permission ทะเบียนประวัติขรก.+ลูกจ้าง

src/controllers/ProfileCertificateEmployeeController.ts

@@ -24,7 +24,7 @@ import HttpError from "../interfaces/http-error";
 import { ProfileCertificateHistory } from "../entities/ProfileCertificateHistory";
 import { RequestWithUser } from "../middlewares/user";
 import { ProfileEmployee } from "../entities/ProfileEmployee";
-
+import permission from "../interfaces/permission";
 @Route("api/v1/org/profile-employee/certificate")
 @Tags("ProfileEmployeeCertificate")
 @Security("bearerAuth")
@@ -121,6 +121,7 @@ export class ProfileCertificateEmployeeController extends Controller {
     @Request() req: RequestWithUser,
     @Body() body: CreateProfileEmployeeCertificate,
   ) {
+    await new permission().PermissionCreate(req,"SYS_REGISTRY_EMP");
     if (!body.profileEmployeeId) {
       throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileEmployeeId");
     }
@@ -153,6 +154,7 @@ export class ProfileCertificateEmployeeController extends Controller {
     @Body() body: UpdateProfileCertificate,
     @Path() certificateId: string,
   ) {
+    await new permission().PermissionUpdate(req,"SYS_REGISTRY_EMP");
     const record = await this.certificateRepo.findOneBy({ id: certificateId });
 
     if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล");
@@ -174,7 +176,8 @@ export class ProfileCertificateEmployeeController extends Controller {
   }
 
   @Delete("{certificateId}")
-  public async deleteCertificate(@Path() certificateId: string) {
+  public async deleteCertificate(@Path() certificateId: string, @Request() req: RequestWithUser) {
+    await new permission().PermissionDelete(req,"SYS_REGISTRY_EMP");
     await this.certificateHistoryRepo.delete({
       profileCertificateId: certificateId,
     });