diff --git a/src/controllers/PermissionController.ts b/src/controllers/PermissionController.ts index d848af38..e14848ea 100644 --- a/src/controllers/PermissionController.ts +++ b/src/controllers/PermissionController.ts @@ -33,12 +33,18 @@ export class PermissionController extends Controller { private redis = require("redis"); @Get("") - public async getPermission(@Request() request: { user: Record }) { + public async getPermission(@Request() request: RequestWithUser) { + let data = this.getPermissionFunc(request); + return new HttpSuccess(data); + } + + @Get("menu") + public async listAuthSys(@Request() request: RequestWithUser) { const orgRevision = await this.orgRevisionRepository.findOne({ select: ["id"], - where: { - orgRevisionIsDraft: false, - orgRevisionIsCurrent: true, + where: { + orgRevisionIsDraft: false, + orgRevisionIsCurrent: true, }, }); const redisClient = await this.redis.createClient({ @@ -48,141 +54,38 @@ export class PermissionController extends Controller { const getAsync = promisify(redisClient.get).bind(redisClient); let profileType = "OFFICER"; - let profile:any = await this.profileRepo.findOne({ + let profile: any = await this.profileRepo.findOne({ select: ["id"], where: { keycloak: request.user.sub }, }); if (!profile) { - profileType = "EMPLOYEE"; - profile = await this.profileEmployeeRepo.findOne({ - select: ["id"], - where: { keycloak: request.user.sub }, - }); - if (!profile) { - throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลบุคคลนี้ในระบบ"); - } - } - - let reply = await getAsync("role_" + profile.id); - if (reply != null) { - reply = JSON.parse(reply); - } else { - let posMaster:any = await this.posMasterRepository.findOne({ - select: ["authRoleId"], - where: { - current_holderId: profile.id, - // orgRevision: { - // orgRevisionIsDraft: false, - // orgRevisionIsCurrent: true, - // }, - orgRevisionId: orgRevision?.id - }, - }); - if (!posMaster) { - posMaster = await this.posMasterEmpRepository.findOne({ - select: ["authRoleId"], - where: { - current_holderId: profile.id, - // orgRevision: { - // orgRevisionIsDraft: false, - // orgRevisionIsCurrent: true, - // }, - orgRevisionId: orgRevision?.id - }, - }); - if (!posMaster) { - throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลสิทธิ์"); - } - } - - const getDetail = await this.authRoleRepo.findOne({ - select: ["id", "roleName", "roleDescription"], - where: { id: posMaster.authRoleId }, - }); - if (!getDetail) { - throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); - } - - const roleAttrData = await this.authRoleAttrRepo.find({ - select: [ - "authSysId", - "parentNode", - "attrOwnership", - "attrIsCreate", - "attrIsList", - "attrIsGet", - "attrIsUpdate", - "attrIsDelete", - "attrPrivilege", - ], - where: { authRoleId: getDetail.id }, - }); - - reply = { - ...getDetail, - roles: roleAttrData, - }; - redisClient.setex("role_" + profile.id, 86400, JSON.stringify(reply)); - } - return new HttpSuccess(reply); - } - - @Get("menu") - public async listAuthSys(@Request() request: { user: Record }) { - const orgRevision = await this.orgRevisionRepository.findOne({ - select: ["id"], - where: { - orgRevisionIsDraft: false, - orgRevisionIsCurrent: true, - }, - }); - const redisClient = await this.redis.createClient({ - host: REDIS_HOST, - port: REDIS_PORT, - }); - const getAsync = promisify(redisClient.get).bind(redisClient); - - let profileType = "OFFICER"; - let profile:any = await this.profileRepo.findOne({ + profileType = "EMPLOYEE"; + profile = await this.profileEmployeeRepo.findOne({ select: ["id"], where: { keycloak: request.user.sub }, }); if (!profile) { - profileType = "EMPLOYEE"; - profile = await this.profileEmployeeRepo.findOne({ - select: ["id"], - where: { keycloak: request.user.sub }, - }); - if (!profile) { - throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลบุคคลนี้ในระบบ"); - } + throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลบุคคลนี้ในระบบ"); } + } let reply = await getAsync("menu_" + profile.id); if (reply != null) { reply = JSON.parse(reply); } else { - let posMaster:any = await this.posMasterRepository.findOne({ + let posMaster: any = await this.posMasterRepository.findOne({ select: ["authRoleId"], where: { current_holderId: profile.id, - // orgRevision: { - // orgRevisionIsDraft: false, - // orgRevisionIsCurrent: true, - // }, - orgRevisionId: orgRevision?.id + orgRevisionId: orgRevision?.id, }, }); if (!posMaster) { posMaster = await this.posMasterEmpRepository.findOne({ - select: ["authRoleId"], + select: ["authRoleId"], where: { current_holderId: profile.id, - // orgRevision: { - // orgRevisionIsDraft: false, - // orgRevisionIsCurrent: true, - // }, - orgRevisionId: orgRevision?.id + orgRevisionId: orgRevision?.id, }, }); if (!posMaster) { @@ -303,9 +206,9 @@ export class PermissionController extends Controller { public async listAuthSysOrg(@Request() request: RequestWithUser) { const orgRevision = await this.orgRevisionRepository.findOne({ select: ["id"], - where: { - orgRevisionIsDraft: false, - orgRevisionIsCurrent: true, + where: { + orgRevisionIsDraft: false, + orgRevisionIsCurrent: true, }, }); const redisClient = await this.redis.createClient({ @@ -315,83 +218,83 @@ export class PermissionController extends Controller { const getAsync = promisify(redisClient.get).bind(redisClient); let profileType = "OFFICER"; - let profile:any = await this.profileRepo.findOne({ + let profile: any = await this.profileRepo.findOne({ + select: ["id"], + where: { keycloak: request.user.sub }, + }); + if (!profile) { + profileType = "EMPLOYEE"; + profile = await this.profileEmployeeRepo.findOne({ select: ["id"], where: { keycloak: request.user.sub }, }); if (!profile) { - profileType = "EMPLOYEE"; - profile = await this.profileEmployeeRepo.findOne({ - select: ["id"], - where: { keycloak: request.user.sub }, - }); - if (!profile) { - throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลบุคคลนี้ในระบบ"); - } + throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลบุคคลนี้ในระบบ"); } + } let reply = await getAsync("posMaster_" + profile.id); if (reply != null) { reply = JSON.parse(reply); } else { - if(profileType == "OFFICER"){ - const posMaster = await this.posMasterRepository.findOne({ - where: { - current_holderId: profile.id, - // orgRevision: { - // orgRevisionIsDraft: false, - // orgRevisionIsCurrent: true, - // }, - orgRevisionId: orgRevision?.id - }, - }); - if (!posMaster) { - reply = { - orgRootId: null, - orgChild1Id: null, - orgChild2Id: null, - orgChild3Id: null, - orgChild4Id: null, - }; + if (profileType == "OFFICER") { + const posMaster = await this.posMasterRepository.findOne({ + where: { + current_holderId: profile.id, + // orgRevision: { + // orgRevisionIsDraft: false, + // orgRevisionIsCurrent: true, + // }, + orgRevisionId: orgRevision?.id, + }, + }); + if (!posMaster) { + reply = { + orgRootId: null, + orgChild1Id: null, + orgChild2Id: null, + orgChild3Id: null, + orgChild4Id: null, + }; + } else { + reply = { + orgRootId: posMaster.orgRootId, + orgChild1Id: posMaster.orgChild1Id, + orgChild2Id: posMaster.orgChild2Id, + orgChild3Id: posMaster.orgChild3Id, + orgChild4Id: posMaster.orgChild4Id, + }; + } + redisClient.setex("posMaster_" + profile.id, 86400, JSON.stringify(reply)); } else { - reply = { - orgRootId: posMaster.orgRootId, - orgChild1Id: posMaster.orgChild1Id, - orgChild2Id: posMaster.orgChild2Id, - orgChild3Id: posMaster.orgChild3Id, - orgChild4Id: posMaster.orgChild4Id, - }; - } - redisClient.setex("posMaster_" + profile.id, 86400, JSON.stringify(reply));}else{ - - const posMaster = await this.posMasterEmpRepository.findOne({ - where: { - current_holderId: profile.id, - // orgRevision: { - // orgRevisionIsDraft: false, - // orgRevisionIsCurrent: true, - // }, - orgRevisionId: orgRevision?.id - }, - }); - if (!posMaster) { - reply = { - orgRootId: null, - orgChild1Id: null, - orgChild2Id: null, - orgChild3Id: null, - orgChild4Id: null, - }; - } else { - reply = { - orgRootId: posMaster.orgRootId, - orgChild1Id: posMaster.orgChild1Id, - orgChild2Id: posMaster.orgChild2Id, - orgChild3Id: posMaster.orgChild3Id, - orgChild4Id: posMaster.orgChild4Id, - }; - } - redisClient.setex("posMaster_" + profile.id, 86400, JSON.stringify(reply)); + const posMaster = await this.posMasterEmpRepository.findOne({ + where: { + current_holderId: profile.id, + // orgRevision: { + // orgRevisionIsDraft: false, + // orgRevisionIsCurrent: true, + // }, + orgRevisionId: orgRevision?.id, + }, + }); + if (!posMaster) { + reply = { + orgRootId: null, + orgChild1Id: null, + orgChild2Id: null, + orgChild3Id: null, + orgChild4Id: null, + }; + } else { + reply = { + orgRootId: posMaster.orgRootId, + orgChild1Id: posMaster.orgChild1Id, + orgChild2Id: posMaster.orgChild2Id, + orgChild3Id: posMaster.orgChild3Id, + orgChild4Id: posMaster.orgChild4Id, + }; + } + redisClient.setex("posMaster_" + profile.id, 86400, JSON.stringify(reply)); } } @@ -400,11 +303,105 @@ export class PermissionController extends Controller { @Get("user/{id}") public async listOrgUser(@Request() request: RequestWithUser, @Path() id: string) { - const orgRevision = await this.orgRevisionRepository.findOne({ - select: ["id"], - where: { + const redisClient = await this.redis.createClient({ + host: REDIS_HOST, + port: REDIS_PORT, + }); + const getAsync = promisify(redisClient.get).bind(redisClient); + + let reply = await getAsync("user_" + id); + if (reply != null) { + reply = JSON.parse(reply); + } else { + const orgRevision = await this.orgRevisionRepository.findOne({ + select: ["id"], + where: { orgRevisionIsDraft: false, orgRevisionIsCurrent: true, + }, + }); + let profileType = "OFFICER"; + let profile: any = await this.profileRepo.findOne({ + select: ["id"], + where: { id: id }, + }); + if (!profile) { + profileType = "EMPLOYEE"; + profile = await this.profileEmployeeRepo.findOne({ + select: ["id"], + where: { id: id }, + }); + if (!profile) { + throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลบุคคลนี้ในระบบ"); + } + } + if (profileType == "OFFICER") { + const posMaster = await this.posMasterRepository.findOne({ + where: { + current_holderId: profile.id, + orgRevisionId: orgRevision?.id, + }, + }); + if (!posMaster) { + reply = { + orgRootId: null, + orgChild1Id: null, + orgChild2Id: null, + orgChild3Id: null, + orgChild4Id: null, + }; + } else { + reply = { + orgRootId: posMaster.orgRootId, + orgChild1Id: posMaster.orgChild1Id, + orgChild2Id: posMaster.orgChild2Id, + orgChild3Id: posMaster.orgChild3Id, + orgChild4Id: posMaster.orgChild4Id, + }; + } + redisClient.setex("user_" + profile.id, 86400, JSON.stringify(reply)); + } else { + const posMaster = await this.posMasterEmpRepository.findOne({ + where: { + current_holderId: profile.id, + orgRevisionId: orgRevision?.id, + }, + }); + if (!posMaster) { + reply = { + orgRootId: null, + orgChild1Id: null, + orgChild2Id: null, + orgChild3Id: null, + orgChild4Id: null, + }; + } else { + reply = { + orgRootId: posMaster.orgRootId, + orgChild1Id: posMaster.orgChild1Id, + orgChild2Id: posMaster.orgChild2Id, + orgChild3Id: posMaster.orgChild3Id, + orgChild4Id: posMaster.orgChild4Id, + }; + } + redisClient.setex("user_" + profile.id, 86400, JSON.stringify(reply)); + } + } + + return new HttpSuccess(reply); + } + + @Get("org/{action}/{system}") + public async listAuthSysOrgSystem( + @Request() request: RequestWithUser, + @Path() action: string, + @Path() system: string, + ) { + const orgRevision = await this.orgRevisionRepository.findOne({ + select: ["id"], + where: { + orgRevisionIsDraft: false, + orgRevisionIsCurrent: true, }, }); const redisClient = await this.redis.createClient({ @@ -414,86 +411,189 @@ export class PermissionController extends Controller { const getAsync = promisify(redisClient.get).bind(redisClient); let profileType = "OFFICER"; - let profile:any = await this.profileRepo.findOne({ + let profile: any = await this.profileRepo.findOne({ select: ["id"], - where: { id: id }, + where: { keycloak: request.user.sub }, }); if (!profile) { - profileType = "EMPLOYEE"; - profile = await this.profileEmployeeRepo.findOne({ - select: ["id"], - where: { id: id }, - }); - if (!profile) { - throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลบุคคลนี้ในระบบ"); - } + profileType = "EMPLOYEE"; + profile = await this.profileEmployeeRepo.findOne({ + select: ["id"], + where: { keycloak: request.user.sub }, + }); + if (!profile) { + throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลบุคคลนี้ในระบบ"); + } } - let reply = await getAsync("user_" + profile.id); + let reply = await getAsync("posMaster_" + profile.id); if (reply != null) { reply = JSON.parse(reply); } else { - if(profileType == "OFFICER"){ - const posMaster = await this.posMasterRepository.findOne({ - where: { - current_holderId: profile.id, - // orgRevision: { - // orgRevisionIsDraft: false, - // orgRevisionIsCurrent: true, - // }, - orgRevisionId: orgRevision?.id - }, - }); - if (!posMaster) { - reply = { - orgRootId: null, - orgChild1Id: null, - orgChild2Id: null, - orgChild3Id: null, - orgChild4Id: null, - }; + let privilege = this.Permission(request, system.toLocaleUpperCase(), action); + if (profileType == "OFFICER") { + const posMaster = await this.posMasterRepository.findOne({ + where: { + current_holderId: profile.id, + orgRevisionId: orgRevision?.id, + }, + }); + if (!posMaster) { + reply = { + orgRootId: null, + orgChild1Id: null, + orgChild2Id: null, + orgChild3Id: null, + orgChild4Id: null, + privilege: privilege, + }; + } else { + reply = { + orgRootId: posMaster.orgRootId, + orgChild1Id: posMaster.orgChild1Id, + orgChild2Id: posMaster.orgChild2Id, + orgChild3Id: posMaster.orgChild3Id, + orgChild4Id: posMaster.orgChild4Id, + privilege: privilege, + }; + } + redisClient.setex("posMaster_" + profile.id, 86400, JSON.stringify(reply)); } else { - reply = { - orgRootId: posMaster.orgRootId, - orgChild1Id: posMaster.orgChild1Id, - orgChild2Id: posMaster.orgChild2Id, - orgChild3Id: posMaster.orgChild3Id, - orgChild4Id: posMaster.orgChild4Id, - }; - } - redisClient.setex("user_" + profile.id, 86400, JSON.stringify(reply));}else{ - - const posMaster = await this.posMasterEmpRepository.findOne({ - where: { - current_holderId: profile.id, - // orgRevision: { - // orgRevisionIsDraft: false, - // orgRevisionIsCurrent: true, - // }, - orgRevisionId: orgRevision?.id - }, - }); - if (!posMaster) { - reply = { - orgRootId: null, - orgChild1Id: null, - orgChild2Id: null, - orgChild3Id: null, - orgChild4Id: null, - }; - } else { - reply = { - orgRootId: posMaster.orgRootId, - orgChild1Id: posMaster.orgChild1Id, - orgChild2Id: posMaster.orgChild2Id, - orgChild3Id: posMaster.orgChild3Id, - orgChild4Id: posMaster.orgChild4Id, - }; - } - redisClient.setex("user_" + profile.id, 86400, JSON.stringify(reply)); + const posMaster = await this.posMasterEmpRepository.findOne({ + where: { + current_holderId: profile.id, + orgRevisionId: orgRevision?.id, + }, + }); + if (!posMaster) { + reply = { + orgRootId: null, + orgChild1Id: null, + orgChild2Id: null, + orgChild3Id: null, + orgChild4Id: null, + privilege: privilege, + }; + } else { + reply = { + orgRootId: posMaster.orgRootId, + orgChild1Id: posMaster.orgChild1Id, + orgChild2Id: posMaster.orgChild2Id, + orgChild3Id: posMaster.orgChild3Id, + orgChild4Id: posMaster.orgChild4Id, + privilege: privilege, + }; + } + redisClient.setex("posMaster_" + profile.id, 86400, JSON.stringify(reply)); } } return new HttpSuccess(reply); } + + public async getPermissionFunc(@Request() request: RequestWithUser) { + const orgRevision = await this.orgRevisionRepository.findOne({ + select: ["id"], + where: { + orgRevisionIsDraft: false, + orgRevisionIsCurrent: true, + }, + }); + const redisClient = await this.redis.createClient({ + host: REDIS_HOST, + port: REDIS_PORT, + }); + const getAsync = promisify(redisClient.get).bind(redisClient); + + let profile: any = await this.profileRepo.findOne({ + select: ["id"], + where: { keycloak: request.user.sub }, + }); + if (!profile) { + profile = await this.profileEmployeeRepo.findOne({ + select: ["id"], + where: { keycloak: request.user.sub }, + }); + if (!profile) { + throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลบุคคลนี้ในระบบ"); + } + } + + let reply = await getAsync("role_" + profile.id); + if (reply != null) { + reply = JSON.parse(reply); + } else { + let posMaster: any = await this.posMasterRepository.findOne({ + select: ["authRoleId"], + where: { + current_holderId: profile.id, + orgRevisionId: orgRevision?.id, + }, + }); + if (!posMaster) { + posMaster = await this.posMasterEmpRepository.findOne({ + select: ["authRoleId"], + where: { + current_holderId: profile.id, + orgRevisionId: orgRevision?.id, + }, + }); + if (!posMaster) { + throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลสิทธิ์"); + } + } + + const getDetail = await this.authRoleRepo.findOne({ + select: ["id", "roleName", "roleDescription"], + where: { id: posMaster.authRoleId }, + }); + if (!getDetail) { + throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); + } + + const roleAttrData = await this.authRoleAttrRepo.find({ + select: [ + "authSysId", + "parentNode", + "attrOwnership", + "attrIsCreate", + "attrIsList", + "attrIsGet", + "attrIsUpdate", + "attrIsDelete", + "attrPrivilege", + ], + where: { authRoleId: getDetail.id }, + }); + + reply = { + ...getDetail, + roles: roleAttrData, + }; + redisClient.setex("role_" + profile.id, 86400, JSON.stringify(reply)); + } + return reply; + } + + public async Permission(request: RequestWithUser, system: string, action: string) { + if ( + request.headers.hasOwnProperty("api_key") && + request.headers["api_key"] && + request.headers["api_key"] == process.env.API_KEY + ) { + return null; + } + let data: any = this.getPermissionFunc(request); + let permission = false; + let role = data.roles.find((x: any) => x.authSysId == system); + if (!role) throw "ไม่มีสิทธิ์เข้าระบบ"; + if (role.attrOwnership == "OWNER") return "OWNER"; + if (action.trim().toLocaleUpperCase() == "CREATE") permission = role.attrIsCreate; + if (action.trim().toLocaleUpperCase() == "DELETE") permission = role.attrIsDelete; + if (action.trim().toLocaleUpperCase() == "GET") permission = role.attrIsGet; + if (action.trim().toLocaleUpperCase() == "LIST") permission = role.attrIsList; + if (action.trim().toLocaleUpperCase() == "UPDATE") permission = role.attrIsUpdate; + if (permission == false) throw "ไม่มีสิทธิ์ใช้งานระบบนี้"; + return role.attrPrivilege; + } } diff --git a/src/interfaces/permission.ts b/src/interfaces/permission.ts index 16690180..2ea6b91d 100644 --- a/src/interfaces/permission.ts +++ b/src/interfaces/permission.ts @@ -45,20 +45,9 @@ class CheckAuth { return null; } return await new CallAPI() - .GetData(req, "/org/permission/org") + .GetData(req, `/org/permission/org/${action}/${system}`) .then(async (x) => { - let privilege = null; - if (action.trim().toLocaleUpperCase() == "CREATE") - privilege = await this.PermissionCreate(req, system); - if (action.trim().toLocaleUpperCase() == "DELETE") - privilege = await this.PermissionDelete(req, system); - if (action.trim().toLocaleUpperCase() == "GET") - privilege = await this.PermissionGet(req, system); - if (action.trim().toLocaleUpperCase() == "LIST") - privilege = await this.PermissionList(req, system); - if (action.trim().toLocaleUpperCase() == "UPDATE") - privilege = await this.PermissionUpdate(req, system); - + let privilege = x.privilege; let data: any = { root: [null], child1: [null],