role เมนู ลูกจ้างประจำ กทม.

src/controllers/ProfileNopaidEmployeeController.ts

@@ -67,16 +67,16 @@ export class ProfileNopaidEmployeeController extends Controller {
     @Request() req: RequestWithUser,
     @Body() body: CreateProfileEmployeeNopaid,
   ) {
-    await new permission().PermissionCreate(req, "SYS_REGISTRY_EMP");
+    
     if (!body.profileEmployeeId) {
       throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId");
     }
 
     const profile = await this.profileRepository.findOneBy({ id: body.profileEmployeeId });
-
     if (!profile) {
       throw new HttpError(HttpStatus.BAD_REQUEST, "ไม่พบ profile ดังกล่าว");
     }
+    await new permission().PermissionOrgUserCreate(req, "SYS_REGISTRY_EMP", profile.id);
 
     const data = new ProfileNopaid();
 
@@ -104,10 +104,9 @@ export class ProfileNopaidEmployeeController extends Controller {
     @Body() body: UpdateProfileNopaid,
     @Path() nopaidId: string,
   ) {
-    await new permission().PermissionUpdate(req, "SYS_REGISTRY_EMP");
     const record = await this.nopaidRepository.findOneBy({ id: nopaidId });
-
     if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล");
+    await new permission().PermissionOrgUserUpdate(req, "SYS_REGISTRY_EMP", record.profileEmployeeId)
 
     const history = new ProfileNopaidHistory();
 
@@ -132,7 +131,11 @@ export class ProfileNopaidEmployeeController extends Controller {
 
   @Delete("{nopaidId}")
   public async deleteNopaid(@Path() nopaidId: string, @Request() req: RequestWithUser) {
-    await new permission().PermissionDelete(req, "SYS_REGISTRY_EMP");
+    const _record = await this.nopaidRepository.findOneBy({ id: nopaidId });
+    if (_record) {
+      await new permission().PermissionOrgUserDelete(req, "SYS_REGISTRY_EMP", _record.profileEmployeeId);
+    }
+
     await this.nopaidHistoryRepository.delete({
       profileNopaidId: nopaidId,
     });