permission ทะเบียนประวัติขรก.+ลูกจ้าง

src/controllers/ProfileAssessmentsController.ts

@@ -19,7 +19,6 @@ import {
 import HttpError from "../interfaces/http-error";
 import HttpStatus from "../interfaces/http-status";
 import HttpSuccess from "../interfaces/http-success";
-
 import { AppDataSource } from "../database/data-source";
 import {
   CreateProfileAssessment,
@@ -29,7 +28,7 @@ import {
 import { ProfileAssessmentHistory } from "../entities/ProfileAssessmentHistory";
 import { Profile } from "../entities/Profile";
 import { RequestWithUser } from "../middlewares/user";
-
+import permission from "../interfaces/permission";
 @Route("api/v1/org/profile/assessments")
 @Tags("ProfileAssessments")
 @Security("bearerAuth")
@@ -147,6 +146,7 @@ export class ProfileAssessmentsController extends Controller {
     @Request() req: RequestWithUser,
     @Body() body: CreateProfileAssessment,
   ) {
+    await new permission().PermissionCreate(req,"SYS_REGISTRY");
     if (!body.profileId) {
       throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId");
     }
@@ -176,6 +176,7 @@ export class ProfileAssessmentsController extends Controller {
     @Request() req: RequestWithUser,
     @Path() assessmentId: string,
   ) {
+    await new permission().PermissionUpdate(req,"SYS_REGISTRY");
     const record = await this.profileAssessmentsRepository.findOneBy({ id: assessmentId });
     if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล");
 
@@ -196,7 +197,8 @@ export class ProfileAssessmentsController extends Controller {
   }
 
   @Delete("{assessmentId}")
-  public async deleteProfileAssessment(@Path() assessmentId: string) {
+  public async deleteProfileAssessment(@Path() assessmentId: string, @Request() req: RequestWithUser) {
+    await new permission().PermissionDelete(req,"SYS_REGISTRY");
     await this.profileAssessmentsHistoryRepository.delete({
       profileAssessmentId: assessmentId,
     });