permission ทะเบียนประวัติขรก.+ลูกจ้าง

src/controllers/ProfileEmployeeController.ts

@@ -65,7 +65,7 @@ import CallAPI from "../interfaces/call-api";
 import { EmployeePosition } from "../entities/EmployeePosition";
 import { ProfileInsignia } from "../entities/ProfileInsignia";
 import { ProfileLeave } from "../entities/ProfileLeave";
-
+import permission from "../interfaces/permission";
 @Route("api/v1/org/profile-employee")
 @Tags("ProfileEmployee")
 @Security("bearerAuth")
@@ -576,6 +576,7 @@ export class ProfileEmployeeController extends Controller {
    */
   @Post()
   async createProfile(@Body() body: CreateProfileEmployee, @Request() request: RequestWithUser) {
+    await new permission().PermissionCreate(request,"SYS_REGISTRY_EMP");
     if (await this.profileRepo.findOneBy({ citizenId: body.citizenId })) {
       throw new HttpError(
         HttpStatus.INTERNAL_SERVER_ERROR,
@@ -628,6 +629,7 @@ export class ProfileEmployeeController extends Controller {
     @Path() id: string,
     @Body() body: UpdateProfileEmployee,
   ) {
+    await new permission().PermissionUpdate(request,"SYS_REGISTRY_EMP");
     const exists =
       !!body.citizenId &&
       (await this.profileRepo.findOne({
@@ -690,7 +692,8 @@ export class ProfileEmployeeController extends Controller {
    * @param {string} id  Id ทะเบียนประวัติ
    */
   @Delete("{id}")
-  async deleteProfile(@Path() id: string) {
+  async deleteProfile(@Path() id: string, @Request() request: RequestWithUser,) {
+    await new permission().PermissionDelete(request,"SYS_REGISTRY_EMP");
     const result = await this.profileRepo.findOne({ where: { id: id } });
     if (!result) {
       throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล");