permission ทะเบียนประวัติขรก.+ลูกจ้าง

src/controllers/ProfileNopaidController.ts

@@ -20,7 +20,7 @@ import { ProfileNopaidHistory } from "../entities/ProfileNopaidHistory";
 import { RequestWithUser } from "../middlewares/user";
 import { Profile } from "../entities/Profile";
 import { CreateProfileNopaid, ProfileNopaid, UpdateProfileNopaid } from "../entities/ProfileNopaid";
-
+import permission from "../interfaces/permission";
 @Route("api/v1/org/profile/nopaid")
 @Tags("ProfileNopaid")
 @Security("bearerAuth")
@@ -96,6 +96,7 @@ export class ProfileNopaidController extends Controller {
 
   @Post()
   public async newNopaid(@Request() req: RequestWithUser, @Body() body: CreateProfileNopaid) {
+    await new permission().PermissionCreate(req,"SYS_REGISTRY");
     if (!body.profileId) {
       throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId");
     }
@@ -128,6 +129,7 @@ export class ProfileNopaidController extends Controller {
     @Body() body: UpdateProfileNopaid,
     @Path() nopaidId: string,
   ) {
+    await new permission().PermissionUpdate(req,"SYS_REGISTRY");
     const record = await this.nopaidRepository.findOneBy({ id: nopaidId });
 
     if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล");
@@ -149,7 +151,8 @@ export class ProfileNopaidController extends Controller {
   }
 
   @Delete("{nopaidId}")
-  public async deleteNopaid(@Path() nopaidId: string) {
+  public async deleteNopaid(@Path() nopaidId: string, @Request() req: RequestWithUser) {
+    await new permission().PermissionDelete(req,"SYS_REGISTRY");
     await this.nopaidHistoryRepository.delete({
       profileNopaidId: nopaidId,
     });