import { Controller, Request, Get, Post, Put, Delete, Patch, Route, Security, Tags, Path, } from "tsoa"; import axios from "axios"; import { RequestWithUser } from "../middlewares/user"; import CallAPI from "./call-api"; import HttpError from "./http-error"; import HttpStatus from "./http-status"; class CheckAuth { public async Permission(req: RequestWithUser, system: string, action: string) { if ( req.headers.hasOwnProperty("api_key") && req.headers["api_key"] && req.headers["api_key"] == process.env.API_KEY ) { return null; } return await new CallAPI() .GetData(req, "/org/permission") .then((x) => { let permission = false; let role = x.roles.find((x: any) => x.authSysId == system); if (!role) throw "ไม่มีสิทธิ์เข้าระบบ"; if (role.attrOwnership == "OWNER") return "OWNER"; if (action.trim().toLocaleUpperCase() == "CREATE") permission = role.attrIsCreate; if (action.trim().toLocaleUpperCase() == "DELETE") permission = role.attrIsDelete; if (action.trim().toLocaleUpperCase() == "GET") permission = role.attrIsGet; if (action.trim().toLocaleUpperCase() == "LIST") permission = role.attrIsList; if (action.trim().toLocaleUpperCase() == "UPDATE") permission = role.attrIsUpdate; if (permission == false) throw "ไม่มีสิทธิ์ใช้งานระบบนี้"; return role.attrPrivilege; }) .catch((x) => { throw new HttpError(HttpStatus.FORBIDDEN, x); }); } public async PermissionOrg(req: RequestWithUser, system: string, action: string) { if ( req.headers.hasOwnProperty("api_key") && req.headers["api_key"] && req.headers["api_key"] == process.env.API_KEY ) { return null; } return await new CallAPI() .GetData(req, "/org/permission/org") .then(async (x) => { let privilege = null; if (action.trim().toLocaleUpperCase() == "CREATE") privilege = await this.PermissionCreate(req, system); if (action.trim().toLocaleUpperCase() == "DELETE") privilege = await this.PermissionDelete(req, system); if (action.trim().toLocaleUpperCase() == "GET") privilege = await this.PermissionGet(req, system); if (action.trim().toLocaleUpperCase() == "LIST") privilege = await this.PermissionList(req, system); if (action.trim().toLocaleUpperCase() == "UPDATE") privilege = await this.PermissionUpdate(req, system); let data: any = { root: [null], child1: [null], child2: [null], child3: [null], child4: [null], }; let node = 4; if (x.orgChild1Id == null) { node = 0; } else if (x.orgChild2Id == null) { node = 1; } else if (x.orgChild3Id == null) { node = 2; } else if (x.orgChild4Id == null) { node = 3; } if (privilege == "ROOT") { data = { root: [x.orgRootId], child1: null, child2: null, child3: null, child4: null, }; } else if (privilege == "CHILD") { data = { root: node >= 0 ? [x.orgRootId] : null, child1: node >= 1 ? [x.orgChild1Id] : null, child2: node >= 2 ? [x.orgChild2Id] : null, child3: node >= 3 ? [x.orgChild3Id] : null, child4: node >= 4 ? [x.orgChild4Id] : null, }; } else if (privilege == "NORMAL") { data = { root: [x.orgRootId], child1: [x.orgChild1Id], child2: [x.orgChild2Id], child3: [x.orgChild3Id], child4: [x.orgChild4Id], }; } else if (privilege == "SPECIFIC") { } else if (privilege == "OWNER") { data = { root: null, child1: null, child2: null, child3: null, child4: null, }; } return data; }) .catch((x) => { throw new HttpError(HttpStatus.FORBIDDEN, x); }); } public async PermissionOrgByUser( req: RequestWithUser, system: string, action: string, profileId: string, ) { if ( req.headers.hasOwnProperty("api_key") && req.headers["api_key"] && req.headers["api_key"] == process.env.API_KEY ) { return true; } return await new CallAPI() .GetData(req, `/org/permission/user/${profileId}`) .then(async (x) => { let org = { orgRootId: [null], orgChild1Id: [null], orgChild2Id: [null], orgChild3Id: [null], orgChild4Id: [null], }; if (action.trim().toLocaleUpperCase() == "CREATE") org = await this.PermissionOrgCreate(req, system); if (action.trim().toLocaleUpperCase() == "DELETE") org = await this.PermissionOrgDelete(req, system); if (action.trim().toLocaleUpperCase() == "GET") org = await this.PermissionOrgGet(req, system); if (action.trim().toLocaleUpperCase() == "LIST") org = await this.PermissionOrgList(req, system); if (action.trim().toLocaleUpperCase() == "UPDATE") org = await this.PermissionOrgUpdate(req, system); if (org.orgRootId != null) if (x.orgRootId != org.orgRootId[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล"; if (org.orgChild1Id != null) if (x.orgChild1Id != org.orgChild1Id[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล"; if (org.orgChild2Id != null) if (x.orgChild2Id != org.orgChild2Id[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล"; if (org.orgChild3Id != null) if (x.orgChild3Id != org.orgChild3Id[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล"; if (org.orgChild4Id != null) if (x.orgChild4Id != org.orgChild4Id[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล"; return true; }) .catch((x) => { if (x.status == 403) { throw new HttpError(HttpStatus.FORBIDDEN, x.message); } else { throw new HttpError(HttpStatus.FORBIDDEN, x); } }); } public async PermissionCreate(req: RequestWithUser, system: string) { return await this.Permission(req, system, "CREATE"); } public async PermissionDelete(req: RequestWithUser, system: string) { return await this.Permission(req, system, "DELETE"); } public async PermissionGet(req: RequestWithUser, system: string) { return await this.Permission(req, system, "GET"); } public async PermissionList(req: RequestWithUser, system: string) { return await this.Permission(req, system, "LIST"); } public async PermissionUpdate(req: RequestWithUser, system: string) { return await this.Permission(req, system, "UPDATE"); } public async PermissionOrgCreate(req: RequestWithUser, system: string) { return await this.PermissionOrg(req, system, "CREATE"); } public async PermissionOrgDelete(req: RequestWithUser, system: string) { return await this.PermissionOrg(req, system, "DELETE"); } public async PermissionOrgGet(req: RequestWithUser, system: string) { return await this.PermissionOrg(req, system, "GET"); } public async PermissionOrgList(req: RequestWithUser, system: string) { return await this.PermissionOrg(req, system, "LIST"); } public async PermissionOrgUpdate(req: RequestWithUser, system: string) { return await this.PermissionOrg(req, system, "UPDATE"); } public async PermissionOrgUserCreate(req: RequestWithUser, system: string, profileId: string) { return await this.PermissionOrgByUser(req, system, "CREATE", profileId); } public async PermissionOrgUserDelete(req: RequestWithUser, system: string, profileId: string) { return await this.PermissionOrgByUser(req, system, "DELETE", profileId); } public async PermissionOrgUserGet(req: RequestWithUser, system: string, profileId: string) { return await this.PermissionOrgByUser(req, system, "GET", profileId); } public async PermissionOrgUserList(req: RequestWithUser, system: string, profileId: string) { return await this.PermissionOrgByUser(req, system, "LIST", profileId); } public async PermissionOrgUserUpdate(req: RequestWithUser, system: string, profileId: string) { return await this.PermissionOrgByUser(req, system, "UPDATE", profileId); } } export default CheckAuth;