permission ทะเบียนประวัติขรก.+ลูกจ้าง

src/controllers/ProfileInsigniaController.ts

@@ -25,7 +25,7 @@ import { ProfileInsigniaHistory } from "../entities/ProfileInsigniaHistory";
 import { RequestWithUser } from "../middlewares/user";
 import { Profile } from "../entities/Profile";
 import { Insignia } from "../entities/Insignia";
-
+import permission from "../interfaces/permission";
 @Route("api/v1/org/profile/insignia")
 @Tags("ProfileInsignia")
 @Security("bearerAuth")
@@ -166,6 +166,7 @@ export class ProfileInsigniaController extends Controller {
 
   @Post()
   public async newInsignia(@Request() req: RequestWithUser, @Body() body: CreateProfileInsignia) {
+    await new permission().PermissionCreate(req,"SYS_REGISTRY");
     if (!body.profileId) {
       throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId");
     }
@@ -205,6 +206,7 @@ export class ProfileInsigniaController extends Controller {
     @Body() body: UpdateProfileInsignia,
     @Path() insigniaId: string,
   ) {
+    await new permission().PermissionUpdate(req,"SYS_REGISTRY");
     const record = await this.insigniaRepo.findOneBy({ id: insigniaId });
 
     if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล");
@@ -230,7 +232,8 @@ export class ProfileInsigniaController extends Controller {
   }
 
   @Delete("{insigniaId}")
-  public async deleteInsignia(@Path() insigniaId: string) {
+  public async deleteInsignia(@Path() insigniaId: string, @Request() req: RequestWithUser) {
+    await new permission().PermissionDelete(req,"SYS_REGISTRY");
     await this.insigniaHistoryRepo.delete({
       profileInsigniaId: insigniaId,
     });