diff --git a/src/controllers/PermissionController.ts b/src/controllers/PermissionController.ts index 04378e6a..52b4603b 100644 --- a/src/controllers/PermissionController.ts +++ b/src/controllers/PermissionController.ts @@ -217,7 +217,7 @@ export class PermissionController extends Controller { const getAsync = promisify(redisClient.get).bind(redisClient); const profile = await this.profileRepo.findOne({ - // select: ["id"], + select: ["id"], where: { keycloak: request.user.sub }, }); if (!profile) { @@ -252,4 +252,49 @@ export class PermissionController extends Controller { return new HttpSuccess(reply); } + + @Get("user/{id}") + public async listOrgUser(@Request() request: RequestWithUser,@Path() id: string) { + const redisClient = await this.redis.createClient({ + host: REDIS_HOST, + port: REDIS_PORT, + }); + const getAsync = promisify(redisClient.get).bind(redisClient); + + const profile = await this.profileRepo.findOne({ + select: ["id"], + where: { id: id }, + }); + if (!profile) { + throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลบุคคลนี้ในระบบ"); + } + + let reply = await getAsync("user_" + profile.id); + if (reply != null) { + reply = JSON.parse(reply); + } else { + const posMaster = await this.posMasterRepository.findOne({ + where: { + current_holderId: profile.id, + orgRevision: { + orgRevisionIsDraft: false, + orgRevisionIsCurrent: true, + }, + }, + }); + if (!posMaster) { + throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลตำแหน่งในโครงสร้าง"); + } + reply = { + orgRootId: posMaster.orgRootId, + orgChild1Id: posMaster.orgChild1Id, + orgChild2Id: posMaster.orgChild2Id, + orgChild3Id: posMaster.orgChild3Id, + orgChild4Id: posMaster.orgChild4Id, + }; + redisClient.setex("user_" + profile.id, 86400, JSON.stringify(reply)); + } + + return new HttpSuccess(reply); + } } diff --git a/src/controllers/ProfileController.ts b/src/controllers/ProfileController.ts index 0592c8ca..dc01fbe0 100644 --- a/src/controllers/ProfileController.ts +++ b/src/controllers/ProfileController.ts @@ -2465,7 +2465,8 @@ export class ProfileController extends Controller { * @param {string} id Id ทะเบียนประวัติ */ @Get("{id}") - async getProfile(@Path() id: string) { + async getProfile(@Request() req: RequestWithUser, @Path() id: string) { + await new permission().PermissionOrgUserGet(req, "SYS_REGISTRY_OFFICER", id); const profile = await this.profileRepo.findOne({ relations: { posLevel: true, diff --git a/src/interfaces/permission.ts b/src/interfaces/permission.ts index e385d41b..96fd0bd7 100644 --- a/src/interfaces/permission.ts +++ b/src/interfaces/permission.ts @@ -126,6 +126,61 @@ class CheckAuth { throw new HttpError(HttpStatus.FORBIDDEN, x); }); } + public async PermissionOrgByUser( + req: RequestWithUser, + system: string, + action: string, + profileId: string, + ) { + if ( + req.headers.hasOwnProperty("api_key") && + req.headers["api_key"] && + req.headers["api_key"] == process.env.API_KEY + ) { + return true; + } + return await new CallAPI() + .GetData(req, `/org/permission/user/${profileId}`) + .then(async (x) => { + let org = { + orgRootId: [null], + orgChild1Id: [null], + orgChild2Id: [null], + orgChild3Id: [null], + orgChild4Id: [null], + }; + if (action.trim().toLocaleUpperCase() == "CREATE") + org = await this.PermissionOrgCreate(req, system); + if (action.trim().toLocaleUpperCase() == "DELETE") + org = await this.PermissionOrgDelete(req, system); + if (action.trim().toLocaleUpperCase() == "GET") + org = await this.PermissionOrgGet(req, system); + if (action.trim().toLocaleUpperCase() == "LIST") + org = await this.PermissionOrgList(req, system); + if (action.trim().toLocaleUpperCase() == "UPDATE") + org = await this.PermissionOrgUpdate(req, system); + + if (org.orgRootId != null) + if (x.orgRootId != org.orgRootId[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล"; + if (org.orgChild1Id != null) + if (x.orgChild1Id != org.orgChild1Id[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล"; + if (org.orgChild2Id != null) + if (x.orgChild2Id != org.orgChild2Id[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล"; + if (org.orgChild3Id != null) + if (x.orgChild3Id != org.orgChild3Id[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล"; + if (org.orgChild4Id != null) + if (x.orgChild4Id != org.orgChild4Id[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล"; + + return true; + }) + .catch((x) => { + if (x.status == 403) { + throw new HttpError(HttpStatus.FORBIDDEN, x.message); + } else { + throw new HttpError(HttpStatus.FORBIDDEN, x); + } + }); + } public async PermissionCreate(req: RequestWithUser, system: string) { return await this.Permission(req, system, "CREATE"); } @@ -157,6 +212,22 @@ class CheckAuth { public async PermissionOrgUpdate(req: RequestWithUser, system: string) { return await this.PermissionOrg(req, system, "UPDATE"); } + + public async PermissionOrgUserCreate(req: RequestWithUser, system: string, profileId: string) { + return await this.PermissionOrgByUser(req, system, "CREATE", profileId); + } + public async PermissionOrgUserDelete(req: RequestWithUser, system: string, profileId: string) { + return await this.PermissionOrgByUser(req, system, "DELETE", profileId); + } + public async PermissionOrgUserGet(req: RequestWithUser, system: string, profileId: string) { + return await this.PermissionOrgByUser(req, system, "GET", profileId); + } + public async PermissionOrgUserList(req: RequestWithUser, system: string, profileId: string) { + return await this.PermissionOrgByUser(req, system, "LIST", profileId); + } + public async PermissionOrgUserUpdate(req: RequestWithUser, system: string, profileId: string) { + return await this.PermissionOrgByUser(req, system, "UPDATE", profileId); + } } export default CheckAuth;