diff --git a/src/controllers/PermissionController.ts b/src/controllers/PermissionController.ts index e14848ea..ba7b0cac 100644 --- a/src/controllers/PermissionController.ts +++ b/src/controllers/PermissionController.ts @@ -33,13 +33,102 @@ export class PermissionController extends Controller { private redis = require("redis"); @Get("") - public async getPermission(@Request() request: RequestWithUser) { - let data = this.getPermissionFunc(request); - return new HttpSuccess(data); + public async getPermission(@Request() request: { user: Record }) { + const orgRevision = await this.orgRevisionRepository.findOne({ + select: ["id"], + where: { + orgRevisionIsDraft: false, + orgRevisionIsCurrent: true, + }, + }); + const redisClient = await this.redis.createClient({ + host: REDIS_HOST, + port: REDIS_PORT, + }); + const getAsync = promisify(redisClient.get).bind(redisClient); + + let profileType = "OFFICER"; + let profile: any = await this.profileRepo.findOne({ + select: ["id"], + where: { keycloak: request.user.sub }, + }); + if (!profile) { + profileType = "EMPLOYEE"; + profile = await this.profileEmployeeRepo.findOne({ + select: ["id"], + where: { keycloak: request.user.sub }, + }); + if (!profile) { + throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลบุคคลนี้ในระบบ"); + } + } + + let reply = await getAsync("role_" + profile.id); + if (reply != null) { + reply = JSON.parse(reply); + } else { + let posMaster: any = await this.posMasterRepository.findOne({ + select: ["authRoleId"], + where: { + current_holderId: profile.id, + // orgRevision: { + // orgRevisionIsDraft: false, + // orgRevisionIsCurrent: true, + // }, + orgRevisionId: orgRevision?.id, + }, + }); + if (!posMaster) { + posMaster = await this.posMasterEmpRepository.findOne({ + select: ["authRoleId"], + where: { + current_holderId: profile.id, + // orgRevision: { + // orgRevisionIsDraft: false, + // orgRevisionIsCurrent: true, + // }, + orgRevisionId: orgRevision?.id, + }, + }); + if (!posMaster) { + throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลสิทธิ์"); + } + } + + const getDetail = await this.authRoleRepo.findOne({ + select: ["id", "roleName", "roleDescription"], + where: { id: posMaster.authRoleId }, + }); + if (!getDetail) { + throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); + } + + const roleAttrData = await this.authRoleAttrRepo.find({ + select: [ + "authSysId", + "parentNode", + "attrOwnership", + "attrIsCreate", + "attrIsList", + "attrIsGet", + "attrIsUpdate", + "attrIsDelete", + "attrPrivilege", + ], + where: { authRoleId: getDetail.id }, + }); + + reply = { + ...getDetail, + roles: roleAttrData, + }; + redisClient.setex("role_" + profile.id, 86400, JSON.stringify(reply)); + } + return new HttpSuccess(reply); } @Get("menu") - public async listAuthSys(@Request() request: RequestWithUser) { + public async listAuthSys(@Request() request: { user: Record }) { const orgRevision = await this.orgRevisionRepository.findOne({ select: ["id"], where: { @@ -77,6 +166,10 @@ export class PermissionController extends Controller { select: ["authRoleId"], where: { current_holderId: profile.id, + // orgRevision: { + // orgRevisionIsDraft: false, + // orgRevisionIsCurrent: true, + // }, orgRevisionId: orgRevision?.id, }, }); @@ -85,6 +178,10 @@ export class PermissionController extends Controller { select: ["authRoleId"], where: { current_holderId: profile.id, + // orgRevision: { + // orgRevisionIsDraft: false, + // orgRevisionIsCurrent: true, + // }, orgRevisionId: orgRevision?.id, }, }); @@ -303,100 +400,6 @@ export class PermissionController extends Controller { @Get("user/{id}") public async listOrgUser(@Request() request: RequestWithUser, @Path() id: string) { - const redisClient = await this.redis.createClient({ - host: REDIS_HOST, - port: REDIS_PORT, - }); - const getAsync = promisify(redisClient.get).bind(redisClient); - - let reply = await getAsync("user_" + id); - if (reply != null) { - reply = JSON.parse(reply); - } else { - const orgRevision = await this.orgRevisionRepository.findOne({ - select: ["id"], - where: { - orgRevisionIsDraft: false, - orgRevisionIsCurrent: true, - }, - }); - let profileType = "OFFICER"; - let profile: any = await this.profileRepo.findOne({ - select: ["id"], - where: { id: id }, - }); - if (!profile) { - profileType = "EMPLOYEE"; - profile = await this.profileEmployeeRepo.findOne({ - select: ["id"], - where: { id: id }, - }); - if (!profile) { - throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลบุคคลนี้ในระบบ"); - } - } - if (profileType == "OFFICER") { - const posMaster = await this.posMasterRepository.findOne({ - where: { - current_holderId: profile.id, - orgRevisionId: orgRevision?.id, - }, - }); - if (!posMaster) { - reply = { - orgRootId: null, - orgChild1Id: null, - orgChild2Id: null, - orgChild3Id: null, - orgChild4Id: null, - }; - } else { - reply = { - orgRootId: posMaster.orgRootId, - orgChild1Id: posMaster.orgChild1Id, - orgChild2Id: posMaster.orgChild2Id, - orgChild3Id: posMaster.orgChild3Id, - orgChild4Id: posMaster.orgChild4Id, - }; - } - redisClient.setex("user_" + profile.id, 86400, JSON.stringify(reply)); - } else { - const posMaster = await this.posMasterEmpRepository.findOne({ - where: { - current_holderId: profile.id, - orgRevisionId: orgRevision?.id, - }, - }); - if (!posMaster) { - reply = { - orgRootId: null, - orgChild1Id: null, - orgChild2Id: null, - orgChild3Id: null, - orgChild4Id: null, - }; - } else { - reply = { - orgRootId: posMaster.orgRootId, - orgChild1Id: posMaster.orgChild1Id, - orgChild2Id: posMaster.orgChild2Id, - orgChild3Id: posMaster.orgChild3Id, - orgChild4Id: posMaster.orgChild4Id, - }; - } - redisClient.setex("user_" + profile.id, 86400, JSON.stringify(reply)); - } - } - - return new HttpSuccess(reply); - } - - @Get("org/{action}/{system}") - public async listAuthSysOrgSystem( - @Request() request: RequestWithUser, - @Path() action: string, - @Path() system: string, - ) { const orgRevision = await this.orgRevisionRepository.findOne({ select: ["id"], where: { @@ -413,28 +416,31 @@ export class PermissionController extends Controller { let profileType = "OFFICER"; let profile: any = await this.profileRepo.findOne({ select: ["id"], - where: { keycloak: request.user.sub }, + where: { id: id }, }); if (!profile) { profileType = "EMPLOYEE"; profile = await this.profileEmployeeRepo.findOne({ select: ["id"], - where: { keycloak: request.user.sub }, + where: { id: id }, }); if (!profile) { throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลบุคคลนี้ในระบบ"); } } - let reply = await getAsync("posMaster_" + profile.id); + let reply = await getAsync("user_" + profile.id); if (reply != null) { reply = JSON.parse(reply); } else { - let privilege = this.Permission(request, system.toLocaleUpperCase(), action); if (profileType == "OFFICER") { const posMaster = await this.posMasterRepository.findOne({ where: { current_holderId: profile.id, + // orgRevision: { + // orgRevisionIsDraft: false, + // orgRevisionIsCurrent: true, + // }, orgRevisionId: orgRevision?.id, }, }); @@ -445,7 +451,6 @@ export class PermissionController extends Controller { orgChild2Id: null, orgChild3Id: null, orgChild4Id: null, - privilege: privilege, }; } else { reply = { @@ -454,14 +459,17 @@ export class PermissionController extends Controller { orgChild2Id: posMaster.orgChild2Id, orgChild3Id: posMaster.orgChild3Id, orgChild4Id: posMaster.orgChild4Id, - privilege: privilege, }; } - redisClient.setex("posMaster_" + profile.id, 86400, JSON.stringify(reply)); + redisClient.setex("user_" + profile.id, 86400, JSON.stringify(reply)); } else { const posMaster = await this.posMasterEmpRepository.findOne({ where: { current_holderId: profile.id, + // orgRevision: { + // orgRevisionIsDraft: false, + // orgRevisionIsCurrent: true, + // }, orgRevisionId: orgRevision?.id, }, }); @@ -472,7 +480,6 @@ export class PermissionController extends Controller { orgChild2Id: null, orgChild3Id: null, orgChild4Id: null, - privilege: privilege, }; } else { reply = { @@ -481,119 +488,12 @@ export class PermissionController extends Controller { orgChild2Id: posMaster.orgChild2Id, orgChild3Id: posMaster.orgChild3Id, orgChild4Id: posMaster.orgChild4Id, - privilege: privilege, }; } - redisClient.setex("posMaster_" + profile.id, 86400, JSON.stringify(reply)); + redisClient.setex("user_" + profile.id, 86400, JSON.stringify(reply)); } } return new HttpSuccess(reply); } - - public async getPermissionFunc(@Request() request: RequestWithUser) { - const orgRevision = await this.orgRevisionRepository.findOne({ - select: ["id"], - where: { - orgRevisionIsDraft: false, - orgRevisionIsCurrent: true, - }, - }); - const redisClient = await this.redis.createClient({ - host: REDIS_HOST, - port: REDIS_PORT, - }); - const getAsync = promisify(redisClient.get).bind(redisClient); - - let profile: any = await this.profileRepo.findOne({ - select: ["id"], - where: { keycloak: request.user.sub }, - }); - if (!profile) { - profile = await this.profileEmployeeRepo.findOne({ - select: ["id"], - where: { keycloak: request.user.sub }, - }); - if (!profile) { - throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลบุคคลนี้ในระบบ"); - } - } - - let reply = await getAsync("role_" + profile.id); - if (reply != null) { - reply = JSON.parse(reply); - } else { - let posMaster: any = await this.posMasterRepository.findOne({ - select: ["authRoleId"], - where: { - current_holderId: profile.id, - orgRevisionId: orgRevision?.id, - }, - }); - if (!posMaster) { - posMaster = await this.posMasterEmpRepository.findOne({ - select: ["authRoleId"], - where: { - current_holderId: profile.id, - orgRevisionId: orgRevision?.id, - }, - }); - if (!posMaster) { - throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูลสิทธิ์"); - } - } - - const getDetail = await this.authRoleRepo.findOne({ - select: ["id", "roleName", "roleDescription"], - where: { id: posMaster.authRoleId }, - }); - if (!getDetail) { - throw new HttpError(HttpStatus.NOT_FOUND, "ไม่พบข้อมูล"); - } - - const roleAttrData = await this.authRoleAttrRepo.find({ - select: [ - "authSysId", - "parentNode", - "attrOwnership", - "attrIsCreate", - "attrIsList", - "attrIsGet", - "attrIsUpdate", - "attrIsDelete", - "attrPrivilege", - ], - where: { authRoleId: getDetail.id }, - }); - - reply = { - ...getDetail, - roles: roleAttrData, - }; - redisClient.setex("role_" + profile.id, 86400, JSON.stringify(reply)); - } - return reply; - } - - public async Permission(request: RequestWithUser, system: string, action: string) { - if ( - request.headers.hasOwnProperty("api_key") && - request.headers["api_key"] && - request.headers["api_key"] == process.env.API_KEY - ) { - return null; - } - let data: any = this.getPermissionFunc(request); - let permission = false; - let role = data.roles.find((x: any) => x.authSysId == system); - if (!role) throw "ไม่มีสิทธิ์เข้าระบบ"; - if (role.attrOwnership == "OWNER") return "OWNER"; - if (action.trim().toLocaleUpperCase() == "CREATE") permission = role.attrIsCreate; - if (action.trim().toLocaleUpperCase() == "DELETE") permission = role.attrIsDelete; - if (action.trim().toLocaleUpperCase() == "GET") permission = role.attrIsGet; - if (action.trim().toLocaleUpperCase() == "LIST") permission = role.attrIsList; - if (action.trim().toLocaleUpperCase() == "UPDATE") permission = role.attrIsUpdate; - if (permission == false) throw "ไม่มีสิทธิ์ใช้งานระบบนี้"; - return role.attrPrivilege; - } } diff --git a/src/interfaces/permission.ts b/src/interfaces/permission.ts index 2ea6b91d..16690180 100644 --- a/src/interfaces/permission.ts +++ b/src/interfaces/permission.ts @@ -45,9 +45,20 @@ class CheckAuth { return null; } return await new CallAPI() - .GetData(req, `/org/permission/org/${action}/${system}`) + .GetData(req, "/org/permission/org") .then(async (x) => { - let privilege = x.privilege; + let privilege = null; + if (action.trim().toLocaleUpperCase() == "CREATE") + privilege = await this.PermissionCreate(req, system); + if (action.trim().toLocaleUpperCase() == "DELETE") + privilege = await this.PermissionDelete(req, system); + if (action.trim().toLocaleUpperCase() == "GET") + privilege = await this.PermissionGet(req, system); + if (action.trim().toLocaleUpperCase() == "LIST") + privilege = await this.PermissionList(req, system); + if (action.trim().toLocaleUpperCase() == "UPDATE") + privilege = await this.PermissionUpdate(req, system); + let data: any = { root: [null], child1: [null],