diff --git a/src/controllers/AssignController.ts b/src/controllers/AssignController.ts index d39c738..fe86297 100644 --- a/src/controllers/AssignController.ts +++ b/src/controllers/AssignController.ts @@ -492,7 +492,7 @@ export class AssignController extends Controller { */ @Get("") async GetAssign(@Query() assign_id: string, @Request() request: RequestWithUser) { - await new permission().PermissionUpdate(request, "SYS_PROBATION"); + await new permission().PermissionGet(request, "SYS_PROBATION"); const assign = await this.assignRepository.findOne({ select: [ diff --git a/src/controllers/DataOptionsController.ts b/src/controllers/DataOptionsController.ts index a42ea51..994ed7d 100644 --- a/src/controllers/DataOptionsController.ts +++ b/src/controllers/DataOptionsController.ts @@ -3,7 +3,6 @@ import { Route, Security, Tags, - Path, Request, SuccessResponse, Response, @@ -21,6 +20,7 @@ import { MapKnowledgeSkill } from "../entities/MapKnowledgeSkill"; import { Personal } from "../entities/Personal"; import { Law } from "../entities/Law"; import { Assign } from "../entities/Assign"; +import permission from "../interfaces/permission"; @Route("api/v1/probation/data-options") @Tags("Data Options") @@ -45,7 +45,7 @@ export class DataOptionController extends Controller { * */ @Get("knowledge") - async GetKnowledge(@Query() personal_id: string, @Request() request: RequestWithUser) { + async GetKnowledge(@Query() personal_id: string) { const person = await this.personalRepository.findOne({ where: { personal_id }, }); @@ -106,7 +106,7 @@ export class DataOptionController extends Controller { * */ @Get("skill") - async GetSkill(@Query() personal_id: string, @Request() request: RequestWithUser) { + async GetSkill(@Query() personal_id: string) { const person = await this.personalRepository.findOne({ where: { personal_id }, }); @@ -258,7 +258,7 @@ export class DataOptionController extends Controller { * */ @Get("law") - async GetLaw(@Query() personal_id: string, @Request() request: RequestWithUser) { + async GetLaw(@Query() personal_id: string) { const results = await this.lawRepository.find({ select: ["id", "parent_id", "description", "status_select"], where: { @@ -286,6 +286,8 @@ export class DataOptionController extends Controller { */ @Get("new-assign") async NewAssign(@Query() personal_id: string, @Request() request: RequestWithUser) { + await new permission().PermissionGet(request, "SYS_PROBATION"); + const person = await this.personalRepository.findOne({ select: [ "personal_id", diff --git a/src/controllers/EvaluateChairmanController.ts b/src/controllers/EvaluateChairmanController.ts index 97a12fe..a104dc7 100644 --- a/src/controllers/EvaluateChairmanController.ts +++ b/src/controllers/EvaluateChairmanController.ts @@ -23,7 +23,7 @@ import { Assign } from "../entities/Assign"; import { Personal } from "../entities/Personal"; import CallAPI from "../interfaces/call-api"; import { CreateEvaluateChairman, EvaluateChairman } from "../entities/EvaluateChairman"; - +import permission from "../interfaces/permission"; @Route("api/v1/probation/evaluate-chairman") @Tags("แบบประเมินผล (คณะกรรมการ)") @Security("bearerAuth") @@ -45,7 +45,9 @@ export class EvaluateChairmanController extends Controller { * */ @Get("create") - async CreateEvaluate(@Query() assign_id: string) { + async CreateEvaluate(@Query() assign_id: string, @Request() request: RequestWithUser) { + await new permission().PermissionGet(request, "SYS_PROBATION"); + const director = await this.assignDirectorRepository.findOne({ select: ["personal_id"], where: { @@ -174,7 +176,12 @@ export class EvaluateChairmanController extends Controller { * */ @Get("") - async GetEvaluate(@Query() assign_id: string, @Query() evaluate_no?: string) { + async GetEvaluate( + @Request() request: RequestWithUser, + @Query() assign_id: string, + @Query() evaluate_no?: string, + ) { + await new permission().PermissionGet(request, "SYS_PROBATION"); // ต้องปรับเป็น id ของคนที่ access เข้ามา const director = await this.assignDirectorRepository.findOne({ select: ["personal_id"], @@ -330,6 +337,8 @@ export class EvaluateChairmanController extends Controller { @Body() requestBody: CreateEvaluateChairman, @Request() request: RequestWithUser, ) { + await new permission().PermissionUpdate(request, "SYS_PROBATION"); + const director = await this.assignDirectorRepository.findOne({ select: ["personal_id"], where: { @@ -416,6 +425,8 @@ export class EvaluateChairmanController extends Controller { @Body() requestBody: CreateEvaluateChairman, @Request() request: RequestWithUser, ) { + await new permission().PermissionUpdate(request, "SYS_PROBATION"); + let evaluate = await this.evaluateChairmanRepository.findOne({ where: { id: evaluate_id }, }); diff --git a/src/controllers/EvaluateController.ts b/src/controllers/EvaluateController.ts index d602a5d..a784d44 100644 --- a/src/controllers/EvaluateController.ts +++ b/src/controllers/EvaluateController.ts @@ -23,7 +23,7 @@ import { Assign } from "../entities/Assign"; import { CreateEvaluateCommander, EvaluateCommander } from "../entities/EvaluateCommander"; import { Personal } from "../entities/Personal"; import CallAPI from "../interfaces/call-api"; - +import permission from "../interfaces/permission"; @Route("api/v1/probation/evaluate") @Tags("แบบประเมินผล (ผู้บังคับบัญชา)") @Security("bearerAuth") @@ -45,7 +45,9 @@ export class EvaluateController extends Controller { * */ @Get("create") - async CreateEvaluate(@Query() assign_id: string) { + async CreateEvaluate(@Query() assign_id: string, @Request() request: RequestWithUser) { + await new permission().PermissionGet(request, "SYS_PROBATION"); + const director = await this.assignDirectorRepository.findOne({ select: ["personal_id"], where: { @@ -118,7 +120,13 @@ export class EvaluateController extends Controller { * */ @Get("") - async GetEvaluate(@Query() assign_id: string, @Query() evaluate_no?: string) { + async GetEvaluate( + @Request() request: RequestWithUser, + @Query() assign_id: string, + @Query() evaluate_no?: string, + ) { + await new permission().PermissionGet(request, "SYS_PROBATION"); + // ต้องปรับเป็น id ของคนที่ access เข้ามา const director = await this.assignDirectorRepository.findOne({ select: ["personal_id"], @@ -241,6 +249,8 @@ export class EvaluateController extends Controller { @Body() requestBody: CreateEvaluateCommander, @Request() request: RequestWithUser, ) { + await new permission().PermissionUpdate(request, "SYS_PROBATION"); + const director = await this.assignDirectorRepository.findOne({ select: ["personal_id"], where: { @@ -327,6 +337,8 @@ export class EvaluateController extends Controller { @Body() requestBody: CreateEvaluateCommander, @Request() request: RequestWithUser, ) { + await new permission().PermissionUpdate(request, "SYS_PROBATION"); + let evaluate = await this.evaluateCommanderRepository.findOne({ where: { id: evaluate_id }, }); diff --git a/src/controllers/EvaluateRecordController.ts b/src/controllers/EvaluateRecordController.ts index 15efc0c..48c01af 100644 --- a/src/controllers/EvaluateRecordController.ts +++ b/src/controllers/EvaluateRecordController.ts @@ -25,7 +25,7 @@ import { AssignOutput } from "../entities/AssignOutput"; import { CreateEvaluateAssessor, EvaluateAssessor } from "../entities/EvaluateAssessor"; import { CreateEvaluateAchievement, EvaluateAchievement } from "../entities/EvaluateAchievement"; import CallAPI from "../interfaces/call-api"; - +import permission from "../interfaces/permission"; @Route("api/v1/probation/evaluate-record") @Tags("แบบบันทึกผล") @Security("bearerAuth") @@ -49,7 +49,9 @@ export class EvaluateRecordController extends Controller { * */ @Get("create") - async GetCreate(@Query() assign_id: string) { + async GetCreate(@Query() assign_id: string, @Request() request: RequestWithUser) { + await new permission().PermissionGet(request, "SYS_PROBATION"); + const directorData = await this.assignDirectorRepository.findOne({ select: ["personal_id", "dated", "fullname", "position", "posType", "posLevel"], where: { @@ -159,7 +161,13 @@ export class EvaluateRecordController extends Controller { * */ @Get("") - async GetData(@Query() assign_id: string, @Query() evaluate_no?: string) { + async GetData( + @Request() request: RequestWithUser, + @Query() assign_id: string, + @Query() evaluate_no?: string, + ) { + await new permission().PermissionGet(request, "SYS_PROBATION"); + const director = await this.assignDirectorRepository.findOne({ select: ["personal_id"], where: { @@ -389,6 +397,8 @@ export class EvaluateRecordController extends Controller { @Body() requestBody: CreateEvaluateAssessor, @Request() request: RequestWithUser, ) { + await new permission().PermissionUpdate(request, "SYS_PROBATION"); + const director = await this.assignDirectorRepository.findOne({ select: ["personal_id"], where: { @@ -505,6 +515,8 @@ export class EvaluateRecordController extends Controller { @Body() requestBody: CreateEvaluateAssessor, @Request() request: RequestWithUser, ) { + await new permission().PermissionUpdate(request, "SYS_PROBATION"); + const director = await this.assignDirectorRepository.findOne({ select: ["personal_id"], where: { @@ -608,7 +620,9 @@ export class EvaluateRecordController extends Controller { * */ @Get("create/commander") - async GetCreateCommander(@Query() assign_id: string) { + async GetCreateCommander(@Query() assign_id: string, @Request() request: RequestWithUser) { + await new permission().PermissionGet(request, "SYS_PROBATION"); + const directorData = await this.assignDirectorRepository.findOne({ select: ["personal_id", "dated", "fullname", "position", "posType", "posLevel"], where: { @@ -703,7 +717,13 @@ export class EvaluateRecordController extends Controller { * */ @Get("commander") - async GetDataCommander(@Query() assign_id: string, @Query() evaluate_no?: string) { + async GetDataCommander( + @Request() request: RequestWithUser, + @Query() assign_id: string, + @Query() evaluate_no?: string, + ) { + await new permission().PermissionGet(request, "SYS_PROBATION"); + const director = await this.assignDirectorRepository.findOne({ select: ["personal_id"], where: { @@ -933,6 +953,8 @@ export class EvaluateRecordController extends Controller { @Body() requestBody: CreateEvaluateAssessor, @Request() request: RequestWithUser, ) { + await new permission().PermissionUpdate(request, "SYS_PROBATION"); + const director = await this.assignDirectorRepository.findOne({ select: ["personal_id"], where: { @@ -1046,6 +1068,8 @@ export class EvaluateRecordController extends Controller { @Body() requestBody: CreateEvaluateAssessor, @Request() request: RequestWithUser, ) { + await new permission().PermissionUpdate(request, "SYS_PROBATION"); + const director = await this.assignDirectorRepository.findOne({ select: ["personal_id"], where: { diff --git a/src/controllers/EvaluateResultController.ts b/src/controllers/EvaluateResultController.ts index de393b3..1aee787 100644 --- a/src/controllers/EvaluateResultController.ts +++ b/src/controllers/EvaluateResultController.ts @@ -24,6 +24,7 @@ import { Personal } from "../entities/Personal"; import CallAPI from "../interfaces/call-api"; import { EvaluateChairman } from "../entities/EvaluateChairman"; import { CreateEvaluateResult, EvaluateResult } from "../entities/EvaluateResult"; +import permission from "../interfaces/permission"; @Route("api/v1/probation/evaluate-result") @Tags("แบบรายงานการประเมินฯ") @@ -47,7 +48,9 @@ export class EvaluateResultController extends Controller { * */ @Get("create") - async CreateEvaluate(@Query() assign_id: string) { + async CreateEvaluate(@Query() assign_id: string, @Request() request: RequestWithUser) { + await new permission().PermissionGet(request, "SYS_PROBATION"); + const assign = await this.assignRepository.findOne({ relations: ["profile"], where: { id: assign_id }, @@ -179,7 +182,13 @@ export class EvaluateResultController extends Controller { * */ @Get("") - async GetEvaluate(@Query() assign_id: string, @Query() evaluate_no?: string) { + async GetEvaluate( + @Request() request: RequestWithUser, + @Query() assign_id: string, + @Query() evaluate_no?: string, + ) { + await new permission().PermissionGet(request, "SYS_PROBATION"); + // ต้องปรับเป็น id ของคนที่ access เข้ามา const director = await this.assignDirectorRepository.findOne({ select: ["personal_id"], @@ -319,6 +328,8 @@ export class EvaluateResultController extends Controller { @Body() requestBody: CreateEvaluateResult, @Request() request: RequestWithUser, ) { + await new permission().PermissionUpdate(request, "SYS_PROBATION"); + const director = await this.assignDirectorRepository.findOne({ select: ["personal_id"], where: { @@ -410,6 +421,8 @@ export class EvaluateResultController extends Controller { @Body() requestBody: CreateEvaluateResult, @Request() request: RequestWithUser, ) { + await new permission().PermissionUpdate(request, "SYS_PROBATION"); + let evaluate = await this.evaluateResultRepository.findOne({ where: { id: evaluate_id }, }); diff --git a/src/controllers/PersonalController.ts b/src/controllers/PersonalController.ts index 61bf3c5..8b9d31e 100644 --- a/src/controllers/PersonalController.ts +++ b/src/controllers/PersonalController.ts @@ -137,7 +137,7 @@ export class PersonalController extends Controller { */ @Get("") async GetPersonal(@Request() request: RequestWithUser, @Query() personal_id: string) { - await new permission().PermissionList(request, "SYS_PROBATION"); + await new permission().PermissionGet(request, "SYS_PROBATION"); const person = await this.personalRepository.findOne({ where: { personal_id: personal_id }, });