This commit is contained in:
parent
d6383ec2c4
commit
ca7d2f2a75
2 changed files with 29 additions and 3 deletions
|
|
@ -758,11 +758,21 @@ export class KeycloakController extends Controller {
|
|||
}
|
||||
|
||||
@Get("user/role/{id}")
|
||||
async getRoleUser(@Path("id") id: string) {
|
||||
async getRoleUser(@Request() req: RequestWithUser,@Path("id") id: string) {
|
||||
|
||||
const profile = await this.profileRepo.findOne({
|
||||
where: { keycloak: id },
|
||||
relations: ["roleKeycloaks"],
|
||||
});
|
||||
|
||||
if (
|
||||
req.user.sub === id &&
|
||||
req.user.role.some(x => x === 'ADMIN') &&
|
||||
!req.user.role.some(x => x === 'SUPER_ADMIN')
|
||||
) {
|
||||
throw new HttpError(HttpStatus.NOT_FOUND, "ไม่มีสิทธิ์เข้าถึงข้อมูลนี้");
|
||||
}
|
||||
|
||||
if (!profile) {
|
||||
const profileEmp = await this.profileEmpRepo.findOne({
|
||||
where: { keycloak: id, employeeClass: "PERM" },
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue