permission ทะเบียนประวัติขรก.+ลูกจ้าง

src/controllers/ProfileTrainingController.ts

@@ -24,7 +24,7 @@ import HttpError from "../interfaces/http-error";
 import { ProfileTrainingHistory } from "../entities/ProfileTrainingHistory";
 import { RequestWithUser } from "../middlewares/user";
 import { Profile } from "../entities/Profile";
-
+import permission from "../interfaces/permission";
 @Route("api/v1/org/profile/training")
 @Tags("ProfileTraining")
 @Security("bearerAuth")
@@ -139,6 +139,7 @@ export class ProfileTrainingController extends Controller {
 
   @Post()
   public async newTraining(@Request() req: RequestWithUser, @Body() body: CreateProfileTraining) {
+    await new permission().PermissionCreate(req,"SYS_REGISTRY");
     if (!body.profileId) {
       throw new HttpError(HttpStatus.BAD_REQUEST, "กรุณากรอก profileId");
     }
@@ -171,6 +172,7 @@ export class ProfileTrainingController extends Controller {
     @Body() body: UpdateProfileTraining,
     @Path() trainingId: string,
   ) {
+    await new permission().PermissionUpdate(req,"SYS_REGISTRY");
     const record = await this.trainingRepo.findOneBy({ id: trainingId });
 
     if (!record) throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล");
@@ -189,7 +191,8 @@ export class ProfileTrainingController extends Controller {
   }
 
   @Delete("{trainingId}")
-  public async deleteTraining(@Path() trainingId: string) {
+  public async deleteTraining(@Path() trainingId: string, @Request() req: RequestWithUser) {
+    await new permission().PermissionDelete(req,"SYS_REGISTRY");
     await this.trainingHistoryRepo.delete({
       profileTrainingId: trainingId,
     });