From 9f5987d9682eccd88d3c2c7d119e511361e9d58d Mon Sep 17 00:00:00 2001 From: Bright Date: Thu, 8 Aug 2024 17:15:21 +0700 Subject: [PATCH] =?UTF-8?q?permission=20=E0=B8=97=E0=B8=B0=E0=B9=80?= =?UTF-8?q?=E0=B8=9A=E0=B8=B5=E0=B8=A2=E0=B8=99=E0=B8=9B=E0=B8=A3=E0=B8=B0?= =?UTF-8?q?=E0=B8=A7=E0=B8=B1=E0=B8=95=E0=B8=B4=E0=B8=82=E0=B8=A3=E0=B8=81?= =?UTF-8?q?.+=E0=B8=A5=E0=B8=B9=E0=B8=81=E0=B8=88=E0=B9=89=E0=B8=B2?= =?UTF-8?q?=E0=B8=87?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/controllers/ProfileAbilityController.ts | 7 +++++-- src/controllers/ProfileAbilityEmployeeController.ts | 7 +++++-- src/controllers/ProfileAddressController.ts | 3 ++- src/controllers/ProfileAddressEmployeeController.ts | 3 ++- src/controllers/ProfileAssessmentsController.ts | 8 +++++--- src/controllers/ProfileAssessmentsEmployeeController.ts | 8 +++++--- src/controllers/ProfileAvatarController.ts | 6 ++++-- src/controllers/ProfileAvatarEmployeeController.ts | 6 ++++-- src/controllers/ProfileCertificateController.ts | 7 +++++-- src/controllers/ProfileCertificateEmployeeController.ts | 7 +++++-- src/controllers/ProfileChangeNameController.ts | 7 +++++-- src/controllers/ProfileChangeNameEmployeeController.ts | 7 +++++-- src/controllers/ProfileChildrenController.ts | 6 +++++- src/controllers/ProfileChildrenEmployeeController.ts | 6 +++++- src/controllers/ProfileController.ts | 3 ++- src/controllers/ProfileDisciplineController.ts | 7 +++++-- src/controllers/ProfileDisciplineEmployeeController.ts | 7 +++++-- src/controllers/ProfileDutyController.ts | 7 +++++-- src/controllers/ProfileDutyEmployeeController.ts | 7 +++++-- src/controllers/ProfileEducationsController.ts | 7 +++++-- src/controllers/ProfileEducationsEmployeeController.ts | 9 +++++---- src/controllers/ProfileEmployeeController.ts | 7 +++++-- src/controllers/ProfileFamilyCoupleController.ts | 3 +++ src/controllers/ProfileFamilyCoupleEmployeeController.ts | 3 +++ src/controllers/ProfileFamilyFatherController.ts | 3 +++ src/controllers/ProfileFamilyFatherEmployeeController.ts | 3 +++ src/controllers/ProfileFamilyMotherController.ts | 3 +++ src/controllers/ProfileFamilyMotherEmployeeController.ts | 3 +++ src/controllers/ProfileGovernmentController.ts | 3 ++- src/controllers/ProfileGovernmentEmployeeController.ts | 3 ++- src/controllers/ProfileHonorController.ts | 7 +++++-- src/controllers/ProfileHonorEmployeeController.ts | 7 +++++-- src/controllers/ProfileInsigniaController.ts | 7 +++++-- src/controllers/ProfileInsigniaEmployeeController.ts | 7 +++++-- src/controllers/ProfileLeaveController.ts | 8 +++++--- src/controllers/ProfileLeaveEmployeeController.ts | 8 +++++--- src/controllers/ProfileNopaidController.ts | 7 +++++-- src/controllers/ProfileNopaidEmployeeController.ts | 7 +++++-- src/controllers/ProfileOtherController.ts | 7 +++++-- src/controllers/ProfileOtherEmployeeController.ts | 7 +++++-- src/controllers/ProfileSalaryController.ts | 7 +++++-- src/controllers/ProfileSalaryEmployeeController.ts | 7 +++++-- src/controllers/ProfileTrainingController.ts | 7 +++++-- src/controllers/ProfileTrainingEmployeeController.ts | 7 +++++-- 44 files changed, 191 insertions(+), 75 deletions(-) diff --git a/src/controllers/ProfileAbilityController.ts b/src/controllers/ProfileAbilityController.ts index 8bae21a6..5414f07f 100644 --- a/src/controllers/ProfileAbilityController.ts +++ b/src/controllers/ProfileAbilityController.ts @@ -24,7 +24,7 @@ import { RequestWithUser } from "../middlewares/user"; import HttpError from "../interfaces/http-error"; import HttpStatus from "../interfaces/http-status"; import HttpSuccess from "../interfaces/http-success"; - +import permission from "../interfaces/permission"; @Route("api/v1/org/profile/ability") @Tags("ProfileAbility") @Security("bearerAuth") @@ -133,6 +133,7 @@ export class ProfileAbilityController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileAbility, ) { + await new permission().PermissionCreate(req,"SYS_REGISTRY"); if (!body.profileId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } @@ -163,6 +164,7 @@ export class ProfileAbilityController extends Controller { @Request() req: RequestWithUser, @Path() abilityId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY"); const record = await this.profileAbilityRepo.findOneBy({ id: abilityId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -184,7 +186,8 @@ export class ProfileAbilityController extends Controller { } @Delete("{abilityId}") - public async deleteProfileAbility(@Path() abilityId: string) { + public async deleteProfileAbility(@Path() abilityId: string, @Request() req: RequestWithUser,) { + await new permission().PermissionDelete(req,"SYS_REGISTRY"); await this.profileAbilityHistoryRepo.delete({ profileAbilityId: abilityId, }); diff --git a/src/controllers/ProfileAbilityEmployeeController.ts b/src/controllers/ProfileAbilityEmployeeController.ts index 10e67463..d18927c5 100644 --- a/src/controllers/ProfileAbilityEmployeeController.ts +++ b/src/controllers/ProfileAbilityEmployeeController.ts @@ -26,7 +26,7 @@ import HttpError from "../interfaces/http-error"; import HttpStatus from "../interfaces/http-status"; import HttpSuccess from "../interfaces/http-success"; import { ProfileEmployee } from "../entities/ProfileEmployee"; - +import permission from "../interfaces/permission"; @Route("api/v1/org/profile-employee/ability") @Tags("ProfileAbilityEmployee") @Security("bearerAuth") @@ -136,6 +136,7 @@ export class ProfileAbilityEmployeeController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileAbilityEmployee, ) { + await new permission().PermissionCreate(req,"SYS_REGISTRY_EMP"); if (!body.profileEmployeeId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileEmployeeId"); } @@ -166,6 +167,7 @@ export class ProfileAbilityEmployeeController extends Controller { @Request() req: RequestWithUser, @Path() abilityId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY_EMP"); const record = await this.profileAbilityRepo.findOneBy({ id: abilityId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -187,7 +189,8 @@ export class ProfileAbilityEmployeeController extends Controller { } @Delete("{abilityId}") - public async deleteProfileAbility(@Path() abilityId: string) { + public async deleteProfileAbility(@Path() abilityId: string, @Request() req: RequestWithUser) { + await new permission().PermissionDelete(req,"SYS_REGISTRY_EMP"); await this.profileAbilityHistoryRepo.delete({ profileAbilityId: abilityId, }); diff --git a/src/controllers/ProfileAddressController.ts b/src/controllers/ProfileAddressController.ts index 156a6160..be87a538 100644 --- a/src/controllers/ProfileAddressController.ts +++ b/src/controllers/ProfileAddressController.ts @@ -26,7 +26,7 @@ import { AppDataSource } from "../database/data-source"; import { Province } from "../entities/Province"; import { District } from "../entities/District"; import { SubDistrict } from "../entities/SubDistrict"; - +import permission from "../interfaces/permission"; @Route("api/v1/org/profile/address") @Tags("ProfileAddress") @Security("bearerAuth") @@ -182,6 +182,7 @@ export class ProfileAddressController extends Controller { @Request() req: RequestWithUser, @Path() profileId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY"); const record = await this.profileRepo.findOneBy({ id: profileId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); diff --git a/src/controllers/ProfileAddressEmployeeController.ts b/src/controllers/ProfileAddressEmployeeController.ts index 3ec8a3d9..04ede998 100644 --- a/src/controllers/ProfileAddressEmployeeController.ts +++ b/src/controllers/ProfileAddressEmployeeController.ts @@ -27,7 +27,7 @@ import { Province } from "../entities/Province"; import { District } from "../entities/District"; import { SubDistrict } from "../entities/SubDistrict"; import { ProfileEmployee, UpdateProfileAddressEmployee } from "../entities/ProfileEmployee"; - +import permission from "../interfaces/permission"; @Route("api/v1/org/profile-employee/address") @Tags("ProfileAddressEmployee") @Security("bearerAuth") @@ -183,6 +183,7 @@ export class ProfileAddressEmployeeController extends Controller { @Request() req: RequestWithUser, @Path() profileId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY_EMP"); const record = await this.profileEmployeeRepo.findOneBy({ id: profileId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); diff --git a/src/controllers/ProfileAssessmentsController.ts b/src/controllers/ProfileAssessmentsController.ts index dfbecd3c..6accbfe4 100644 --- a/src/controllers/ProfileAssessmentsController.ts +++ b/src/controllers/ProfileAssessmentsController.ts @@ -19,7 +19,6 @@ import { import HttpError from "../interfaces/http-error"; import HttpStatus from "../interfaces/http-status"; import HttpSuccess from "../interfaces/http-success"; - import { AppDataSource } from "../database/data-source"; import { CreateProfileAssessment, @@ -29,7 +28,7 @@ import { import { ProfileAssessmentHistory } from "../entities/ProfileAssessmentHistory"; import { Profile } from "../entities/Profile"; import { RequestWithUser } from "../middlewares/user"; - +import permission from "../interfaces/permission"; @Route("api/v1/org/profile/assessments") @Tags("ProfileAssessments") @Security("bearerAuth") @@ -147,6 +146,7 @@ export class ProfileAssessmentsController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileAssessment, ) { + await new permission().PermissionCreate(req,"SYS_REGISTRY"); if (!body.profileId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } @@ -176,6 +176,7 @@ export class ProfileAssessmentsController extends Controller { @Request() req: RequestWithUser, @Path() assessmentId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY"); const record = await this.profileAssessmentsRepository.findOneBy({ id: assessmentId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -196,7 +197,8 @@ export class ProfileAssessmentsController extends Controller { } @Delete("{assessmentId}") - public async deleteProfileAssessment(@Path() assessmentId: string) { + public async deleteProfileAssessment(@Path() assessmentId: string, @Request() req: RequestWithUser) { + await new permission().PermissionDelete(req,"SYS_REGISTRY"); await this.profileAssessmentsHistoryRepository.delete({ profileAssessmentId: assessmentId, }); diff --git a/src/controllers/ProfileAssessmentsEmployeeController.ts b/src/controllers/ProfileAssessmentsEmployeeController.ts index 7813e928..3329c6c4 100644 --- a/src/controllers/ProfileAssessmentsEmployeeController.ts +++ b/src/controllers/ProfileAssessmentsEmployeeController.ts @@ -19,7 +19,6 @@ import { import HttpError from "../interfaces/http-error"; import HttpStatus from "../interfaces/http-status"; import HttpSuccess from "../interfaces/http-success"; - import { AppDataSource } from "../database/data-source"; import { CreateProfileEmployeeAssessment, @@ -29,7 +28,7 @@ import { import { ProfileAssessmentHistory } from "../entities/ProfileAssessmentHistory"; import { ProfileEmployee } from "../entities/ProfileEmployee"; import { RequestWithUser } from "../middlewares/user"; - +import permission from "../interfaces/permission"; @Route("api/v1/org/profile-employee/assessments") @Tags("ProfileEmployeeAssessments") @Security("bearerAuth") @@ -149,6 +148,7 @@ export class ProfileAssessmentsEmployeeController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileEmployeeAssessment, ) { + await new permission().PermissionCreate(req,"SYS_REGISTRY_EMP"); if (!body.profileEmployeeId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileEmployeeId"); } @@ -178,6 +178,7 @@ export class ProfileAssessmentsEmployeeController extends Controller { @Request() req: RequestWithUser, @Path() assessmentId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY_EMP"); const record = await this.profileAssessmentsRepository.findOneBy({ id: assessmentId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -198,7 +199,8 @@ export class ProfileAssessmentsEmployeeController extends Controller { } @Delete("{assessmentId}") - public async deleteProfileAssessment(@Path() assessmentId: string) { + public async deleteProfileAssessment(@Path() assessmentId: string, @Request() req: RequestWithUser) { + await new permission().PermissionDelete(req,"SYS_REGISTRY_EMP"); await this.profileAssessmentsHistoryRepository.delete({ profileAssessmentId: assessmentId, }); diff --git a/src/controllers/ProfileAvatarController.ts b/src/controllers/ProfileAvatarController.ts index 0c194ed8..9b176354 100644 --- a/src/controllers/ProfileAvatarController.ts +++ b/src/controllers/ProfileAvatarController.ts @@ -6,7 +6,7 @@ import HttpError from "../interfaces/http-error"; import { RequestWithUser } from "../middlewares/user"; import { Profile } from "../entities/Profile"; import { CreateProfileAvatar, ProfileAvatar } from "../entities/ProfileAvatar"; - +import permission from "../interfaces/permission"; @Route("api/v1/org/profile/avatar") @Tags("ProfileAvatar") @Security("bearerAuth") @@ -63,6 +63,7 @@ export class ProfileAvatarController extends Controller { @Post() public async newAvatar(@Request() req: RequestWithUser, @Body() body: CreateProfileAvatar) { + await new permission().PermissionCreate(req,"SYS_REGISTRY"); const profile = await this.profileRepository.findOne({ where: { id: body.profileId }, }); @@ -113,7 +114,8 @@ export class ProfileAvatarController extends Controller { } @Delete("{avatarId}") - public async deleteAvatar(@Path() avatarId: string) { + public async deleteAvatar(@Path() avatarId: string, @Request() req: RequestWithUser) { + await new permission().PermissionDelete(req,"SYS_REGISTRY"); const result = await this.avatarRepository.delete({ id: avatarId }); if (result.affected == undefined || result.affected <= 0) { diff --git a/src/controllers/ProfileAvatarEmployeeController.ts b/src/controllers/ProfileAvatarEmployeeController.ts index 362902bc..a13a212a 100644 --- a/src/controllers/ProfileAvatarEmployeeController.ts +++ b/src/controllers/ProfileAvatarEmployeeController.ts @@ -6,7 +6,7 @@ import HttpError from "../interfaces/http-error"; import { RequestWithUser } from "../middlewares/user"; import { CreateProfileEmployeeAvatar, ProfileAvatar } from "../entities/ProfileAvatar"; import { ProfileEmployee } from "../entities/ProfileEmployee"; - +import permission from "../interfaces/permission"; @Route("api/v1/org/profile-employee/avatar") @Tags("ProfileAvatar") @Security("bearerAuth") @@ -54,6 +54,7 @@ export class ProfileAvatarEmployeeController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileEmployeeAvatar, ) { + await new permission().PermissionCreate(req,"SYS_REGISTRY_EMP"); const profile = await this.profileRepository.findOne({ where: { id: body.profileEmployeeId }, }); @@ -104,7 +105,8 @@ export class ProfileAvatarEmployeeController extends Controller { } @Delete("{avatarId}") - public async deleteAvatarEmployee(@Path() avatarId: string) { + public async deleteAvatarEmployee(@Path() avatarId: string, @Request() req: RequestWithUser) { + await new permission().PermissionDelete(req,"SYS_REGISTRY_EMP"); const result = await this.avatarRepository.delete({ id: avatarId }); if (result.affected == undefined || result.affected <= 0) { diff --git a/src/controllers/ProfileCertificateController.ts b/src/controllers/ProfileCertificateController.ts index b8abf0bb..aece1c2a 100644 --- a/src/controllers/ProfileCertificateController.ts +++ b/src/controllers/ProfileCertificateController.ts @@ -24,7 +24,7 @@ import HttpError from "../interfaces/http-error"; import { ProfileCertificateHistory } from "../entities/ProfileCertificateHistory"; import { RequestWithUser } from "../middlewares/user"; import { Profile } from "../entities/Profile"; - +import permission from "../interfaces/permission"; @Route("api/v1/org/profile/certificate") @Tags("ProfileCertificate") @Security("bearerAuth") @@ -122,6 +122,7 @@ export class ProfileCertificateController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileCertificate, ) { + await new permission().PermissionCreate(req,"SYS_REGISTRY"); if (!body.profileId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } @@ -154,6 +155,7 @@ export class ProfileCertificateController extends Controller { @Body() body: UpdateProfileCertificate, @Path() certificateId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY"); const record = await this.certificateRepo.findOneBy({ id: certificateId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -175,7 +177,8 @@ export class ProfileCertificateController extends Controller { } @Delete("{certificateId}") - public async deleteCertificate(@Path() certificateId: string) { + public async deleteCertificate(@Path() certificateId: string, @Request() req: RequestWithUser) { + await new permission().PermissionDelete(req,"SYS_REGISTRY"); await this.certificateHistoryRepo.delete({ profileCertificateId: certificateId, }); diff --git a/src/controllers/ProfileCertificateEmployeeController.ts b/src/controllers/ProfileCertificateEmployeeController.ts index 5fbcfc55..2a4fb61a 100644 --- a/src/controllers/ProfileCertificateEmployeeController.ts +++ b/src/controllers/ProfileCertificateEmployeeController.ts @@ -24,7 +24,7 @@ import HttpError from "../interfaces/http-error"; import { ProfileCertificateHistory } from "../entities/ProfileCertificateHistory"; import { RequestWithUser } from "../middlewares/user"; import { ProfileEmployee } from "../entities/ProfileEmployee"; - +import permission from "../interfaces/permission"; @Route("api/v1/org/profile-employee/certificate") @Tags("ProfileEmployeeCertificate") @Security("bearerAuth") @@ -121,6 +121,7 @@ export class ProfileCertificateEmployeeController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileEmployeeCertificate, ) { + await new permission().PermissionCreate(req,"SYS_REGISTRY_EMP"); if (!body.profileEmployeeId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileEmployeeId"); } @@ -153,6 +154,7 @@ export class ProfileCertificateEmployeeController extends Controller { @Body() body: UpdateProfileCertificate, @Path() certificateId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY_EMP"); const record = await this.certificateRepo.findOneBy({ id: certificateId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -174,7 +176,8 @@ export class ProfileCertificateEmployeeController extends Controller { } @Delete("{certificateId}") - public async deleteCertificate(@Path() certificateId: string) { + public async deleteCertificate(@Path() certificateId: string, @Request() req: RequestWithUser) { + await new permission().PermissionDelete(req,"SYS_REGISTRY_EMP"); await this.certificateHistoryRepo.delete({ profileCertificateId: certificateId, }); diff --git a/src/controllers/ProfileChangeNameController.ts b/src/controllers/ProfileChangeNameController.ts index f4238fe1..372588fb 100644 --- a/src/controllers/ProfileChangeNameController.ts +++ b/src/controllers/ProfileChangeNameController.ts @@ -26,7 +26,7 @@ import { } from "../entities/ProfileChangeName"; import CallAPI from "../interfaces/call-api"; import { updateName } from "../keycloak"; - +import permission from "../interfaces/permission"; @Route("api/v1/org/profile/changeName") @Tags("ProfileChangeName") @Security("bearerAuth") @@ -119,6 +119,7 @@ export class ProfileChangeNameController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileChangeName, ) { + await new permission().PermissionCreate(req,"SYS_REGISTRY"); if (!body.profileId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } @@ -164,6 +165,7 @@ export class ProfileChangeNameController extends Controller { @Body() body: UpdateProfileChangeName, @Path() changeNameId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY"); const record = await this.changeNameRepository.findOneBy({ id: changeNameId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -212,7 +214,8 @@ export class ProfileChangeNameController extends Controller { } @Delete("{changeNameId}") - public async deleteTraning(@Path() changeNameId: string) { + public async deleteTraning(@Path() changeNameId: string, @Request() req: RequestWithUser,) { + await new permission().PermissionDelete(req,"SYS_REGISTRY"); await this.changeNameHistoryRepository.delete({ profileChangeNameId: changeNameId, }); diff --git a/src/controllers/ProfileChangeNameEmployeeController.ts b/src/controllers/ProfileChangeNameEmployeeController.ts index 5d653f59..5106cab5 100644 --- a/src/controllers/ProfileChangeNameEmployeeController.ts +++ b/src/controllers/ProfileChangeNameEmployeeController.ts @@ -26,7 +26,7 @@ import { UpdateProfileChangeName, } from "../entities/ProfileChangeName"; import { ProfileEmployee } from "../entities/ProfileEmployee"; - +import permission from "../interfaces/permission"; @Route("api/v1/org/profile-employee/changeName") @Tags("ProfileChangeNameEmployee") @Security("bearerAuth") @@ -119,6 +119,7 @@ export class ProfileChangeNameEmployeeController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileChangeNameEmployee, ) { + await new permission().PermissionCreate(req,"SYS_REGISTRY_EMP"); if (!body.profileEmployeeId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileEmployeeId"); } @@ -156,6 +157,7 @@ export class ProfileChangeNameEmployeeController extends Controller { @Body() body: UpdateProfileChangeName, @Path() changeNameId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY_EMP"); const record = await this.changeNameRepository.findOneBy({ id: changeNameId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -196,7 +198,8 @@ export class ProfileChangeNameEmployeeController extends Controller { } @Delete("{changeNameId}") - public async deleteTraning(@Path() changeNameId: string) { + public async deleteTraning(@Path() changeNameId: string, @Request() req: RequestWithUser) { + await new permission().PermissionDelete(req,"SYS_REGISTRY_EMP"); await this.changeNameHistoryRepository.delete({ profileChangeNameId: changeNameId, }); diff --git a/src/controllers/ProfileChildrenController.ts b/src/controllers/ProfileChildrenController.ts index f2b4f202..70021fca 100644 --- a/src/controllers/ProfileChildrenController.ts +++ b/src/controllers/ProfileChildrenController.ts @@ -25,6 +25,7 @@ import { UpdateProfileChildren, } from "../entities/ProfileChildren"; import Extension from "../interfaces/extension"; +import permission from "../interfaces/permission"; @Route("api/v1/org/profile/family/children") @Tags("ProfileChildren") @Security("bearerAuth") @@ -64,6 +65,7 @@ export class ProfileChildrenController extends Controller { @Post() public async newChildren(@Request() req: RequestWithUser, @Body() body: CreateProfileChildren) { + await new permission().PermissionCreate(req,"SYS_REGISTRY"); const profile = await this.profileRepository.findOneBy({ id: body.profileId }); if (!profile) { @@ -106,6 +108,7 @@ export class ProfileChildrenController extends Controller { @Body() body: UpdateProfileChildren, @Path() childrenId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY"); const record = await this.childrenRepository.findOneBy({ id: childrenId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -132,7 +135,8 @@ export class ProfileChildrenController extends Controller { } @Delete("{childrenId}") - public async deleteTraning(@Path() childrenId: string) { + public async deleteTraning(@Path() childrenId: string, @Request() req: RequestWithUser,) { + await new permission().PermissionDelete(req,"SYS_REGISTRY"); await this.childrenHistoryRepository.delete({ profileChildrenId: childrenId, }); diff --git a/src/controllers/ProfileChildrenEmployeeController.ts b/src/controllers/ProfileChildrenEmployeeController.ts index a515c896..24b08d68 100644 --- a/src/controllers/ProfileChildrenEmployeeController.ts +++ b/src/controllers/ProfileChildrenEmployeeController.ts @@ -27,6 +27,7 @@ import { } from "../entities/ProfileChildren"; import { ProfileEmployee } from "../entities/ProfileEmployee"; import Extension from "../interfaces/extension"; +import permission from "../interfaces/permission"; @Route("api/v1/org/profile-employee/family/children") @Tags("ProfileChildren") @Security("bearerAuth") @@ -69,6 +70,7 @@ export class ProfileChildrenEmployeeController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileChildrenEmployee, ) { + await new permission().PermissionCreate(req,"SYS_REGISTRY_EMP"); const profile = await this.profileRepository.findOneBy({ id: body.profileEmployeeId }); if (!profile) { @@ -113,6 +115,7 @@ export class ProfileChildrenEmployeeController extends Controller { @Body() body: UpdateProfileChildren, @Path() childrenId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY_EMP"); const record = await this.childrenRepository.findOneBy({ id: childrenId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -141,7 +144,8 @@ export class ProfileChildrenEmployeeController extends Controller { } @Delete("{childrenId}") - public async deleteTraning(@Path() childrenId: string) { + public async deleteTraning(@Path() childrenId: string, @Request() req: RequestWithUser) { + await new permission().PermissionDelete(req,"SYS_REGISTRY_EMP"); await this.childrenHistoryRepository.delete({ profileChildrenId: childrenId, }); diff --git a/src/controllers/ProfileController.ts b/src/controllers/ProfileController.ts index bec9eb16..6f05547e 100644 --- a/src/controllers/ProfileController.ts +++ b/src/controllers/ProfileController.ts @@ -59,7 +59,7 @@ import { ProfileInsignia } from "../entities/ProfileInsignia"; import { ProfileDisciplineHistory } from "../entities/ProfileDisciplineHistory"; import { ProfileLeave } from "../entities/ProfileLeave"; import { updateName } from "../keycloak"; - +import permission from "../interfaces/permission"; @Route("api/v1/org/profile") @Tags("Profile") @Security("bearerAuth") @@ -2250,6 +2250,7 @@ export class ProfileController extends Controller { @Path() id: string, @Body() body: UpdateProfile, ) { + await new permission().PermissionUpdate(request,"SYS_REGISTRY"); const exists = !!body.citizenId && (await this.profileRepo.findOne({ diff --git a/src/controllers/ProfileDisciplineController.ts b/src/controllers/ProfileDisciplineController.ts index 8a7780d7..ced55b63 100644 --- a/src/controllers/ProfileDisciplineController.ts +++ b/src/controllers/ProfileDisciplineController.ts @@ -24,7 +24,7 @@ import { ProfileDiscipline, UpdateProfileDiscipline, } from "../entities/ProfileDiscipline"; - +import permission from "../interfaces/permission"; @Route("api/v1/org/profile/discipline") @Tags("ProfileDiscipline") @Security("bearerAuth") @@ -124,6 +124,7 @@ export class ProfileDisciplineController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileDiscipline, ) { + await new permission().PermissionCreate(req,"SYS_REGISTRY"); if (!body.profileId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } @@ -156,6 +157,7 @@ export class ProfileDisciplineController extends Controller { @Body() body: UpdateProfileDiscipline, @Path() disciplineId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY"); const record = await this.disciplineRepository.findOneBy({ id: disciplineId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -177,7 +179,8 @@ export class ProfileDisciplineController extends Controller { } @Delete("{disciplineId}") - public async deleteDiscipline(@Path() disciplineId: string) { + public async deleteDiscipline(@Path() disciplineId: string, @Request() req: RequestWithUser) { + await new permission().PermissionDelete(req,"SYS_REGISTRY"); await this.disciplineHistoryRepository.delete({ profileDisciplineId: disciplineId, }); diff --git a/src/controllers/ProfileDisciplineEmployeeController.ts b/src/controllers/ProfileDisciplineEmployeeController.ts index 4819c9f3..daff6982 100644 --- a/src/controllers/ProfileDisciplineEmployeeController.ts +++ b/src/controllers/ProfileDisciplineEmployeeController.ts @@ -24,7 +24,7 @@ import { UpdateProfileDiscipline, } from "../entities/ProfileDiscipline"; import { ProfileEmployee } from "../entities/ProfileEmployee"; - +import permission from "../interfaces/permission"; @Route("api/v1/org/profile-employee/discipline") @Tags("ProfileDisciplineEmployee") @Security("bearerAuth") @@ -115,6 +115,7 @@ export class ProfileDisciplineEmployeeController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileEmployeeDiscipline, ) { + await new permission().PermissionCreate(req,"SYS_REGISTRY_EMP"); if (!body.profileEmployeeId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } @@ -147,6 +148,7 @@ export class ProfileDisciplineEmployeeController extends Controller { @Body() body: UpdateProfileDiscipline, @Path() disciplineId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY_EMP"); const record = await this.disciplineRepository.findOneBy({ id: disciplineId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -168,7 +170,8 @@ export class ProfileDisciplineEmployeeController extends Controller { } @Delete("{disciplineId}") - public async deleteDiscipline(@Path() disciplineId: string) { + public async deleteDiscipline(@Path() disciplineId: string, @Request() req: RequestWithUser) { + await new permission().PermissionDelete(req,"SYS_REGISTRY_EMP"); await this.disciplineHistoryRepository.delete({ profileDisciplineId: disciplineId, }); diff --git a/src/controllers/ProfileDutyController.ts b/src/controllers/ProfileDutyController.ts index dc70e062..31c17037 100644 --- a/src/controllers/ProfileDutyController.ts +++ b/src/controllers/ProfileDutyController.ts @@ -20,7 +20,7 @@ import { ProfileDutyHistory } from "../entities/ProfileDutyHistory"; import { RequestWithUser } from "../middlewares/user"; import { Profile } from "../entities/Profile"; import { CreateProfileDuty, ProfileDuty, UpdateProfileDuty } from "../entities/ProfileDuty"; - +import permission from "../interfaces/permission"; @Route("api/v1/org/profile/duty") @Tags("ProfileDuty") @Security("bearerAuth") @@ -128,6 +128,7 @@ export class ProfileDutyController extends Controller { @Post() public async newDuty(@Request() req: RequestWithUser, @Body() body: CreateProfileDuty) { + await new permission().PermissionCreate(req,"SYS_REGISTRY"); if (!body.profileId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } @@ -160,6 +161,7 @@ export class ProfileDutyController extends Controller { @Body() body: UpdateProfileDuty, @Path() dutyId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY"); const record = await this.dutyRepository.findOneBy({ id: dutyId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -178,7 +180,8 @@ export class ProfileDutyController extends Controller { } @Delete("{dutyId}") - public async deleteDuty(@Path() dutyId: string) { + public async deleteDuty(@Path() dutyId: string, @Request() req: RequestWithUser) { + await new permission().PermissionDelete(req,"SYS_REGISTRY"); await this.dutyHistoryRepository.delete({ profileDutyId: dutyId, }); diff --git a/src/controllers/ProfileDutyEmployeeController.ts b/src/controllers/ProfileDutyEmployeeController.ts index 8d039092..8e6b6a6b 100644 --- a/src/controllers/ProfileDutyEmployeeController.ts +++ b/src/controllers/ProfileDutyEmployeeController.ts @@ -20,7 +20,7 @@ import { ProfileDutyHistory } from "../entities/ProfileDutyHistory"; import { RequestWithUser } from "../middlewares/user"; import { ProfileEmployee } from "../entities/ProfileEmployee"; import { CreateProfileEmployeeDuty, ProfileDuty, UpdateProfileDuty } from "../entities/ProfileDuty"; - +import permission from "../interfaces/permission"; @Route("api/v1/org/profile-employee/duty") @Tags("ProfileEmployeeDuty") @Security("bearerAuth") @@ -89,6 +89,7 @@ export class ProfileDutyEmployeeController extends Controller { @Post() public async newDuty(@Request() req: RequestWithUser, @Body() body: CreateProfileEmployeeDuty) { + await new permission().PermissionCreate(req,"SYS_REGISTRY_EMP"); if (!body.profileEmployeeId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } @@ -121,6 +122,7 @@ export class ProfileDutyEmployeeController extends Controller { @Body() body: UpdateProfileDuty, @Path() dutyId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY_EMP"); const record = await this.dutyRepository.findOneBy({ id: dutyId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -139,7 +141,8 @@ export class ProfileDutyEmployeeController extends Controller { } @Delete("{dutyId}") - public async deleteDuty(@Path() dutyId: string) { + public async deleteDuty(@Path() dutyId: string, @Request() req: RequestWithUser) { + await new permission().PermissionDelete(req,"SYS_REGISTRY_EMP"); await this.dutyHistoryRepository.delete({ profileDutyId: dutyId, }); diff --git a/src/controllers/ProfileEducationsController.ts b/src/controllers/ProfileEducationsController.ts index 4a0f1332..5ae7821a 100644 --- a/src/controllers/ProfileEducationsController.ts +++ b/src/controllers/ProfileEducationsController.ts @@ -30,7 +30,7 @@ import { RequestWithUser } from "../middlewares/user"; import { Profile } from "../entities/Profile"; import { ProfileEducationHistory } from "../entities/ProfileEducationHistory"; import { AppDataSource } from "../database/data-source"; - +import permission from "../interfaces/permission"; @Route("api/v1/org/profile/educations") @Tags("ProfileEducations") @Security("bearerAuth") @@ -181,6 +181,7 @@ export class ProfileEducationsController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileEducation, ) { + await new permission().PermissionCreate(req,"SYS_REGISTRY"); if (!body.profileId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } @@ -211,6 +212,7 @@ export class ProfileEducationsController extends Controller { @Request() req: RequestWithUser, @Path() educationId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY"); const record = await this.profileEducationRepo.findOneBy({ id: educationId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -232,7 +234,8 @@ export class ProfileEducationsController extends Controller { } @Delete("{educationId}") - public async deleteProfileEducation(@Path() educationId: string) { + public async deleteProfileEducation(@Path() educationId: string, @Request() req: RequestWithUser) { + await new permission().PermissionDelete(req,"SYS_REGISTRY"); await this.profileEducationHistoryRepo.delete({ profileEducationId: educationId, }); diff --git a/src/controllers/ProfileEducationsEmployeeController.ts b/src/controllers/ProfileEducationsEmployeeController.ts index eececfbf..f2e42933 100644 --- a/src/controllers/ProfileEducationsEmployeeController.ts +++ b/src/controllers/ProfileEducationsEmployeeController.ts @@ -16,11 +16,9 @@ import { Patch, Example, } from "tsoa"; - import HttpSuccess from "../interfaces/http-success"; import HttpError from "../interfaces/http-error"; import HttpStatus from "../interfaces/http-status"; - import { ProfileEducation, CreateProfileEducation, @@ -32,7 +30,7 @@ import { Profile } from "../entities/Profile"; import { ProfileEducationHistory } from "../entities/ProfileEducationHistory"; import { AppDataSource } from "../database/data-source"; import { ProfileEmployee } from "../entities/ProfileEmployee"; - +import permission from "../interfaces/permission"; @Route("api/v1/org/profile-employee/educations") @Tags("ProfileEducationsEmployee") @Security("bearerAuth") @@ -185,6 +183,7 @@ export class ProfileEducationsEmployeeController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileEducationEmployee, ) { + await new permission().PermissionCreate(req,"SYS_REGISTRY_EMP"); if (!body.profileEmployeeId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileEmployeeId"); } @@ -215,6 +214,7 @@ export class ProfileEducationsEmployeeController extends Controller { @Request() req: RequestWithUser, @Path() educationId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY_EMP"); const record = await this.profileEducationRepo.findOneBy({ id: educationId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -236,7 +236,8 @@ export class ProfileEducationsEmployeeController extends Controller { } @Delete("{educationId}") - public async deleteProfileEducation(@Path() educationId: string) { + public async deleteProfileEducation(@Path() educationId: string, @Request() req: RequestWithUser) { + await new permission().PermissionDelete(req,"SYS_REGISTRY_EMP"); await this.profileEducationHistoryRepo.delete({ profileEducationId: educationId, }); diff --git a/src/controllers/ProfileEmployeeController.ts b/src/controllers/ProfileEmployeeController.ts index dc377607..87214166 100644 --- a/src/controllers/ProfileEmployeeController.ts +++ b/src/controllers/ProfileEmployeeController.ts @@ -65,7 +65,7 @@ import CallAPI from "../interfaces/call-api"; import { EmployeePosition } from "../entities/EmployeePosition"; import { ProfileInsignia } from "../entities/ProfileInsignia"; import { ProfileLeave } from "../entities/ProfileLeave"; - +import permission from "../interfaces/permission"; @Route("api/v1/org/profile-employee") @Tags("ProfileEmployee") @Security("bearerAuth") @@ -576,6 +576,7 @@ export class ProfileEmployeeController extends Controller { */ @Post() async createProfile(@Body() body: CreateProfileEmployee, @Request() request: RequestWithUser) { + await new permission().PermissionCreate(request,"SYS_REGISTRY_EMP"); if (await this.profileRepo.findOneBy({ citizenId: body.citizenId })) { throw new HttpError( HttpStatus.INTERNAL_SERVER_ERROR, @@ -628,6 +629,7 @@ export class ProfileEmployeeController extends Controller { @Path() id: string, @Body() body: UpdateProfileEmployee, ) { + await new permission().PermissionUpdate(request,"SYS_REGISTRY_EMP"); const exists = !!body.citizenId && (await this.profileRepo.findOne({ @@ -690,7 +692,8 @@ export class ProfileEmployeeController extends Controller { * @param {string} id Id ทะเบียนประวัติ */ @Delete("{id}") - async deleteProfile(@Path() id: string) { + async deleteProfile(@Path() id: string, @Request() request: RequestWithUser,) { + await new permission().PermissionDelete(request,"SYS_REGISTRY_EMP"); const result = await this.profileRepo.findOne({ where: { id: id } }); if (!result) { throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); diff --git a/src/controllers/ProfileFamilyCoupleController.ts b/src/controllers/ProfileFamilyCoupleController.ts index 8d3cda07..a5243916 100644 --- a/src/controllers/ProfileFamilyCoupleController.ts +++ b/src/controllers/ProfileFamilyCoupleController.ts @@ -25,6 +25,7 @@ import { } from "../entities/ProfileFamilyCouple"; import { ProfileFamilyCoupleHistory } from "../entities/ProfileFamilyCoupleHistory"; import Extension from "../interfaces/extension"; +import permission from "../interfaces/permission"; @Route("api/v1/org/profile/family/couple") @Tags("ProfileFamilyCouple") @Security("bearerAuth") @@ -219,6 +220,7 @@ export class ProfileFamilyCoupleController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileFamilyCouple, ) { + await new permission().PermissionCreate(req,"SYS_REGISTRY"); const familyCouple = Object.assign(new ProfileFamilyCouple(), body); if (!familyCouple) { throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -265,6 +267,7 @@ export class ProfileFamilyCoupleController extends Controller { @Body() body: UpdateProfileFamilyCouple, @Path() profileId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY"); const familyCouple = await this.ProfileFamilyCouple.findOneBy({ profileId: profileId }); if (!familyCouple) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); diff --git a/src/controllers/ProfileFamilyCoupleEmployeeController.ts b/src/controllers/ProfileFamilyCoupleEmployeeController.ts index 61c46dc6..66e3645d 100644 --- a/src/controllers/ProfileFamilyCoupleEmployeeController.ts +++ b/src/controllers/ProfileFamilyCoupleEmployeeController.ts @@ -21,6 +21,7 @@ import { ProfileEmployee } from "../entities/ProfileEmployee"; import { ProfileFamilyCouple, CreateProfileEmployeeFamilyCouple, UpdateProfileFamilyCouple } from "../entities/ProfileFamilyCouple"; import { ProfileFamilyCoupleHistory } from "../entities/ProfileFamilyCoupleHistory"; import Extension from "../interfaces/extension"; +import permission from "../interfaces/permission"; @Route("api/v1/org/profile-employee/family/couple") @Tags("ProfileEmployeeFamilyCouple") @Security("bearerAuth") @@ -215,6 +216,7 @@ export class ProfileFamilyCoupleEmployeeController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileEmployeeFamilyCouple, ) { + await new permission().PermissionCreate(req,"SYS_REGISTRY_EMP"); const familyCouple = Object.assign(new ProfileFamilyCouple(), body); if (!familyCouple) { throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -261,6 +263,7 @@ export class ProfileFamilyCoupleEmployeeController extends Controller { @Body() body: UpdateProfileFamilyCouple, @Path() profileEmployeeId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY_EMP"); const familyCouple = await this.ProfileFamilyCouple.findOneBy({ profileEmployeeId: profileEmployeeId, }); diff --git a/src/controllers/ProfileFamilyFatherController.ts b/src/controllers/ProfileFamilyFatherController.ts index 56171677..a0860261 100644 --- a/src/controllers/ProfileFamilyFatherController.ts +++ b/src/controllers/ProfileFamilyFatherController.ts @@ -25,6 +25,7 @@ import { } from "../entities/ProfileFamilyFather"; import { ProfileFamilyFatherHistory } from "../entities/ProfileFamilyFatherHistory"; import Extension from "../interfaces/extension"; +import permission from "../interfaces/permission"; @Route("api/v1/org/profile/family/father") @Tags("ProfileFamilyFather") @Security("bearerAuth") @@ -205,6 +206,7 @@ export class ProfileFamilyFatherController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileFamilyFather, ) { + await new permission().PermissionCreate(req,"SYS_REGISTRY"); const familyFather = Object.assign(new ProfileFamilyFather(), body); if (!familyFather) { throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -245,6 +247,7 @@ export class ProfileFamilyFatherController extends Controller { @Body() body: UpdateProfileFamilyFather, @Path() profileId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY"); const familyFather = await this.ProfileFamilyFather.findOneBy({ profileId: profileId }); if (!familyFather) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); diff --git a/src/controllers/ProfileFamilyFatherEmployeeController.ts b/src/controllers/ProfileFamilyFatherEmployeeController.ts index 9135c51d..05f35848 100644 --- a/src/controllers/ProfileFamilyFatherEmployeeController.ts +++ b/src/controllers/ProfileFamilyFatherEmployeeController.ts @@ -25,6 +25,7 @@ import { } from "../entities/ProfileFamilyFather"; import { ProfileFamilyFatherHistory } from "../entities/ProfileFamilyFatherHistory"; import Extension from "../interfaces/extension"; +import permission from "../interfaces/permission"; @Route("api/v1/org/profile-employee/family/father") @Tags("ProfileEmployeeFamilyFather") @Security("bearerAuth") @@ -205,6 +206,7 @@ export class ProfileFamilyFatherEmployeeController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileEmployeeFamilyFather, ) { + await new permission().PermissionCreate(req,"SYS_REGISTRY_EMP"); const familyFather = Object.assign(new ProfileFamilyFather(), body); if (!familyFather) { throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -245,6 +247,7 @@ export class ProfileFamilyFatherEmployeeController extends Controller { @Body() body: UpdateProfileFamilyFather, @Path() profileEmployeeId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY_EMP"); const familyFather = await this.ProfileFamilyFather.findOneBy({ profileEmployeeId: profileEmployeeId, }); diff --git a/src/controllers/ProfileFamilyMotherController.ts b/src/controllers/ProfileFamilyMotherController.ts index 55acab88..798c60ef 100644 --- a/src/controllers/ProfileFamilyMotherController.ts +++ b/src/controllers/ProfileFamilyMotherController.ts @@ -25,6 +25,7 @@ import { } from "../entities/ProfileFamilyMother"; import { ProfileFamilyMotherHistory } from "../entities/ProfileFamilyMotherHistory"; import Extension from "../interfaces/extension"; +import permission from "../interfaces/permission"; @Route("api/v1/org/profile/family/mother") @Tags("ProfileFamilyMother") @Security("bearerAuth") @@ -205,6 +206,7 @@ export class ProfileFamilyMotherController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileFamilyMother, ) { + await new permission().PermissionCreate(req,"SYS_REGISTRY"); const familyMother = Object.assign(new ProfileFamilyMother(), body); if (!familyMother) { throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -245,6 +247,7 @@ export class ProfileFamilyMotherController extends Controller { @Body() body: UpdateProfileFamilyMother, @Path() profileId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY"); const familyMother = await this.ProfileFamilyMother.findOneBy({ profileId: profileId }); if (!familyMother) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); diff --git a/src/controllers/ProfileFamilyMotherEmployeeController.ts b/src/controllers/ProfileFamilyMotherEmployeeController.ts index 4b6325fb..ab922bd8 100644 --- a/src/controllers/ProfileFamilyMotherEmployeeController.ts +++ b/src/controllers/ProfileFamilyMotherEmployeeController.ts @@ -21,6 +21,7 @@ import { ProfileEmployee } from "../entities/ProfileEmployee"; import { ProfileFamilyMother, CreateProfileEmployeeFamilyMother, UpdateProfileFamilyMother } from "../entities/ProfileFamilyMother"; import { ProfileFamilyMotherHistory } from "../entities/ProfileFamilyMotherHistory"; import Extension from "../interfaces/extension"; +import permission from "../interfaces/permission"; @Route("api/v1/org/profile-employee/family/mother") @Tags("ProfileEmployeeFamilyMother") @Security("bearerAuth") @@ -201,6 +202,7 @@ export class ProfileFamilyMotherEmployeeController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileEmployeeFamilyMother, ) { + await new permission().PermissionCreate(req,"SYS_REGISTRY_EMP"); const familyMother = Object.assign(new ProfileFamilyMother(), body); if (!familyMother) { throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -241,6 +243,7 @@ export class ProfileFamilyMotherEmployeeController extends Controller { @Body() body: UpdateProfileFamilyMother, @Path() profileEmployeeId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY_EMP"); const familyMother = await this.ProfileFamilyMother.findOneBy({ profileEmployeeId: profileEmployeeId, }); diff --git a/src/controllers/ProfileGovernmentController.ts b/src/controllers/ProfileGovernmentController.ts index fff540e3..cef1adbf 100644 --- a/src/controllers/ProfileGovernmentController.ts +++ b/src/controllers/ProfileGovernmentController.ts @@ -9,7 +9,7 @@ import { ProfileGovernment, UpdateProfileGovernment } from "../entities/ProfileG import { Position } from "../entities/Position"; import { PosMaster } from "../entities/PosMaster"; import { calculateAge, calculateRetireDate } from "../interfaces/utils"; - +import permission from "../interfaces/permission"; @Route("api/v1/org/profile/government") @Tags("ProfileGovernment") @Security("bearerAuth") @@ -293,6 +293,7 @@ export class ProfileGovernmentHistoryController extends Controller { @Body() body: UpdateProfileGovernment, @Path() profileId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY"); const record = await this.profileRepo.findOne({ where: { id: profileId }, }); diff --git a/src/controllers/ProfileGovernmentEmployeeController.ts b/src/controllers/ProfileGovernmentEmployeeController.ts index 73c40045..7bb64f1c 100644 --- a/src/controllers/ProfileGovernmentEmployeeController.ts +++ b/src/controllers/ProfileGovernmentEmployeeController.ts @@ -26,7 +26,7 @@ import { import { EmployeePosition } from "../entities/EmployeePosition"; import { EmployeePosMaster } from "../entities/EmployeePosMaster"; import { calculateAge, calculateRetireDate } from "../interfaces/utils"; - +import permission from "../interfaces/permission"; @Route("api/v1/org/profile-employee/government") @Tags("ProfileEmployeeGovernment") @Security("bearerAuth") @@ -288,6 +288,7 @@ export class ProfileGovernmentEmployeeController extends Controller { @Body() body: UpdateProfileGovernment, @Path() profileEmployeeId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY_EMP"); const record = await this.profileEmployeeRepo.findOne({ where: { id: profileEmployeeId }, }); diff --git a/src/controllers/ProfileHonorController.ts b/src/controllers/ProfileHonorController.ts index 84b9b226..57a84874 100644 --- a/src/controllers/ProfileHonorController.ts +++ b/src/controllers/ProfileHonorController.ts @@ -20,7 +20,7 @@ import HttpError from "../interfaces/http-error"; import { ProfileHonorHistory } from "../entities/ProfileHonorHistory"; import { RequestWithUser } from "../middlewares/user"; import { Profile } from "../entities/Profile"; - +import permission from "../interfaces/permission"; @Route("api/v1/org/profile/honor") @Tags("ProfileHonor") @Security("bearerAuth") @@ -138,6 +138,7 @@ export class ProfileHonorController extends Controller { @Post() public async newHonor(@Request() req: RequestWithUser, @Body() body: CreateProfileHonor) { + await new permission().PermissionCreate(req,"SYS_REGISTRY"); if (!body.profileId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } @@ -170,6 +171,7 @@ export class ProfileHonorController extends Controller { @Body() body: UpdateProfileHonor, @Path() honorId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY"); const record = await this.honorRepo.findOneBy({ id: honorId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -188,7 +190,8 @@ export class ProfileHonorController extends Controller { } @Delete("{honorId}") - public async deleteTraning(@Path() honorId: string) { + public async deleteTraning(@Path() honorId: string, @Request() req: RequestWithUser) { + await new permission().PermissionDelete(req,"SYS_REGISTRY"); await this.honorHistoryRepo.delete({ profileHonorId: honorId, }); diff --git a/src/controllers/ProfileHonorEmployeeController.ts b/src/controllers/ProfileHonorEmployeeController.ts index a6b232ad..f5f211d4 100644 --- a/src/controllers/ProfileHonorEmployeeController.ts +++ b/src/controllers/ProfileHonorEmployeeController.ts @@ -20,7 +20,7 @@ import HttpError from "../interfaces/http-error"; import { ProfileHonorHistory } from "../entities/ProfileHonorHistory"; import { RequestWithUser } from "../middlewares/user"; import { ProfileEmployee } from "../entities/ProfileEmployee"; - +import permission from "../interfaces/permission"; @Route("api/v1/org/profile-employee/honor") @Tags("ProfileEmployeeHonor") @Security("bearerAuth") @@ -138,6 +138,7 @@ export class ProfileHonorEmployeeController extends Controller { @Post() public async newHonor(@Request() req: RequestWithUser, @Body() body: CreateProfileEmployeeHonor) { + await new permission().PermissionCreate(req,"SYS_REGISTRY_EMP"); if (!body.profileEmployeeId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileEmployeeId"); } @@ -170,6 +171,7 @@ export class ProfileHonorEmployeeController extends Controller { @Body() body: UpdateProfileHonor, @Path() honorId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY_EMP"); const record = await this.honorRepo.findOneBy({ id: honorId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -188,7 +190,8 @@ export class ProfileHonorEmployeeController extends Controller { } @Delete("{honorId}") - public async deleteTraning(@Path() honorId: string) { + public async deleteTraning(@Path() honorId: string, @Request() req: RequestWithUser) { + await new permission().PermissionDelete(req,"SYS_REGISTRY_EMP"); await this.honorHistoryRepo.delete({ profileHonorId: honorId, }); diff --git a/src/controllers/ProfileInsigniaController.ts b/src/controllers/ProfileInsigniaController.ts index 7b71e203..82b5ce07 100644 --- a/src/controllers/ProfileInsigniaController.ts +++ b/src/controllers/ProfileInsigniaController.ts @@ -25,7 +25,7 @@ import { ProfileInsigniaHistory } from "../entities/ProfileInsigniaHistory"; import { RequestWithUser } from "../middlewares/user"; import { Profile } from "../entities/Profile"; import { Insignia } from "../entities/Insignia"; - +import permission from "../interfaces/permission"; @Route("api/v1/org/profile/insignia") @Tags("ProfileInsignia") @Security("bearerAuth") @@ -166,6 +166,7 @@ export class ProfileInsigniaController extends Controller { @Post() public async newInsignia(@Request() req: RequestWithUser, @Body() body: CreateProfileInsignia) { + await new permission().PermissionCreate(req,"SYS_REGISTRY"); if (!body.profileId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } @@ -205,6 +206,7 @@ export class ProfileInsigniaController extends Controller { @Body() body: UpdateProfileInsignia, @Path() insigniaId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY"); const record = await this.insigniaRepo.findOneBy({ id: insigniaId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -230,7 +232,8 @@ export class ProfileInsigniaController extends Controller { } @Delete("{insigniaId}") - public async deleteInsignia(@Path() insigniaId: string) { + public async deleteInsignia(@Path() insigniaId: string, @Request() req: RequestWithUser) { + await new permission().PermissionDelete(req,"SYS_REGISTRY"); await this.insigniaHistoryRepo.delete({ profileInsigniaId: insigniaId, }); diff --git a/src/controllers/ProfileInsigniaEmployeeController.ts b/src/controllers/ProfileInsigniaEmployeeController.ts index 6de21b7e..d59f1529 100644 --- a/src/controllers/ProfileInsigniaEmployeeController.ts +++ b/src/controllers/ProfileInsigniaEmployeeController.ts @@ -25,7 +25,7 @@ import { ProfileInsigniaHistory } from "../entities/ProfileInsigniaHistory"; import { RequestWithUser } from "../middlewares/user"; import { ProfileEmployee } from "../entities/ProfileEmployee"; import { Insignia } from "../entities/Insignia"; - +import permission from "../interfaces/permission"; @Route("api/v1/org/profile-employee/insignia") @Tags("ProfileEmployeeInsignia") @Security("bearerAuth") @@ -166,6 +166,7 @@ export class ProfileInsigniaEmployeeController extends Controller { @Post() public async newInsignia(@Request() req: RequestWithUser, @Body() body: CreateProfileEmployeeInsignia) { + await new permission().PermissionCreate(req,"SYS_REGISTRY_EMP"); if (!body.profileEmployeeId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileEmployeeId"); } @@ -205,6 +206,7 @@ export class ProfileInsigniaEmployeeController extends Controller { @Body() body: UpdateProfileInsignia, @Path() insigniaId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY_EMP"); const record = await this.insigniaRepo.findOneBy({ id: insigniaId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -230,7 +232,8 @@ export class ProfileInsigniaEmployeeController extends Controller { } @Delete("{insigniaId}") - public async deleteInsignia(@Path() insigniaId: string) { + public async deleteInsignia(@Path() insigniaId: string, @Request() req: RequestWithUser) { + await new permission().PermissionDelete(req,"SYS_REGISTRY_EMP"); await this.insigniaHistoryRepo.delete({ profileInsigniaId: insigniaId, }); diff --git a/src/controllers/ProfileLeaveController.ts b/src/controllers/ProfileLeaveController.ts index 8ff61a61..0f9eea8b 100644 --- a/src/controllers/ProfileLeaveController.ts +++ b/src/controllers/ProfileLeaveController.ts @@ -22,12 +22,11 @@ import { import HttpSuccess from "../interfaces/http-success"; import HttpStatus from "../interfaces/http-status"; import HttpError from "../interfaces/http-error"; - import { RequestWithUser } from "../middlewares/user"; import { Profile } from "../entities/Profile"; import { LeaveType } from "../entities/LeaveType"; import { Brackets } from "typeorm"; - +import permission from "../interfaces/permission"; @Route("api/v1/org/profile/leave") @Tags("ProfileLeave") @Security("bearerAuth") @@ -248,6 +247,7 @@ export class ProfileLeaveController extends Controller { @Post() public async newLeave(@Request() req: RequestWithUser, @Body() body: CreateProfileLeave) { + await new permission().PermissionCreate(req,"SYS_REGISTRY"); if (!body.profileId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } @@ -286,6 +286,7 @@ export class ProfileLeaveController extends Controller { @Body() body: UpdateProfileLeave, @Path() leaveId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY"); const record = await this.leaveRepo.findOneBy({ id: leaveId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -311,7 +312,8 @@ export class ProfileLeaveController extends Controller { } @Delete("{leaveId}") - public async deleteLeave(@Path() leaveId: string) { + public async deleteLeave(@Path() leaveId: string, @Request() req: RequestWithUser) { + await new permission().PermissionDelete(req,"SYS_REGISTRY"); await this.leaveHistoryRepo.delete({ profileLeaveId: leaveId, }); diff --git a/src/controllers/ProfileLeaveEmployeeController.ts b/src/controllers/ProfileLeaveEmployeeController.ts index 8f1716c9..5c3a314b 100644 --- a/src/controllers/ProfileLeaveEmployeeController.ts +++ b/src/controllers/ProfileLeaveEmployeeController.ts @@ -22,11 +22,10 @@ import { import HttpSuccess from "../interfaces/http-success"; import HttpStatus from "../interfaces/http-status"; import HttpError from "../interfaces/http-error"; - import { RequestWithUser } from "../middlewares/user"; import { LeaveType } from "../entities/LeaveType"; import { ProfileEmployee } from "../entities/ProfileEmployee"; - +import permission from "../interfaces/permission"; @Route("api/v1/org/profile-employee/leave") @Tags("ProfileLeave") @Security("bearerAuth") @@ -69,6 +68,7 @@ export class ProfileLeaveEmployeeController extends Controller { @Post() public async newLeave(@Request() req: RequestWithUser, @Body() body: CreateProfileEmployeeLeave) { + await new permission().PermissionCreate(req,"SYS_REGISTRY_EMP"); if (!body.profileEmployeeId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } @@ -107,6 +107,7 @@ export class ProfileLeaveEmployeeController extends Controller { @Body() body: UpdateProfileLeave, @Path() leaveId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY_EMP"); const record = await this.leaveRepo.findOneBy({ id: leaveId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -132,7 +133,8 @@ export class ProfileLeaveEmployeeController extends Controller { } @Delete("{leaveId}") - public async deleteLeave(@Path() leaveId: string) { + public async deleteLeave(@Path() leaveId: string, @Request() req: RequestWithUser) { + await new permission().PermissionDelete(req,"SYS_REGISTRY_EMP"); await this.leaveHistoryRepo.delete({ profileLeaveId: leaveId, }); diff --git a/src/controllers/ProfileNopaidController.ts b/src/controllers/ProfileNopaidController.ts index c74b24d7..3475c911 100644 --- a/src/controllers/ProfileNopaidController.ts +++ b/src/controllers/ProfileNopaidController.ts @@ -20,7 +20,7 @@ import { ProfileNopaidHistory } from "../entities/ProfileNopaidHistory"; import { RequestWithUser } from "../middlewares/user"; import { Profile } from "../entities/Profile"; import { CreateProfileNopaid, ProfileNopaid, UpdateProfileNopaid } from "../entities/ProfileNopaid"; - +import permission from "../interfaces/permission"; @Route("api/v1/org/profile/nopaid") @Tags("ProfileNopaid") @Security("bearerAuth") @@ -96,6 +96,7 @@ export class ProfileNopaidController extends Controller { @Post() public async newNopaid(@Request() req: RequestWithUser, @Body() body: CreateProfileNopaid) { + await new permission().PermissionCreate(req,"SYS_REGISTRY"); if (!body.profileId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } @@ -128,6 +129,7 @@ export class ProfileNopaidController extends Controller { @Body() body: UpdateProfileNopaid, @Path() nopaidId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY"); const record = await this.nopaidRepository.findOneBy({ id: nopaidId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -149,7 +151,8 @@ export class ProfileNopaidController extends Controller { } @Delete("{nopaidId}") - public async deleteNopaid(@Path() nopaidId: string) { + public async deleteNopaid(@Path() nopaidId: string, @Request() req: RequestWithUser) { + await new permission().PermissionDelete(req,"SYS_REGISTRY"); await this.nopaidHistoryRepository.delete({ profileNopaidId: nopaidId, }); diff --git a/src/controllers/ProfileNopaidEmployeeController.ts b/src/controllers/ProfileNopaidEmployeeController.ts index 8bda984d..26cc91fc 100644 --- a/src/controllers/ProfileNopaidEmployeeController.ts +++ b/src/controllers/ProfileNopaidEmployeeController.ts @@ -24,7 +24,7 @@ import { ProfileNopaid, UpdateProfileNopaid, } from "../entities/ProfileNopaid"; - +import permission from "../interfaces/permission"; @Route("api/v1/org/profile-employee/nopaid") @Tags("ProfileNopaid") @Security("bearerAuth") @@ -67,6 +67,7 @@ export class ProfileNopaidEmployeeController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileEmployeeNopaid, ) { + await new permission().PermissionCreate(req,"SYS_REGISTRY_EMP"); if (!body.profileEmployeeId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } @@ -99,6 +100,7 @@ export class ProfileNopaidEmployeeController extends Controller { @Body() body: UpdateProfileNopaid, @Path() nopaidId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY_EMP"); const record = await this.nopaidRepository.findOneBy({ id: nopaidId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -120,7 +122,8 @@ export class ProfileNopaidEmployeeController extends Controller { } @Delete("{nopaidId}") - public async deleteNopaid(@Path() nopaidId: string) { + public async deleteNopaid(@Path() nopaidId: string, @Request() req: RequestWithUser) { + await new permission().PermissionDelete(req,"SYS_REGISTRY_EMP"); await this.nopaidHistoryRepository.delete({ profileNopaidId: nopaidId, }); diff --git a/src/controllers/ProfileOtherController.ts b/src/controllers/ProfileOtherController.ts index 11a986ec..2575e926 100644 --- a/src/controllers/ProfileOtherController.ts +++ b/src/controllers/ProfileOtherController.ts @@ -20,7 +20,7 @@ import { ProfileOtherHistory } from "../entities/ProfileOtherHistory"; import { RequestWithUser } from "../middlewares/user"; import { Profile } from "../entities/Profile"; import { CreateProfileOther, ProfileOther, UpdateProfileOther } from "../entities/ProfileOther"; - +import permission from "../interfaces/permission"; @Route("api/v1/org/profile/other") @Tags("ProfileOther") @Security("bearerAuth") @@ -93,6 +93,7 @@ export class ProfileOtherController extends Controller { @Post() public async newOther(@Request() req: RequestWithUser, @Body() body: CreateProfileOther) { + await new permission().PermissionCreate(req,"SYS_REGISTRY"); if (!body.profileId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } @@ -125,6 +126,7 @@ export class ProfileOtherController extends Controller { @Body() body: UpdateProfileOther, @Path() otherId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY"); const record = await this.otherRepository.findOneBy({ id: otherId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -146,7 +148,8 @@ export class ProfileOtherController extends Controller { } @Delete("{otherId}") - public async deleteOther(@Path() otherId: string) { + public async deleteOther(@Path() otherId: string, @Request() req: RequestWithUser) { + await new permission().PermissionDelete(req,"SYS_REGISTRY"); await this.otherHistoryRepository.delete({ profileOtherId: otherId, }); diff --git a/src/controllers/ProfileOtherEmployeeController.ts b/src/controllers/ProfileOtherEmployeeController.ts index b04addf6..11eee382 100644 --- a/src/controllers/ProfileOtherEmployeeController.ts +++ b/src/controllers/ProfileOtherEmployeeController.ts @@ -24,7 +24,7 @@ import { ProfileOther, UpdateProfileOther, } from "../entities/ProfileOther"; - +import permission from "../interfaces/permission"; @Route("api/v1/org/profile-employee/other") @Tags("ProfileOther") @Security("bearerAuth") @@ -64,6 +64,7 @@ export class ProfileOtherEmployeeController extends Controller { @Post() public async newOther(@Request() req: RequestWithUser, @Body() body: CreateProfileEmployeeOther) { + await new permission().PermissionCreate(req,"SYS_REGISTRY_EMP"); if (!body.profileEmployeeId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } @@ -96,6 +97,7 @@ export class ProfileOtherEmployeeController extends Controller { @Body() body: UpdateProfileOther, @Path() otherId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY_EMP"); const record = await this.otherRepository.findOneBy({ id: otherId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -117,7 +119,8 @@ export class ProfileOtherEmployeeController extends Controller { } @Delete("{otherId}") - public async deleteOther(@Path() otherId: string) { + public async deleteOther(@Path() otherId: string, @Request() req: RequestWithUser) { + await new permission().PermissionDelete(req,"SYS_REGISTRY_EMP"); await this.otherHistoryRepository.delete({ profileOtherId: otherId, }); diff --git a/src/controllers/ProfileSalaryController.ts b/src/controllers/ProfileSalaryController.ts index eb9c66a7..3a17eb17 100644 --- a/src/controllers/ProfileSalaryController.ts +++ b/src/controllers/ProfileSalaryController.ts @@ -21,7 +21,7 @@ import { ProfileSalaryHistory } from "../entities/ProfileSalaryHistory"; import { RequestWithUser } from "../middlewares/user"; import { Profile } from "../entities/Profile"; import { LessThan, MoreThan } from "typeorm"; - +import permission from "../interfaces/permission"; @Route("api/v1/org/profile/salary") @Tags("ProfileSalary") @Security("bearerAuth") @@ -140,6 +140,7 @@ export class ProfileSalaryController extends Controller { @Post() public async newSalary(@Request() req: RequestWithUser, @Body() body: CreateProfileSalary) { + await new permission().PermissionCreate(req,"SYS_REGISTRY"); if (!body.profileId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } @@ -178,6 +179,7 @@ export class ProfileSalaryController extends Controller { @Body() body: UpdateProfileSalary, @Path() salaryId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY"); const record = await this.salaryRepo.findOneBy({ id: salaryId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -196,7 +198,8 @@ export class ProfileSalaryController extends Controller { } @Delete("{salaryId}") - public async deleteSalary(@Path() salaryId: string) { + public async deleteSalary(@Path() salaryId: string, @Request() req: RequestWithUser) { + await new permission().PermissionDelete(req,"SYS_REGISTRY"); await this.salaryHistoryRepo.delete({ profileSalaryId: salaryId, }); diff --git a/src/controllers/ProfileSalaryEmployeeController.ts b/src/controllers/ProfileSalaryEmployeeController.ts index 8f6c7237..58c0fe54 100644 --- a/src/controllers/ProfileSalaryEmployeeController.ts +++ b/src/controllers/ProfileSalaryEmployeeController.ts @@ -25,7 +25,7 @@ import { ProfileSalaryHistory } from "../entities/ProfileSalaryHistory"; import { RequestWithUser } from "../middlewares/user"; import { ProfileEmployee } from "../entities/ProfileEmployee"; import { LessThan, MoreThan } from "typeorm"; - +import permission from "../interfaces/permission"; @Route("api/v1/org/profile-employee/salary") @Tags("ProfileSalary") @Security("bearerAuth") @@ -69,6 +69,7 @@ export class ProfileSalaryEmployeeController extends Controller { @Request() req: RequestWithUser, @Body() body: CreateProfileSalaryEmployee, ) { + await new permission().PermissionCreate(req,"SYS_REGISTRY_EMP"); if (!body.profileEmployeeId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileEmployeeId"); } @@ -107,6 +108,7 @@ export class ProfileSalaryEmployeeController extends Controller { @Body() body: UpdateProfileSalaryEmployee, @Path() salaryId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY_EMP"); const record = await this.salaryRepo.findOneBy({ id: salaryId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -125,7 +127,8 @@ export class ProfileSalaryEmployeeController extends Controller { } @Delete("{salaryId}") - public async deleteSalaryEmployee(@Path() salaryId: string) { + public async deleteSalaryEmployee(@Path() salaryId: string, @Request() req: RequestWithUser) { + await new permission().PermissionDelete(req,"SYS_REGISTRY_EMP"); await this.salaryHistoryRepo.delete({ profileSalaryId: salaryId, }); diff --git a/src/controllers/ProfileTrainingController.ts b/src/controllers/ProfileTrainingController.ts index 20de8cf8..eb34c688 100644 --- a/src/controllers/ProfileTrainingController.ts +++ b/src/controllers/ProfileTrainingController.ts @@ -24,7 +24,7 @@ import HttpError from "../interfaces/http-error"; import { ProfileTrainingHistory } from "../entities/ProfileTrainingHistory"; import { RequestWithUser } from "../middlewares/user"; import { Profile } from "../entities/Profile"; - +import permission from "../interfaces/permission"; @Route("api/v1/org/profile/training") @Tags("ProfileTraining") @Security("bearerAuth") @@ -139,6 +139,7 @@ export class ProfileTrainingController extends Controller { @Post() public async newTraining(@Request() req: RequestWithUser, @Body() body: CreateProfileTraining) { + await new permission().PermissionCreate(req,"SYS_REGISTRY"); if (!body.profileId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId"); } @@ -171,6 +172,7 @@ export class ProfileTrainingController extends Controller { @Body() body: UpdateProfileTraining, @Path() trainingId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY"); const record = await this.trainingRepo.findOneBy({ id: trainingId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -189,7 +191,8 @@ export class ProfileTrainingController extends Controller { } @Delete("{trainingId}") - public async deleteTraining(@Path() trainingId: string) { + public async deleteTraining(@Path() trainingId: string, @Request() req: RequestWithUser) { + await new permission().PermissionDelete(req,"SYS_REGISTRY"); await this.trainingHistoryRepo.delete({ profileTrainingId: trainingId, }); diff --git a/src/controllers/ProfileTrainingEmployeeController.ts b/src/controllers/ProfileTrainingEmployeeController.ts index e70cc2be..2df7aaf1 100644 --- a/src/controllers/ProfileTrainingEmployeeController.ts +++ b/src/controllers/ProfileTrainingEmployeeController.ts @@ -24,7 +24,7 @@ import HttpError from "../interfaces/http-error"; import { ProfileTrainingHistory } from "../entities/ProfileTrainingHistory"; import { RequestWithUser } from "../middlewares/user"; import { ProfileEmployee } from "../entities/ProfileEmployee"; - +import permission from "../interfaces/permission"; @Route("api/v1/org/profile-employee/training") @Tags("ProfileEmployeeTraining") @Security("bearerAuth") @@ -139,6 +139,7 @@ export class ProfileTrainingEmployeeController extends Controller { @Post() public async newTraining(@Request() req: RequestWithUser, @Body() body: CreateProfileEmployeeTraining) { + await new permission().PermissionCreate(req,"SYS_REGISTRY_EMP"); if (!body.profileEmployeeId) { throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileEmployeeId"); } @@ -171,6 +172,7 @@ export class ProfileTrainingEmployeeController extends Controller { @Body() body: UpdateProfileTraining, @Path() trainingId: string, ) { + await new permission().PermissionUpdate(req,"SYS_REGISTRY_EMP"); const record = await this.trainingRepo.findOneBy({ id: trainingId }); if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); @@ -189,7 +191,8 @@ export class ProfileTrainingEmployeeController extends Controller { } @Delete("{trainingId}") - public async deleteTraining(@Path() trainingId: string) { + public async deleteTraining(@Path() trainingId: string, @Request() req: RequestWithUser) { + await new permission().PermissionDelete(req,"SYS_REGISTRY_EMP"); await this.trainingHistoryRepo.delete({ profileTrainingId: trainingId, });