diff --git a/src/controllers/OrganizationController.ts b/src/controllers/OrganizationController.ts index c8958239..970ea8eb 100644 --- a/src/controllers/OrganizationController.ts +++ b/src/controllers/OrganizationController.ts @@ -3577,12 +3577,12 @@ export class OrganizationController extends Controller { // child3: null, // child4: null, // }; - + // if (!request.user.role.includes("SUPER_ADMIN")) { // _data = await new permission().PermissionOrgList(request, "SYS_ACTING"); // } await new permission().PermissionOrgList(request, "SYS_ACTING"); - + const orgRevision = await this.orgRevisionRepository.findOne({ where: { id } }); if (!orgRevision) { throw new HttpError(HttpStatusCode.NOT_FOUND, "ไม่พบข้อมูล"); diff --git a/src/controllers/PermissionController.ts b/src/controllers/PermissionController.ts index 0ca6f9e1..fb9f67a6 100644 --- a/src/controllers/PermissionController.ts +++ b/src/controllers/PermissionController.ts @@ -33,7 +33,7 @@ export class PermissionController extends Controller { private redis = require("redis"); @Get("") - public async getPermission(@Request() request: { user: Record }) { + public async getPermission(@Request() request: RequestWithUser) { const redisClient = await this.redis.createClient({ host: REDIS_HOST, port: REDIS_PORT, @@ -118,7 +118,7 @@ export class PermissionController extends Controller { } @Get("menu") - public async listAuthSys(@Request() request: { user: Record }) { + public async listAuthSys(@Request() request: RequestWithUser) { const orgRevision = await this.orgRevisionRepository.findOne({ select: ["id"], where: { @@ -281,8 +281,12 @@ export class PermissionController extends Controller { return new HttpSuccess(res); } - @Get("org") - public async listAuthSysOrg(@Request() request: RequestWithUser) { + @Get("org/{system}/{action}") + public async listAuthSysOrg( + @Request() request: RequestWithUser, + @Path() system: string, + @Path() action: string, + ) { const redisClient = await this.redis.createClient({ host: REDIS_HOST, port: REDIS_PORT, @@ -305,9 +309,12 @@ export class PermissionController extends Controller { } } + let privilege = await this.Permission(request, system, action); + console.log(privilege); let reply = await getAsync("posMaster_" + profile.id); if (reply != null) { reply = JSON.parse(reply); + reply.privilege = privilege; } else { const orgRevision = await this.orgRevisionRepository.findOne({ select: ["id"], @@ -330,6 +337,7 @@ export class PermissionController extends Controller { orgChild2Id: null, orgChild3Id: null, orgChild4Id: null, + privilege: privilege, }; } else { reply = { @@ -338,6 +346,7 @@ export class PermissionController extends Controller { orgChild2Id: posMaster.orgChild2Id, orgChild3Id: posMaster.orgChild3Id, orgChild4Id: posMaster.orgChild4Id, + privilege: privilege, }; } redisClient.setex("posMaster_" + profile.id, 86400, JSON.stringify(reply)); @@ -355,6 +364,7 @@ export class PermissionController extends Controller { orgChild2Id: null, orgChild3Id: null, orgChild4Id: null, + privilege: privilege, }; } else { reply = { @@ -363,6 +373,7 @@ export class PermissionController extends Controller { orgChild2Id: posMaster.orgChild2Id, orgChild3Id: posMaster.orgChild3Id, orgChild4Id: posMaster.orgChild4Id, + privilege: privilege, }; } redisClient.setex("posMaster_" + profile.id, 86400, JSON.stringify(reply)); @@ -372,8 +383,13 @@ export class PermissionController extends Controller { return new HttpSuccess(reply); } - @Get("user/{id}") - public async listOrgUser(@Request() request: RequestWithUser, @Path() id: string) { + @Get("user/{system}/{action}/{id}") + public async listOrgUser( + @Request() request: RequestWithUser, + @Path() system: string, + @Path() action: string, + @Path() id: string, + ) { const orgRevision = await this.orgRevisionRepository.findOne({ select: ["id"], where: { @@ -387,9 +403,11 @@ export class PermissionController extends Controller { }); const getAsync = promisify(redisClient.get).bind(redisClient); + let org = this.PermissionOrg(request, system, action); let reply = await getAsync("user_" + id); if (reply != null) { reply = JSON.parse(reply); + reply.org = org; } else { let profileType = "OFFICER"; let profile: any = await this.profileRepo.findOne({ @@ -420,6 +438,7 @@ export class PermissionController extends Controller { orgChild2Id: null, orgChild3Id: null, orgChild4Id: null, + org: org, }; } else { reply = { @@ -428,6 +447,7 @@ export class PermissionController extends Controller { orgChild2Id: posMaster.orgChild2Id, orgChild3Id: posMaster.orgChild3Id, orgChild4Id: posMaster.orgChild4Id, + org: org, }; } redisClient.setex("user_" + profile.id, 86400, JSON.stringify(reply)); @@ -445,6 +465,7 @@ export class PermissionController extends Controller { orgChild2Id: null, orgChild3Id: null, orgChild4Id: null, + org: org, }; } else { reply = { @@ -453,6 +474,7 @@ export class PermissionController extends Controller { orgChild2Id: posMaster.orgChild2Id, orgChild3Id: posMaster.orgChild3Id, orgChild4Id: posMaster.orgChild4Id, + org: org, }; } redisClient.setex("user_" + profile.id, 86400, JSON.stringify(reply)); @@ -461,4 +483,276 @@ export class PermissionController extends Controller { return new HttpSuccess(reply); } + + public async getPermissionFunc(@Request() request: RequestWithUser) { + const redisClient = await this.redis.createClient({ + host: REDIS_HOST, + port: REDIS_PORT, + }); + const getAsync = promisify(redisClient.get).bind(redisClient); + + let profile: any = await this.profileRepo.findOne({ + select: ["id"], + where: { keycloak: request.user.sub }, + }); + if (!profile) { + profile = await this.profileEmployeeRepo.findOne({ + select: ["id"], + where: { keycloak: request.user.sub }, + }); + if (!profile) { + throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลบุคคลนี้ในระบบ"); + } + } + + let reply = await getAsync("role_" + profile.id); + if (reply != null) { + reply = JSON.parse(reply); + } else { + const orgRevision = await this.orgRevisionRepository.findOne({ + select: ["id"], + where: { + orgRevisionIsDraft: false, + orgRevisionIsCurrent: true, + }, + }); + let posMaster: any = await this.posMasterRepository.findOne({ + select: ["authRoleId"], + where: { + current_holderId: profile.id, + orgRevisionId: orgRevision?.id, + }, + }); + if (!posMaster) { + posMaster = await this.posMasterEmpRepository.findOne({ + select: ["authRoleId"], + where: { + current_holderId: profile.id, + orgRevisionId: orgRevision?.id, + }, + }); + if (!posMaster) { + throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลสิทธิ์"); + } + } + + const getDetail = await this.authRoleRepo.findOne({ + select: ["id", "roleName", "roleDescription"], + where: { id: posMaster.authRoleId }, + }); + if (!getDetail) { + throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); + } + + const roleAttrData = await this.authRoleAttrRepo.find({ + select: [ + "authSysId", + "parentNode", + "attrOwnership", + "attrIsCreate", + "attrIsList", + "attrIsGet", + "attrIsUpdate", + "attrIsDelete", + "attrPrivilege", + ], + where: { authRoleId: getDetail.id }, + }); + + reply = { + ...getDetail, + roles: roleAttrData, + }; + redisClient.setex("role_" + profile.id, 86400, JSON.stringify(reply)); + } + return reply; + } + + public async Permission(req: RequestWithUser, system: string, action: string) { + // if ( + // req.headers.hasOwnProperty("api_key") && + // req.headers["api_key"] && + // req.headers["api_key"] == process.env.API_KEY + // ) { + // return null; + // } + let x: any = await this.getPermissionFunc(req); + let permission = false; + let role = x.roles.find((x: any) => x.authSysId == system); + if (!role) throw "ไม่มีสิทธิ์เข้าระบบ"; + if (role.attrOwnership == "OWNER") return "OWNER"; + if (action.trim().toLocaleUpperCase() == "CREATE") permission = role.attrIsCreate; + if (action.trim().toLocaleUpperCase() == "DELETE") permission = role.attrIsDelete; + if (action.trim().toLocaleUpperCase() == "GET") permission = role.attrIsGet; + if (action.trim().toLocaleUpperCase() == "LIST") permission = role.attrIsList; + if (action.trim().toLocaleUpperCase() == "UPDATE") permission = role.attrIsUpdate; + if (permission == false) throw "ไม่มีสิทธิ์ใช้งานระบบนี้"; + return role.attrPrivilege; + } + + public async listAuthSysOrgFunc(request: RequestWithUser, system: string, action: string) { + const redisClient = await this.redis.createClient({ + host: REDIS_HOST, + port: REDIS_PORT, + }); + const getAsync = promisify(redisClient.get).bind(redisClient); + + let profileType = "OFFICER"; + let profile: any = await this.profileRepo.findOne({ + select: ["id"], + where: { keycloak: request.user.sub }, + }); + if (!profile) { + profileType = "EMPLOYEE"; + profile = await this.profileEmployeeRepo.findOne({ + select: ["id"], + where: { keycloak: request.user.sub }, + }); + if (!profile) { + throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลบุคคลนี้ในระบบ"); + } + } + + let reply = await getAsync("posMaster_" + profile.id); + if (reply != null) { + reply = JSON.parse(reply); + } else { + let privilege = await this.Permission(request, system, action); + const orgRevision = await this.orgRevisionRepository.findOne({ + select: ["id"], + where: { + orgRevisionIsDraft: false, + orgRevisionIsCurrent: true, + }, + }); + if (profileType == "OFFICER") { + const posMaster = await this.posMasterRepository.findOne({ + where: { + current_holderId: profile.id, + orgRevisionId: orgRevision?.id, + }, + }); + if (!posMaster) { + reply = { + orgRootId: null, + orgChild1Id: null, + orgChild2Id: null, + orgChild3Id: null, + orgChild4Id: null, + privilege: privilege, + }; + } else { + reply = { + orgRootId: posMaster.orgRootId, + orgChild1Id: posMaster.orgChild1Id, + orgChild2Id: posMaster.orgChild2Id, + orgChild3Id: posMaster.orgChild3Id, + orgChild4Id: posMaster.orgChild4Id, + privilege: privilege, + }; + } + redisClient.setex("posMaster_" + profile.id, 86400, JSON.stringify(reply)); + } else { + const posMaster = await this.posMasterEmpRepository.findOne({ + where: { + current_holderId: profile.id, + orgRevisionId: orgRevision?.id, + }, + }); + if (!posMaster) { + reply = { + orgRootId: null, + orgChild1Id: null, + orgChild2Id: null, + orgChild3Id: null, + orgChild4Id: null, + privilege: privilege, + }; + } else { + reply = { + orgRootId: posMaster.orgRootId, + orgChild1Id: posMaster.orgChild1Id, + orgChild2Id: posMaster.orgChild2Id, + orgChild3Id: posMaster.orgChild3Id, + orgChild4Id: posMaster.orgChild4Id, + privilege: privilege, + }; + } + redisClient.setex("posMaster_" + profile.id, 86400, JSON.stringify(reply)); + } + } + return reply; + } + + public async PermissionOrg(req: RequestWithUser, system: string, action: string) { + // if ( + // req.headers.hasOwnProperty("api_key") && + // req.headers["api_key"] && + // req.headers["api_key"] == process.env.API_KEY + // ) { + // return { + // root: null, + // child1: null, + // child2: null, + // child3: null, + // child4: null, + // }; + // } + let x: any = await this.listAuthSysOrgFunc(req, system, action); + let privilege = x.privilege; + + let data: any = { + root: [null], + child1: [null], + child2: [null], + child3: [null], + child4: [null], + }; + let node = 4; + if (x.orgChild1Id == null) { + node = 0; + } else if (x.orgChild2Id == null) { + node = 1; + } else if (x.orgChild3Id == null) { + node = 2; + } else if (x.orgChild4Id == null) { + node = 3; + } + if (privilege == "ROOT") { + data = { + root: [x.orgRootId], + child1: null, + child2: null, + child3: null, + child4: null, + }; + } else if (privilege == "CHILD") { + data = { + root: node >= 0 ? [x.orgRootId] : null, + child1: node >= 1 ? [x.orgChild1Id] : null, + child2: node >= 2 ? [x.orgChild2Id] : null, + child3: node >= 3 ? [x.orgChild3Id] : null, + child4: node >= 4 ? [x.orgChild4Id] : null, + }; + } else if (privilege == "NORMAL") { + data = { + root: [x.orgRootId], + child1: [x.orgChild1Id], + child2: [x.orgChild2Id], + child3: [x.orgChild3Id], + child4: [x.orgChild4Id], + }; + } else if (privilege == "SPECIFIC") { + } else if (privilege == "OWNER") { + data = { + root: null, + child1: null, + child2: null, + child3: null, + child4: null, + }; + } + + return data; + } } diff --git a/src/interfaces/permission.ts b/src/interfaces/permission.ts index 16690180..fb2d6693 100644 --- a/src/interfaces/permission.ts +++ b/src/interfaces/permission.ts @@ -42,22 +42,29 @@ class CheckAuth { req.headers["api_key"] && req.headers["api_key"] == process.env.API_KEY ) { - return null; + return { + root: null, + child1: null, + child2: null, + child3: null, + child4: null, + }; } return await new CallAPI() - .GetData(req, "/org/permission/org") + .GetData(req, `/org/permission/org/${system}/${action}`) .then(async (x) => { - let privilege = null; - if (action.trim().toLocaleUpperCase() == "CREATE") - privilege = await this.PermissionCreate(req, system); - if (action.trim().toLocaleUpperCase() == "DELETE") - privilege = await this.PermissionDelete(req, system); - if (action.trim().toLocaleUpperCase() == "GET") - privilege = await this.PermissionGet(req, system); - if (action.trim().toLocaleUpperCase() == "LIST") - privilege = await this.PermissionList(req, system); - if (action.trim().toLocaleUpperCase() == "UPDATE") - privilege = await this.PermissionUpdate(req, system); + console.log(x); + let privilege = x.privilege; + // if (action.trim().toLocaleUpperCase() == "CREATE") + // privilege = await this.PermissionCreate(req, system); + // if (action.trim().toLocaleUpperCase() == "DELETE") + // privilege = await this.PermissionDelete(req, system); + // if (action.trim().toLocaleUpperCase() == "GET") + // privilege = await this.PermissionGet(req, system); + // if (action.trim().toLocaleUpperCase() == "LIST") + // privilege = await this.PermissionList(req, system); + // if (action.trim().toLocaleUpperCase() == "UPDATE") + // privilege = await this.PermissionUpdate(req, system); let data: any = { root: [null], @@ -135,25 +142,19 @@ class CheckAuth { return true; } return await new CallAPI() - .GetData(req, `/org/permission/user/${profileId}`) + .GetData(req, `/org/permission/user/${system}/${action}/${profileId}`) .then(async (x) => { - let org = { - root: [null], - child1: [null], - child2: [null], - child3: [null], - child4: [null], - }; - if (action.trim().toLocaleUpperCase() == "CREATE") - org = await this.PermissionOrgCreate(req, system); - if (action.trim().toLocaleUpperCase() == "DELETE") - org = await this.PermissionOrgDelete(req, system); - if (action.trim().toLocaleUpperCase() == "GET") - org = await this.PermissionOrgGet(req, system); - if (action.trim().toLocaleUpperCase() == "LIST") - org = await this.PermissionOrgList(req, system); - if (action.trim().toLocaleUpperCase() == "UPDATE") - org = await this.PermissionOrgUpdate(req, system); + let org = x.org; + // if (action.trim().toLocaleUpperCase() == "CREATE") + // org = await this.PermissionOrgCreate(req, system); + // if (action.trim().toLocaleUpperCase() == "DELETE") + // org = await this.PermissionOrgDelete(req, system); + // if (action.trim().toLocaleUpperCase() == "GET") + // org = await this.PermissionOrgGet(req, system); + // if (action.trim().toLocaleUpperCase() == "LIST") + // org = await this.PermissionOrgList(req, system); + // if (action.trim().toLocaleUpperCase() == "UPDATE") + // org = await this.PermissionOrgUpdate(req, system); if (org.root != null) if (x.orgRootId != org.root[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล"; if (org.child1 != null)