api test สิทธิ์

2024-08-20 13:33:03 +07:00 · 2024-08-20 13:33:03 +07:00 · bd1f889fba
commit bd1f889fba
parent 99255ff36b
3 changed files with 119 additions and 2 deletions
--- a/src/interfaces/permission.ts
+++ b/src/interfaces/permission.ts
@ -126,6 +126,61 @@ class CheckAuth {
        throw new HttpError(HttpStatus.FORBIDDEN, x);
      });
  }
+  public async PermissionOrgByUser(
+    req: RequestWithUser,
+    system: string,
+    action: string,
+    profileId: string,
+  ) {
+    if (
+      req.headers.hasOwnProperty("api_key") &&
+      req.headers["api_key"] &&
+      req.headers["api_key"] == process.env.API_KEY
+    ) {
+      return true;
+    }
+    return await new CallAPI()
+      .GetData(req, `/org/permission/user/${profileId}`)
+      .then(async (x) => {
+        let org = {
+          orgRootId: [null],
+          orgChild1Id: [null],
+          orgChild2Id: [null],
+          orgChild3Id: [null],
+          orgChild4Id: [null],
+        };
+        if (action.trim().toLocaleUpperCase() == "CREATE")
+          org = await this.PermissionOrgCreate(req, system);
+        if (action.trim().toLocaleUpperCase() == "DELETE")
+          org = await this.PermissionOrgDelete(req, system);
+        if (action.trim().toLocaleUpperCase() == "GET")
+          org = await this.PermissionOrgGet(req, system);
+        if (action.trim().toLocaleUpperCase() == "LIST")
+          org = await this.PermissionOrgList(req, system);
+        if (action.trim().toLocaleUpperCase() == "UPDATE")
+          org = await this.PermissionOrgUpdate(req, system);
+
+        if (org.orgRootId != null)
+          if (x.orgRootId != org.orgRootId[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล";
+        if (org.orgChild1Id != null)
+          if (x.orgChild1Id != org.orgChild1Id[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล";
+        if (org.orgChild2Id != null)
+          if (x.orgChild2Id != org.orgChild2Id[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล";
+        if (org.orgChild3Id != null)
+          if (x.orgChild3Id != org.orgChild3Id[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล";
+        if (org.orgChild4Id != null)
+          if (x.orgChild4Id != org.orgChild4Id[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล";
+
+        return true;
+      })
+      .catch((x) => {
+        if (x.status == 403) {
+          throw new HttpError(HttpStatus.FORBIDDEN, x.message);
+        } else {
+          throw new HttpError(HttpStatus.FORBIDDEN, x);
+        }
+      });
+  }
  public async PermissionCreate(req: RequestWithUser, system: string) {
    return await this.Permission(req, system, "CREATE");
  }
@ -157,6 +212,22 @@ class CheckAuth {
  public async PermissionOrgUpdate(req: RequestWithUser, system: string) {
    return await this.PermissionOrg(req, system, "UPDATE");
  }
+
+  public async PermissionOrgUserCreate(req: RequestWithUser, system: string, profileId: string) {
+    return await this.PermissionOrgByUser(req, system, "CREATE", profileId);
+  }
+  public async PermissionOrgUserDelete(req: RequestWithUser, system: string, profileId: string) {
+    return await this.PermissionOrgByUser(req, system, "DELETE", profileId);
+  }
+  public async PermissionOrgUserGet(req: RequestWithUser, system: string, profileId: string) {
+    return await this.PermissionOrgByUser(req, system, "GET", profileId);
+  }
+  public async PermissionOrgUserList(req: RequestWithUser, system: string, profileId: string) {
+    return await this.PermissionOrgByUser(req, system, "LIST", profileId);
+  }
+  public async PermissionOrgUserUpdate(req: RequestWithUser, system: string, profileId: string) {
+    return await this.PermissionOrgByUser(req, system, "UPDATE", profileId);
+  }
 }

 export default CheckAuth;