP"); + const _record = await this.certificateRepo.findOneBy({ id: certificateId }); + if (_record) { + await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_EMP", _record.profileEmployeeId); + } await this.certificateHistoryRepo.delete({ profileCertificateId: certificateId, }); diff --git a/src/controllers/ProfileChangeNameEmployeeController.ts b/src/controllers/ProfileChangeNameEmployeeController.ts index e96a8058..880f4010 100644 --- a/src/controllers/ProfileChangeNameEmployeeController.ts +++ b/src/controllers/ProfileChangeNameEmployeeController.ts @@ -64,7 +64,8 @@ export class ProfileChangeNameEmployeeController extends Controller { }, ], }) - public async getChangeName(@Path() profileEmployeeId: string) { + public async getChangeName(@Path() profileEmployeeId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_EMP", profileEmployeeId); const lists = await this.changeNameRepository.find({ where: { profileEmployeeId: profileEmployeeId }, select: ["id", "prefix", "firstName", "lastName", "status"], @@ -98,7 +99,12 @@ export class ProfileChangeNameEmployeeController extends Controller { }, ], }) - public async changeNameHistory(@Path() changeNameId: string) { + public async changeNameHistory(@Path() changeNameId: string, @Request() req: RequestWithUser) { + const _record = await this.changeNameRepository.findOneBy({ id: changeNameId }); + if (_record) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_EMP", _record.profileEmployeeId, + ); + } const record = await this.changeNameHistoryRepository.find({ where: { profileChangeNameId: changeNameId }, select: [ @@ -120,16 +126,15 @@ export class ProfileChangeNameEmployeeController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileChangeNameEmployee, ) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_EMP"); if (!body.profileEmployeeId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileEmployeeId"); } - + const profile = await this.profileEmployeeRepo.findOneBy({ id: body.profileEmployeeId }); - if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_EMP", profile.id); const data = new ProfileChangeName(); @@ -169,10 +174,9 @@ export class ProfileChangeNameEmployeeController extends Controller { @Body() body: UpdateProfileChangeName, @Path() changeNameId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_EMP"); const record = await this.changeNameRepository.findOneBy({ id: changeNameId }); - if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_EMP", record.profileEmployeeId); const history = new ProfileChangeNameHistory(); @@ -216,7 +220,10 @@ export class ProfileChangeNameEmployeeController extends Controller { @Delete("{changeNameId}") public async deleteTraning(@Path() changeNameId: string, @Request() req: RequestWithUser) { - await new permission().PermissionDelete(req, "SYS_REGISTRY_EMP"); + const _record = await this.changeNameRepository.findOneBy({ id: changeNameId }); + if (_record) { + await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_EMP", _record.profileEmployeeId); + } await this.changeNameHistoryRepository.delete({ profileChangeNameId: changeNameId, }); diff --git a/src/controllers/ProfileChildrenEmployeeController.ts b/src/controllers/ProfileChildrenEmployeeController.ts index 735ad49a..ffd62719 100644 --- a/src/controllers/ProfileChildrenEmployeeController.ts +++ b/src/controllers/ProfileChildrenEmployeeController.ts @@ -49,7 +49,8 @@ export class ProfileChildrenEmployeeController extends Controller { } @Get("{profileEmployeeId}") - public async getChildren(@Path() profileEmployeeId: string) { + public async getChildren(@Path() profileEmployeeId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_EMP", profileEmployeeId); const lists = await this.childrenRepository.find({ where: { profileEmployeeId: profileEmployeeId }, }); @@ -57,7 +58,12 @@ export class ProfileChildrenEmployeeController extends Controller { } @Get("history/{childrenId}") - public async childrenHistory(@Path() childrenId: string) { + public async childrenHistory(@Path() childrenId: string, @Request() req: RequestWithUser) { + const _record = await this.childrenRepository.findOneBy({ id: childrenId }); + if (_record) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_EMP", _record.profileEmployeeId, + ); + } const record = await this.childrenHistoryRepository.find({ where: { profileChildrenId: childrenId }, order: { createdAt: "DESC" }, @@ -70,12 +76,11 @@ export class ProfileChildrenEmployeeController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileChildrenEmployee, ) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_EMP"); const profile = await this.profileRepository.findOneBy({ id: body.profileEmployeeId }); - if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_EMP", profile.id); const data = new ProfileChildren(); @@ -105,10 +110,10 @@ export class ProfileChildrenEmployeeController extends Controller { @Body() body: UpdateProfileChildren, @Path() childrenId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_EMP"); const record = await this.childrenRepository.findOneBy({ id: childrenId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); - + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_EMP", record.profileEmployeeId); + const history = new ProfileChildrenHistory(); Object.assign(record, body); Object.assign(history, body); @@ -132,7 +137,10 @@ export class ProfileChildrenEmployeeController extends Controller { @Delete("{childrenId}") public async deleteTraning(@Path() childrenId: string, @Request() req: RequestWithUser) { - await new permission().PermissionDelete(req, "SYS_REGISTRY_EMP"); + const _record = await this.childrenRepository.findOneBy({ id: childrenId }); + if (_record) { + await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_EMP", _record.profileEmployeeId); + } await this.childrenHistoryRepository.delete({ profileChildrenId: childrenId, }); diff --git a/src/controllers/ProfileController.ts b/src/controllers/ProfileController.ts index 93d27260..3f96ee28 100644 --- a/src/controllers/ProfileController.ts +++ b/src/controllers/ProfileController.ts @@ -4849,7 +4849,7 @@ export class ProfileController extends Controller { * @summary ข้อมูลบุลคลที่มีอายุเกษียณราชการตามปี * */ - @Get("profileid/retire/{year}") + @Get("profileid/retire/{year}") //ตส async getProfileByRetireYear(@Path() year: number) { const profiles = await this.profileRepo .createQueryBuilder("profile") diff --git a/src/controllers/ProfileDisciplineEmployeeController.ts b/src/controllers/ProfileDisciplineEmployeeController.ts index 937ff937..52342235 100644 --- a/src/controllers/ProfileDisciplineEmployeeController.ts +++ b/src/controllers/ProfileDisciplineEmployeeController.ts @@ -72,7 +72,8 @@ export class ProfileDisciplineEmployeeController extends Controller { }, ], }) - public async getDiscipline(@Path() profileId: string) { + public async getDiscipline(@Path() profileId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_EMP", profileId); const lists = await this.disciplineRepository.find({ where: { profileEmployeeId: profileId }, select: [ @@ -91,7 +92,11 @@ export class ProfileDisciplineEmployeeController extends Controller { } @Get("history/{disciplineId}") - public async disciplineHistory(@Path() disciplineId: string) { + public async disciplineHistory(@Path() disciplineId: string, @Request() req: RequestWithUser) { + const _record = await this.disciplineRepository.findOneBy({ id: disciplineId }); + if (_record) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_EMP", _record.profileEmployeeId); + } const record = await this.disciplineHistoryRepository.find({ where: { profileDisciplineId: disciplineId }, select: [ @@ -115,16 +120,15 @@ export class ProfileDisciplineEmployeeController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileEmployeeDiscipline, ) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_EMP"); if (!body.profileEmployeeId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } const profile = await this.profileRepository.findOneBy({ id: body.profileEmployeeId }); - if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_EMP", profile.id); const data = new ProfileDiscipline(); @@ -152,10 +156,9 @@ export class ProfileDisciplineEmployeeController extends Controller { @Body() body: UpdateProfileDiscipline, @Path() disciplineId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_EMP"); const record = await this.disciplineRepository.findOneBy({ id: disciplineId }); - if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_EMP", record.profileEmployeeId) const history = new ProfileDisciplineHistory(); @@ -180,7 +183,10 @@ export class ProfileDisciplineEmployeeController extends Controller { @Delete("{disciplineId}") public async deleteDiscipline(@Path() disciplineId: string, @Request() req: RequestWithUser) { - await new permission().PermissionDelete(req, "SYS_REGISTRY_EMP"); + const _record = await this.disciplineRepository.findOneBy({ id: disciplineId }); + if (_record) { + await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_EMP", _record.profileEmployeeId); + } await this.disciplineHistoryRepository.delete({ profileDisciplineId: disciplineId, }); diff --git a/src/controllers/ProfileDutyEmployeeController.ts b/src/controllers/ProfileDutyEmployeeController.ts index cdfb9f12..876c6cf9 100644 --- a/src/controllers/ProfileDutyEmployeeController.ts +++ b/src/controllers/ProfileDutyEmployeeController.ts @@ -51,7 +51,8 @@ export class ProfileDutyEmployeeController extends Controller { } @Get("{profileId}") - public async getDuty(@Path() profileId: string) { + public async getDuty(@Path() profileId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_EMP", profileId); const lists = await this.dutyRepository.find({ where: { profileEmployeeId: profileId }, select: [ @@ -68,7 +69,11 @@ export class ProfileDutyEmployeeController extends Controller { } @Get("history/{dutyId}") - public async dutyHistory(@Path() dutyId: string) { + public async dutyHistory(@Path() dutyId: string, @Request() req: RequestWithUser) { + const _record = await this.dutyRepository.findOneBy({ id: dutyId }); + if (_record) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_EMP", _record.profileEmployeeId); + } const record = await this.dutyHistoryRepository.find({ where: { profileDutyId: dutyId }, select: [ @@ -89,16 +94,15 @@ export class ProfileDutyEmployeeController extends Controller { @Post() public async newDuty(@Request() req: RequestWithUser, @Body() body: CreateProfileEmployeeDuty) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_EMP"); if (!body.profileEmployeeId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } const profile = await this.profileRepository.findOneBy({ id: body.profileEmployeeId }); - if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_EMP", profile.id); const data = new ProfileDuty(); @@ -126,10 +130,9 @@ export class ProfileDutyEmployeeController extends Controller { @Body() body: UpdateProfileDuty, @Path() dutyId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_EMP"); const record = await this.dutyRepository.findOneBy({ id: dutyId }); - if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_EMP", record.profileEmployeeId) const history = new ProfileDutyHistory(); @@ -151,7 +154,10 @@ export class ProfileDutyEmployeeController extends Controller { @Delete("{dutyId}") public async deleteDuty(@Path() dutyId: string, @Request() req: RequestWithUser) { - await new permission().PermissionDelete(req, "SYS_REGISTRY_EMP"); + const _record = await this.dutyRepository.findOneBy({ id: dutyId }); + if (_record) { + await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_EMP", _record.profileEmployeeId); + } await this.dutyHistoryRepository.delete({ profileDutyId: dutyId, }); diff --git a/src/controllers/ProfileEducationsEmployeeController.ts b/src/controllers/ProfileEducationsEmployeeController.ts index 3a9a6f3a..2b763c56 100644 --- a/src/controllers/ProfileEducationsEmployeeController.ts +++ b/src/controllers/ProfileEducationsEmployeeController.ts @@ -91,7 +91,8 @@ export class ProfileEducationsEmployeeController extends Controller { }, ], }) - public async detailProfileEducation(@Path() profileEmployeeId: string) { + public async detailProfileEducation(@Path() profileEmployeeId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_EMP", profileEmployeeId); const getProfileEducation = await this.profileEducationRepo.find({ where: { profileEmployeeId: profileEmployeeId }, }); @@ -168,7 +169,12 @@ export class ProfileEducationsEmployeeController extends Controller { }, ], }) - public async getProfileEducationHistory(@Path() educationId: string) { + public async getProfileEducationHistory(@Path() educationId: string, @Request() req: RequestWithUser) { + const _record = await this.profileEducationRepo.findOneBy({ id: educationId }); + if (_record) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_EMP", _record.profileEmployeeId); + } + const record = await this.profileEducationHistoryRepo.findBy({ profileEducationId: educationId, }); @@ -183,15 +189,15 @@ export class ProfileEducationsEmployeeController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileEducationEmployee, ) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_EMP"); if (!body.profileEmployeeId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileEmployeeId"); } - + const profile = await this.profileEmployeeRepo.findOneBy({ id: body.profileEmployeeId }); if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_EMP", profile.id); const data = new ProfileEducation(); const meta = { @@ -218,9 +224,9 @@ export class ProfileEducationsEmployeeController extends Controller { @Request() req: RequestWithUser, @Path() educationId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_EMP"); const record = await this.profileEducationRepo.findOneBy({ id: educationId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_EMP", record.profileEmployeeId); const history = new ProfileEducationHistory(); @@ -248,7 +254,11 @@ export class ProfileEducationsEmployeeController extends Controller { @Path() educationId: string, @Request() req: RequestWithUser, ) { - await new permission().PermissionDelete(req, "SYS_REGISTRY_EMP"); + const _record = await this.profileEducationRepo.findOneBy({ id: educationId }); + if (_record) { + await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_EMP", _record.profileEmployeeId); + } + await this.profileEducationHistoryRepo.delete({ profileEducationId: educationId, }); diff --git a/src/controllers/ProfileEmployeeController.ts b/src/controllers/ProfileEmployeeController.ts index 727cab8a..9ec536bc 100644 --- a/src/controllers/ProfileEmployeeController.ts +++ b/src/controllers/ProfileEmployeeController.ts @@ -117,7 +117,7 @@ export class ProfileEmployeeController extends Controller { * @param {string} id Id โปรไฟล์ */ @Get("kp7-short/{id}") - async kp7ShortById(@Path() id: string) { + async kp7ShortById(@Path() id: string, @Request() req: RequestWithUser) { const orgRevision = await this.orgRevisionRepo.findOne({ where: { orgRevisionIsCurrent: true }, }); @@ -136,6 +136,7 @@ export class ProfileEmployeeController extends Controller { where: { id: id }, }); if (!profile) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_EMP", profile.id); const province = await this.provinceRepository.findOneBy({ id: profile.registrationProvinceId, @@ -240,7 +241,7 @@ export class ProfileEmployeeController extends Controller { * @param {string} id Id โปรไฟล์ */ @Get("kk1/{id}") - public async getKk1Employee(@Path() id: string) { + public async getKk1Employee(@Path() id: string, @Request() req: RequestWithUser) { const profiles = await this.profileRepo.findOne({ // select: [ // "citizenId", @@ -257,6 +258,9 @@ export class ProfileEmployeeController extends Controller { relations: ["currentSubDistrict", "currentDistrict", "currentProvince"], where: { id: id }, }); + if(profiles){ + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_EMP", profiles.id); + } const profileOc = await this.profileRepo.findOne({ relations: [ "current_holders", @@ -576,8 +580,7 @@ export class ProfileEmployeeController extends Controller { * */ @Post() - async createProfile(@Body() body: CreateProfileEmployee, @Request() request: RequestWithUser) { - await new permission().PermissionCreate(request, "SYS_REGISTRY_TEMP"); + async createProfile(@Body() body: CreateProfileEmployee, @Request() request: RequestWithUser) { //ตส if (await this.profileRepo.findOneBy({ citizenId: body.citizenId })) { throw new HttpError( HttpStatus.INTERNAL_SERVER_ERROR, @@ -630,7 +633,7 @@ export class ProfileEmployeeController extends Controller { @Path() id: string, @Body() body: UpdateProfileEmployee, ) { - await new permission().PermissionUpdate(request, "SYS_REGISTRY_EMP"); + await new permission().PermissionOrgUserUpdate(request, "SYS_REGISTRY_EMP", id) const exists = !!body.citizenId && (await this.profileRepo.findOne({ @@ -694,11 +697,11 @@ export class ProfileEmployeeController extends Controller { */ @Delete("{id}") async deleteProfile(@Path() id: string, @Request() request: RequestWithUser) { - await new permission().PermissionDelete(request, "SYS_REGISTRY_EMP"); const result = await this.profileRepo.findOne({ where: { id: id } }); if (!result) { throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); } + await new permission().PermissionOrgUserDelete(request, "SYS_REGISTRY_EMP", result.id); await this.informationHistoryRepository.delete({ profileEmployeeId: id }); await this.profileRepo.remove(result); return new HttpSuccess(); @@ -1054,7 +1057,8 @@ export class ProfileEmployeeController extends Controller { * @param {string} id Id ทะเบียนประวัติ */ @Get("{id}") - async detailProfile(@Path() id: string) { + async detailProfile(@Path() id: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_EMP", id); const profile = await this.profileRepo.findOne({ relations: { posLevel: true, @@ -1307,7 +1311,8 @@ export class ProfileEmployeeController extends Controller { } @Get("history/{id}") - async getProfileHistory(@Path() id: string) { + async getProfileHistory(@Path() id: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_EMP", id); const profile = await this.profileHistoryRepo.find({ relations: { posLevel: true, @@ -2072,7 +2077,7 @@ export class ProfileEmployeeController extends Controller { @Path() id: string, @Body() body: UpdatePositionTempProfileEmployee, ) { - await new permission().PermissionCreate(request, "SYS_REGISTRY_TEMP"); + await new permission().PermissionOrgUserUpdate(request, "SYS_REGISTRY_EMP", id) if (body.posLevelId === "") body.posLevelId = null; if (body.posTypeId === "") body.posTypeId = null; @@ -2202,9 +2207,11 @@ export class ProfileEmployeeController extends Controller { @Put("citizenId/{id}") async checkCitizenIdProfile( @Path() id: string, + @Request() req: RequestWithUser, @Body() requestBody: { citizenId: string }, ) { + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_EMP", id) const profile = await this.profileRepo.findOne({ where: { id: Not(id), citizenId: requestBody.citizenId }, }); @@ -2553,6 +2560,7 @@ export class ProfileEmployeeController extends Controller { @Get("keycloak/position/{revisionId}") async getProfileByKeycloakByRevision( @Path() revisionId: string, + @Path() req: RequestWithUser, @Request() request: { user: Record }, ) { const profile = await this.profileRepo.findOne({ @@ -2562,7 +2570,7 @@ export class ProfileEmployeeController extends Controller { if (!profile) { throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลบุคคลนี้ในระบบ"); } - + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_EMP", profile.id) const _profile = { profileId: profile.id, rank: profile.rank, @@ -2651,7 +2659,7 @@ export class ProfileEmployeeController extends Controller { * @summary ข้อมูลบุลคลที่มีอายุเกษียณราชการตามปี * */ - @Get("profileid/retire/{year}") + @Get("profileid/retire/{year}") //ตส async getProfileByRetireYear(@Path() year: number) { const profiles = await this.profileRepo .createQueryBuilder("profileEmployee") @@ -2849,12 +2857,13 @@ export class ProfileEmployeeController extends Controller { @Path() id: string, @Body() requestBody: { isLeave: boolean; leaveReason: string; dateLeave: Date }, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { const profile = await this.profileRepo.findOne({ where: { id: id }, }); if (!profile) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); + await new permission().PermissionOrgUserCreate(request, "SYS_REGISTRY_EMP", profile.id) profile.isLeave = requestBody.isLeave; profile.leaveReason = requestBody.leaveReason; @@ -2885,7 +2894,8 @@ export class ProfileEmployeeController extends Controller { @Path() profileEmployeeId: string, @Body() body: UpdateInformationProfileEmployee, ) { - await new permission().PermissionUpdate(request, "SYS_REGISTRY_TEMP"); + + await new permission().PermissionOrgUserUpdate(request, "SYS_REGISTRY_EMP", profileEmployeeId) const profileEmp = await this.profileRepo.findOneBy({ id: profileEmployeeId }); if (!profileEmp) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลโปรไฟล์นี้"); @@ -2913,7 +2923,8 @@ export class ProfileEmployeeController extends Controller { * @param {string} profileEmployeeId profileEmployeeId ทะเบียนประวัติลูกจ้างชั่วคราว */ @Get("information/{profileEmployeeId}") - async getInformationById(@Path() profileEmployeeId: string) { + async getInformationById(@Path() profileEmployeeId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_EMP", profileEmployeeId) const profileInformation = await this.profileRepo.findOne({ where: { id: profileEmployeeId }, }); @@ -2943,7 +2954,8 @@ export class ProfileEmployeeController extends Controller { * @param {string} profileEmployeeId profileEmployeeId ทะเบียนประวัติลูกจ้างชั่วคราว */ @Get("information/history/{profileEmployeeId}") - async getInformationHistory(@Path() profileEmployeeId: string) { + async getInformationHistory(@Path() profileEmployeeId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_EMP", profileEmployeeId) const profileInformation = await this.profileRepo.find({ relations: { information_histories: true, @@ -2984,7 +2996,8 @@ export class ProfileEmployeeController extends Controller { * @param {string} profileEmployeeId profileEmployeeId ทะเบียนประวัติลูกจ้างชั่วคราว */ @Get("employment/{profileEmployeeId}") - async ProfileEmployeeEmployment(@Path() profileEmployeeId: string) { + async ProfileEmployeeEmployment(@Path() profileEmployeeId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_EMP", profileEmployeeId) const employment = await this.employmentRepository.find({ where: { profileEmployeeId: profileEmployeeId }, order: { createdAt: "ASC" }, @@ -3005,10 +3018,13 @@ export class ProfileEmployeeController extends Controller { * @param {string} id Id ข้อมูลการจ้าง */ @Get("employment/id/{id}") - async GetEmploymentById(@Path() id: string) { + async GetEmploymentById(@Path() id: string, @Request() req: RequestWithUser) { const employment = await this.employmentRepository.findOne({ where: { id: id }, }); + if (employment) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_EMP", employment.profileEmployeeId) + } return new HttpSuccess(employment); } @@ -3020,7 +3036,13 @@ export class ProfileEmployeeController extends Controller { * @param {string} id Id ข้อมูลการจ้าง */ @Get("employment/history/{id}") - async GetHistoryEmploymentById(@Path() id: string) { + async GetHistoryEmploymentById(@Path() id: string, @Request() req: RequestWithUser) { + const employment = await this.employmentRepository.findOne({ + where: { id: id }, + }); + if (employment) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_EMP", employment.profileEmployeeId) + } const employmentHistory = await this.employmentHistoryRepository.find({ where: { profileEmployeeEmploymentId: id }, order: { lastUpdatedAt: "ASC" }, @@ -3045,6 +3067,7 @@ export class ProfileEmployeeController extends Controller { where: { id: profileEmployeeId }, }); if (!profile) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); + await new permission().PermissionOrgUserList(request, "SYS_REGISTRY_EMP", profile.id) const employment = new ProfileEmployeeEmployment(); // const history = new ProfileEmployeeEmploymentHistory(); @@ -3076,7 +3099,12 @@ export class ProfileEmployeeController extends Controller { */ @Delete("employment/{id}") async DeleteEmployment(@Path() id: string, @Request() request: RequestWithUser) { - await new permission().PermissionDelete(request, "SYS_REGISTRY_TEMP"); + const employment = await this.employmentRepository.findOne({ + where: { id: id }, + }); + if (employment) { + await new permission().PermissionOrgUserDelete(request, "SYS_REGISTRY_EMP", employment.profileEmployeeId) + } await this.employmentHistoryRepository.delete({ profileEmployeeEmploymentId: id, }); @@ -3101,9 +3129,10 @@ export class ProfileEmployeeController extends Controller { @Path() id: string, @Body() body: UpdateEmploymentProfileEmployee, ) { - await new permission().PermissionUpdate(request, "SYS_REGISTRY_TEMP"); + const employment = await this.employmentRepository.findOneBy({ id }); if (!employment) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); + await new permission().PermissionOrgUserUpdate(request, "SYS_REGISTRY_EMP", employment.profileEmployeeId) const history = new ProfileEmployeeEmploymentHistory(); Object.assign(history, { ...employment, id: undefined }); @@ -3386,7 +3415,7 @@ export class ProfileEmployeeController extends Controller { */ @Get("profileid/position/{id}") async getProfileByProfileid( - @Request() request: { user: Record }, + @Request() request: RequestWithUser, @Path() id: string, ) { const profile = await this.profileRepo.findOne({ @@ -3396,6 +3425,7 @@ export class ProfileEmployeeController extends Controller { if (!profile) { throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลบุคคลนี้ในระบบ"); } + await new permission().PermissionOrgUserGet(request, "SYS_REGISTRY_EMP", profile.id); const orgRevisionPublish = await this.orgRevisionRepo .createQueryBuilder("orgRevision") diff --git a/src/controllers/ProfileFamilyCoupleEmployeeController.ts b/src/controllers/ProfileFamilyCoupleEmployeeController.ts index 9e90c025..a4fee20a 100644 --- a/src/controllers/ProfileFamilyCoupleEmployeeController.ts +++ b/src/controllers/ProfileFamilyCoupleEmployeeController.ts @@ -77,14 +77,15 @@ export class ProfileFamilyCoupleEmployeeController extends Controller { profileEmployeeId: "1526d9d3-d8b1-43ab-81b5-a84dfbe99201", }, }) - public async getFamilyCouple(@Path() profileEmployeeId: string) { + public async getFamilyCouple(@Path() profileEmployeeId: string, @Request() req: RequestWithUser) { const profile = await this.profileRepo.findOne({ where: { id: profileEmployeeId }, }); - if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_EMP", profile.id); + const familyCouple = await this.ProfileFamilyCouple.findOne({ select: [ "id", @@ -176,13 +177,14 @@ export class ProfileFamilyCoupleEmployeeController extends Controller { }, ], }) - public async familyCoupleHistory(@Path() profileEmployeeId: string) { + public async familyCoupleHistory(@Path() profileEmployeeId: string, @Request() req: RequestWithUser) { const profile = await this.profileRepo.findOne({ where: { id: profileEmployeeId }, }); if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_EMP", profile.id); const familyCouple = await this.ProfileFamilyCouple.find({ relations: ["histories"], @@ -220,7 +222,6 @@ export class ProfileFamilyCoupleEmployeeController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileEmployeeFamilyCouple, ) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_EMP"); const familyCouple = Object.assign(new ProfileFamilyCouple(), body); if (!familyCouple) { throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -229,6 +230,8 @@ export class ProfileFamilyCoupleEmployeeController extends Controller { if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_EMP", profile.id); + familyCouple.coupleCitizenId = Extension.CheckCitizen(String(body.coupleCitizenId)); familyCouple.createdUserId = req.user.sub; familyCouple.createdFullName = req.user.name; @@ -253,7 +256,7 @@ export class ProfileFamilyCoupleEmployeeController extends Controller { @Body() body: UpdateProfileFamilyCouple, @Path() profileEmployeeId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_EMP"); + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_EMP", profileEmployeeId) const familyCouple = await this.ProfileFamilyCouple.findOneBy({ profileEmployeeId: profileEmployeeId, }); diff --git a/src/controllers/ProfileFamilyFatherEmployeeController.ts b/src/controllers/ProfileFamilyFatherEmployeeController.ts index b59b5f6e..eb5d7e29 100644 --- a/src/controllers/ProfileFamilyFatherEmployeeController.ts +++ b/src/controllers/ProfileFamilyFatherEmployeeController.ts @@ -73,11 +73,11 @@ export class ProfileFamilyFatherEmployeeController extends Controller { profileEmployeeId: "1526d9d3-d8b1-43ab-81b5-a84dfbe99201", }, }) - public async getFamilyFather(@Path() profileEmployeeId: string) { + public async getFamilyFather(@Path() profileEmployeeId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_EMP", profileEmployeeId); const profile = await this.profileRepo.findOne({ where: { id: profileEmployeeId }, }); - if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } @@ -164,7 +164,8 @@ export class ProfileFamilyFatherEmployeeController extends Controller { }, ], }) - public async familyFatherHistory(@Path() profileEmployeeId: string) { + public async familyFatherHistory(@Path() profileEmployeeId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_EMP", profileEmployeeId); const profile = await this.profileRepo.findOne({ where: { id: profileEmployeeId }, }); @@ -206,7 +207,6 @@ export class ProfileFamilyFatherEmployeeController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileEmployeeFamilyFather, ) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_EMP"); const familyFather = Object.assign(new ProfileFamilyFather(), body); if (!familyFather) { throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -215,6 +215,7 @@ export class ProfileFamilyFatherEmployeeController extends Controller { if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_EMP", profile.id); familyFather.fatherCitizenId = Extension.CheckCitizen(String(body.fatherCitizenId)); familyFather.createdUserId = req.user.sub; familyFather.createdFullName = req.user.name; @@ -237,7 +238,7 @@ export class ProfileFamilyFatherEmployeeController extends Controller { @Body() body: UpdateProfileFamilyFather, @Path() profileEmployeeId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_EMP"); + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_EMP", profileEmployeeId); const familyFather = await this.ProfileFamilyFather.findOneBy({ profileEmployeeId: profileEmployeeId, }); diff --git a/src/controllers/ProfileFamilyMotherEmployeeController.ts b/src/controllers/ProfileFamilyMotherEmployeeController.ts index b49c0496..0ae986f5 100644 --- a/src/controllers/ProfileFamilyMotherEmployeeController.ts +++ b/src/controllers/ProfileFamilyMotherEmployeeController.ts @@ -73,7 +73,8 @@ export class ProfileFamilyMotherEmployeeController extends Controller { profileEmployeeId: "1526d9d3-d8b1-43ab-81b5-a84dfbe99201", }, }) - public async getFamilyMother(@Path() profileEmployeeId: string) { + public async getFamilyMother(@Path() profileEmployeeId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_EMP", profileEmployeeId); const profile = await this.profileRepo.findOne({ where: { id: profileEmployeeId }, }); @@ -164,14 +165,14 @@ export class ProfileFamilyMotherEmployeeController extends Controller { }, ], }) - public async familyMotherHistory(@Path() profileEmployeeId: string) { + public async familyMotherHistory(@Path() profileEmployeeId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_EMP", profileEmployeeId); const profile = await this.profileRepo.findOne({ where: { id: profileEmployeeId }, }); if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } - const familyMother = await this.ProfileFamilyMother.find({ relations: ["histories"], order: { lastUpdatedAt: "DESC" }, @@ -206,7 +207,6 @@ export class ProfileFamilyMotherEmployeeController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileEmployeeFamilyMother, ) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_EMP"); const familyMother = Object.assign(new ProfileFamilyMother(), body); if (!familyMother) { throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -215,6 +215,7 @@ export class ProfileFamilyMotherEmployeeController extends Controller { if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_EMP", profile.id); familyMother.motherCitizenId = Extension.CheckCitizen(String(body.motherCitizenId)); familyMother.createdUserId = req.user.sub; familyMother.createdFullName = req.user.name; @@ -237,7 +238,7 @@ export class ProfileFamilyMotherEmployeeController extends Controller { @Body() body: UpdateProfileFamilyMother, @Path() profileEmployeeId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_EMP"); + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_EMP", profileEmployeeId); const familyMother = await this.ProfileFamilyMother.findOneBy({ profileEmployeeId: profileEmployeeId, }); diff --git a/src/controllers/ProfileGovernmentEmployeeController.ts b/src/controllers/ProfileGovernmentEmployeeController.ts index 191f03c6..0d9e7ba6 100644 --- a/src/controllers/ProfileGovernmentEmployeeController.ts +++ b/src/controllers/ProfileGovernmentEmployeeController.ts @@ -134,7 +134,8 @@ export class ProfileGovernmentEmployeeController extends Controller { */ @Get("{profileEmployeeId}") @Example({}) - public async getGovHistory(@Path() profileEmployeeId: string) { + public async getGovHistory(@Path() profileEmployeeId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_EMP", profileEmployeeId); const record = await this.profileEmployeeRepo.findOne({ where: { id: profileEmployeeId }, relations: { @@ -240,7 +241,8 @@ export class ProfileGovernmentEmployeeController extends Controller { */ @Get("history/{profileEmployeeId}") @Example({}) - public async govHistory(@Path() profileEmployeeId: string) { + public async govHistory(@Path() profileEmployeeId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_EMP", profileEmployeeId) const record = await this.govRepo.find({ order: { lastUpdatedAt: "DESC" }, where: { profileEmployeeId: profileEmployeeId }, @@ -259,7 +261,7 @@ export class ProfileGovernmentEmployeeController extends Controller { @Body() body: UpdateProfileGovernment, @Path() profileEmployeeId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_EMP"); + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_EMP", profileEmployeeId) const record = await this.profileEmployeeRepo.findOne({ where: { id: profileEmployeeId }, }); diff --git a/src/controllers/ProfileHonorEmployeeController.ts b/src/controllers/ProfileHonorEmployeeController.ts index 730ea545..6f51e2e0 100644 --- a/src/controllers/ProfileHonorEmployeeController.ts +++ b/src/controllers/ProfileHonorEmployeeController.ts @@ -68,7 +68,8 @@ export class ProfileHonorEmployeeController extends Controller { }, ], }) - public async getHonor(@Path() profileEmployeeId: string) { + public async getHonor(@Path() profileEmployeeId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_EMP", profileEmployeeId); const record = await this.honorRepo.findBy({ profileEmployeeId }); return new HttpSuccess(record); } @@ -133,7 +134,12 @@ export class ProfileHonorEmployeeController extends Controller { }, ], }) - public async honorHistory(@Path() honorId: string) { + public async honorHistory(@Path() honorId: string, @Request() req: RequestWithUser) { + const _record = await this.honorRepo.findOneBy({ id: honorId }); + if (_record) { + await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_EMP", _record.profileEmployeeId); + } + const record = await this.honorHistoryRepo.findBy({ profileHonorId: honorId, }); @@ -142,16 +148,15 @@ export class ProfileHonorEmployeeController extends Controller { @Post() public async newHonor(@Request() req: RequestWithUser, @Body() body: CreateProfileEmployeeHonor) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_EMP"); if (!body.profileEmployeeId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileEmployeeId"); } const profile = await this.profileEmployeeRepo.findOneBy({ id: body.profileEmployeeId }); - if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_EMP", profile.id); const data = new ProfileHonor(); @@ -179,11 +184,10 @@ export class ProfileHonorEmployeeController extends Controller { @Body() body: UpdateProfileHonor, @Path() honorId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_EMP"); const record = await this.honorRepo.findOneBy({ id: honorId }); - if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); - + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_EMP", record.profileEmployeeId) + const history = new ProfileHonorHistory(); Object.assign(record, body); @@ -204,7 +208,11 @@ export class ProfileHonorEmployeeController extends Controller { @Delete("{honorId}") public async deleteTraning(@Path() honorId: string, @Request() req: RequestWithUser) { - await new permission().PermissionDelete(req, "SYS_REGISTRY_EMP"); + const _record = await this.honorRepo.findOneBy({ id: honorId }); + if (_record) { + await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_EMP", _record.profileEmployeeId); + } + await this.honorHistoryRepo.delete({ profileHonorId: honorId, }); diff --git a/src/controllers/ProfileInsigniaEmployeeController.ts b/src/controllers/ProfileInsigniaEmployeeController.ts index 689828c9..5a7dc6b0 100644 --- a/src/controllers/ProfileInsigniaEmployeeController.ts +++ b/src/controllers/ProfileInsigniaEmployeeController.ts @@ -83,7 +83,8 @@ export class ProfileInsigniaEmployeeController extends Controller { }, ], }) - public async getInsignia(@Path() profileEmployeeId: string) { + public async getInsignia(@Path() profileEmployeeId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_EMP", profileEmployeeId); const record = await this.insigniaRepo.find({ relations: { insignia: { @@ -150,7 +151,11 @@ export class ProfileInsigniaEmployeeController extends Controller { }, ], }) - public async getInsigniaHistory(@Path() InsigniaId: string) { + public async getInsigniaHistory(@Path() InsigniaId: string, @Request() req: RequestWithUser) { + const _record = await this.insigniaRepo.findOneBy({ id: InsigniaId }); + if (_record) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_EMP", _record.profileEmployeeId); + } const record = await this.insigniaHistoryRepo.find({ relations: { insignia: { @@ -169,16 +174,15 @@ export class ProfileInsigniaEmployeeController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileEmployeeInsignia, ) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_EMP"); if (!body.profileEmployeeId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileEmployeeId"); } const profile = await this.profileEmployeeRepo.findOneBy({ id: body.profileEmployeeId }); - if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_EMP", profile.id) const insignia = await this.insigniaMetaRepo.findOne({ where: { id: body.insigniaId }, @@ -213,10 +217,9 @@ export class ProfileInsigniaEmployeeController extends Controller { @Body() body: UpdateProfileInsignia, @Path() insigniaId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_EMP"); const record = await this.insigniaRepo.findOneBy({ id: insigniaId }); - if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_EMP", record.profileEmployeeId) const insignia = await this.insigniaMetaRepo.findOne({ where: { id: body.insigniaId }, @@ -245,7 +248,11 @@ export class ProfileInsigniaEmployeeController extends Controller { @Delete("{insigniaId}") public async deleteInsignia(@Path() insigniaId: string, @Request() req: RequestWithUser) { - await new permission().PermissionDelete(req, "SYS_REGISTRY_EMP"); + const _record = await this.insigniaRepo.findOneBy({ id: insigniaId }); + if (_record) { + await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_EMP", _record.profileEmployeeId); + } + await this.insigniaHistoryRepo.delete({ profileInsigniaId: insigniaId, }); diff --git a/src/controllers/ProfileLeaveEmployeeController.ts b/src/controllers/ProfileLeaveEmployeeController.ts index 520ca752..4d9eb639 100644 --- a/src/controllers/ProfileLeaveEmployeeController.ts +++ b/src/controllers/ProfileLeaveEmployeeController.ts @@ -49,7 +49,8 @@ export class ProfileLeaveEmployeeController extends Controller { } @Get("{profileId}") - public async getLeave(@Path() profileId: string) { + public async getLeave(@Path() profileId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_EMP", profileId); const record = await this.leaveRepo.find({ relations: { leaveType: true }, where: { profileEmployeeId: profileId }, @@ -58,7 +59,11 @@ export class ProfileLeaveEmployeeController extends Controller { } @Get("history/{leaveId}") - public async leaveHistory(@Path() leaveId: string) { + public async leaveHistory(@Path() leaveId: string, @Request() req: RequestWithUser) { + const _record = await this.leaveRepo.findOneBy({ id: leaveId }); + if (_record) { + await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_EMP", _record.profileEmployeeId); + } const record = await this.leaveHistoryRepo.find({ relations: { leaveType: true }, where: { profileLeaveId: leaveId }, @@ -68,16 +73,17 @@ export class ProfileLeaveEmployeeController extends Controller { @Post() public async newLeave(@Request() req: RequestWithUser, @Body() body: CreateProfileEmployeeLeave) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_EMP"); + if (!body.profileEmployeeId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } const profile = await this.profileRepo.findOneBy({ id: body.profileEmployeeId }); - if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_EMP", profile.id); + const leaveType = await this.leaveTypeRepository.findOne({ where: { id: body.leaveTypeId }, }); @@ -111,10 +117,9 @@ export class ProfileLeaveEmployeeController extends Controller { @Body() body: UpdateProfileLeave, @Path() leaveId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_EMP"); const record = await this.leaveRepo.findOneBy({ id: leaveId }); - if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_EMP", record.profileEmployeeId) const leaveType = await this.leaveTypeRepository.findOne({ where: { id: body.leaveTypeId }, @@ -143,7 +148,11 @@ export class ProfileLeaveEmployeeController extends Controller { @Delete("{leaveId}") public async deleteLeave(@Path() leaveId: string, @Request() req: RequestWithUser) { - await new permission().PermissionDelete(req, "SYS_REGISTRY_EMP"); + const _record = await this.leaveRepo.findOneBy({ id: leaveId }); + if (_record) { + await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_EMP", _record.profileEmployeeId); + } + await this.leaveHistoryRepo.delete({ profileLeaveId: leaveId, }); diff --git a/src/controllers/ProfileNopaidEmployeeController.ts b/src/controllers/ProfileNopaidEmployeeController.ts index d1b8a0be..9670d9c2 100644 --- a/src/controllers/ProfileNopaidEmployeeController.ts +++ b/src/controllers/ProfileNopaidEmployeeController.ts @@ -67,16 +67,16 @@ export class ProfileNopaidEmployeeController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileEmployeeNopaid, ) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_EMP"); + if (!body.profileEmployeeId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } const profile = await this.profileRepository.findOneBy({ id: body.profileEmployeeId }); - if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_EMP", profile.id); const data = new ProfileNopaid(); @@ -104,10 +104,9 @@ export class ProfileNopaidEmployeeController extends Controller { @Body() body: UpdateProfileNopaid, @Path() nopaidId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_EMP"); const record = await this.nopaidRepository.findOneBy({ id: nopaidId }); - if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_EMP", record.profileEmployeeId) const history = new ProfileNopaidHistory(); @@ -132,7 +131,11 @@ export class ProfileNopaidEmployeeController extends Controller { @Delete("{nopaidId}") public async deleteNopaid(@Path() nopaidId: string, @Request() req: RequestWithUser) { - await new permission().PermissionDelete(req, "SYS_REGISTRY_EMP"); + const _record = await this.nopaidRepository.findOneBy({ id: nopaidId }); + if (_record) { + await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_EMP", _record.profileEmployeeId); + } + await this.nopaidHistoryRepository.delete({ profileNopaidId: nopaidId, }); diff --git a/src/controllers/ProfileOtherEmployeeController.ts b/src/controllers/ProfileOtherEmployeeController.ts index f949b460..d0249619 100644 --- a/src/controllers/ProfileOtherEmployeeController.ts +++ b/src/controllers/ProfileOtherEmployeeController.ts @@ -46,7 +46,8 @@ export class ProfileOtherEmployeeController extends Controller { } @Get("{profileId}") - public async getOther(@Path() profileId: string) { + public async getOther(@Path() profileId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_EMP", profileId); const lists = await this.otherRepository.find({ where: { profileEmployeeId: profileId }, }); @@ -54,7 +55,11 @@ export class ProfileOtherEmployeeController extends Controller { } @Get("history/{otherId}") - public async otherHistory(@Path() otherId: string) { + public async otherHistory(@Path() otherId: string, @Request() req: RequestWithUser) { + const _record = await this.otherRepository.findOneBy({ id: otherId }); + if (_record) { + await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_EMP", _record.profileEmployeeId); + } const record = await this.otherHistoryRepository.find({ where: { profileOtherId: otherId }, order: { createdAt: "DESC" }, @@ -64,16 +69,15 @@ export class ProfileOtherEmployeeController extends Controller { @Post() public async newOther(@Request() req: RequestWithUser, @Body() body: CreateProfileEmployeeOther) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_EMP"); if (!body.profileEmployeeId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } const profile = await this.profileRepository.findOneBy({ id: body.profileEmployeeId }); - if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_EMP", profile.id); const data = new ProfileOther(); @@ -101,10 +105,10 @@ export class ProfileOtherEmployeeController extends Controller { @Body() body: UpdateProfileOther, @Path() otherId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_EMP"); + const record = await this.otherRepository.findOneBy({ id: otherId }); - if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_EMP", record.profileEmployeeId) const history = new ProfileOtherHistory(); @@ -129,7 +133,11 @@ export class ProfileOtherEmployeeController extends Controller { @Delete("{otherId}") public async deleteOther(@Path() otherId: string, @Request() req: RequestWithUser) { - await new permission().PermissionDelete(req, "SYS_REGISTRY_EMP"); + const _record = await this.otherRepository.findOneBy({ id: otherId }); + if (_record) { + await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_EMP", _record.profileEmployeeId); + } + await this.otherHistoryRepository.delete({ profileOtherId: otherId, }); diff --git a/src/controllers/ProfileSalaryEmployeeController.ts b/src/controllers/ProfileSalaryEmployeeController.ts index fbab07cd..54c475e7 100644 --- a/src/controllers/ProfileSalaryEmployeeController.ts +++ b/src/controllers/ProfileSalaryEmployeeController.ts @@ -48,7 +48,8 @@ export class ProfileSalaryEmployeeController extends Controller { } @Get("{profileId}") - public async getSalaryEmployee(@Path() profileId: string) { + public async getSalaryEmployee(@Path() profileId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_EMP", profileId); const record = await this.salaryRepo.find({ where: { profileEmployeeId: profileId }, order: { order: "ASC" }, @@ -57,7 +58,11 @@ export class ProfileSalaryEmployeeController extends Controller { } @Get("history/{salaryId}") - public async salaryHistory(@Path() salaryId: string) { + public async salaryHistory(@Path() salaryId: string, @Request() req: RequestWithUser) { + const _record = await this.salaryRepo.findOneBy({ id: salaryId }); + if (_record) { + await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_EMP", _record.profileEmployeeId); + } const record = await this.salaryHistoryRepo.findBy({ profileSalaryId: salaryId, }); @@ -69,16 +74,15 @@ export class ProfileSalaryEmployeeController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileSalaryEmployee, ) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_EMP"); if (!body.profileEmployeeId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileEmployeeId"); } const profile = await this.profileRepo.findOneBy({ id: body.profileEmployeeId }); - if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_EMP", profile.id); const dest_item = await this.salaryRepo.findOne({ where: { profileEmployeeId: body.profileEmployeeId }, @@ -112,10 +116,10 @@ export class ProfileSalaryEmployeeController extends Controller { @Body() body: UpdateProfileSalaryEmployee, @Path() salaryId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_EMP"); + const record = await this.salaryRepo.findOneBy({ id: salaryId }); - if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_EMP", record.profileEmployeeId) const history = new ProfileSalaryHistory(); @@ -137,7 +141,11 @@ export class ProfileSalaryEmployeeController extends Controller { @Delete("{salaryId}") public async deleteSalaryEmployee(@Path() salaryId: string, @Request() req: RequestWithUser) { - await new permission().PermissionDelete(req, "SYS_REGISTRY_EMP"); + const _record = await this.salaryRepo.findOneBy({ id: salaryId }); + if (_record) { + await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_EMP", _record.profileEmployeeId); + } + await this.salaryHistoryRepo.delete({ profileSalaryId: salaryId, }); @@ -152,7 +160,11 @@ export class ProfileSalaryEmployeeController extends Controller { } @Get("swap/{direction}/{salaryId}") - public async swapSalaryEmployee(@Path() direction: string, salaryId: string) { + public async swapSalaryEmployee(@Path() direction: string, salaryId: string, @Request() req: RequestWithUser) { + const _record = await this.salaryRepo.findOneBy({ id: salaryId }); + if (_record) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_EMP", _record.profileEmployeeId); + } const source_item = await this.salaryRepo.findOne({ where: { id: salaryId } }); if (source_item == null) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); const sourceOrder = source_item.order; diff --git a/src/controllers/ProfileTrainingEmployeeController.ts b/src/controllers/ProfileTrainingEmployeeController.ts index 4f2e5d77..0056b321 100644 --- a/src/controllers/ProfileTrainingEmployeeController.ts +++ b/src/controllers/ProfileTrainingEmployeeController.ts @@ -74,7 +74,8 @@ export class ProfileTrainingEmployeeController extends Controller { }, ], }) - public async getTraining(@Path() profileEmployeeId: string) { + public async getTraining(@Path() profileEmployeeId: string, @Request() req: RequestWithUser) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_EMP", profileEmployeeId); const record = await this.trainingRepo.findBy({ profileEmployeeId }); return new HttpSuccess(record); } @@ -130,7 +131,12 @@ export class ProfileTrainingEmployeeController extends Controller { }, ], }) - public async trainingHistory(@Path() trainingId: string) { + public async trainingHistory(@Path() trainingId: string, @Request() req: RequestWithUser) { + const _record = await this.trainingRepo.findOneBy({ id: trainingId }); + if (_record) { + await new permission().PermissionOrgUserList(req, "SYS_REGISTRY_EMP", _record.profileEmployeeId); + } + const record = await this.trainingHistoryRepo.findBy({ profileTrainingId: trainingId, }); @@ -142,16 +148,16 @@ export class ProfileTrainingEmployeeController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileEmployeeTraining, ) { - await new permission().PermissionCreate(req, "SYS_REGISTRY_EMP"); if (!body.profileEmployeeId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileEmployeeId"); } const profile = await this.profileEmployeeRepo.findOneBy({ id: body.profileEmployeeId }); - if (!profile) { throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว"); } + await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_EMP", profile.id); + const data = new ProfileTraining(); @@ -179,10 +185,9 @@ export class ProfileTrainingEmployeeController extends Controller { @Body() body: UpdateProfileTraining, @Path() trainingId: string, ) { - await new permission().PermissionUpdate(req, "SYS_REGISTRY_EMP"); const record = await this.trainingRepo.findOneBy({ id: trainingId }); - if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); + await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_EMP", record.profileEmployeeId) const history = new ProfileTrainingHistory(); @@ -204,7 +209,11 @@ export class ProfileTrainingEmployeeController extends Controller { @Delete("{trainingId}") public async deleteTraining(@Path() trainingId: string, @Request() req: RequestWithUser) { - await new permission().PermissionDelete(req, "SYS_REGISTRY_EMP"); + const _record = await this.trainingRepo.findOneBy({ id: trainingId }); + if (_record) { + await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_EMP", _record.profileEmployeeId); + } + await this.trainingHistoryRepo.delete({ profileTrainingId: trainingId, });