This commit is contained in:
AdisakKanthawilang 2024-08-09 14:17:24 +07:00
parent 8e82201fbd
commit 1736f5043e
7 changed files with 147 additions and 30 deletions

View file

@ -23,6 +23,8 @@ import HttpError from "../interfaces/http-error";
import HttpStatusCode from "../interfaces/http-status";
import { SalaryRanks } from "../entities/SalaryRanks";
import { randomUUID } from "crypto";
import { RequestWithUser } from "../middlewares/user";
import permission from "../interfaces/permission";
@Route("api/v1/salary")
@Tags("Salary")
@ -50,10 +52,8 @@ export class SalaryController extends Controller {
endDate: "datetime", //วันที่สิ้นสุดบังคับใช้
detail: "string", //คำอธิบาย
})
async create_salary(
@Body() requestBody: CreateSalary,
@Request() request: { user: Record<string, any> },
) {
async create_salary(@Body() requestBody: CreateSalary, @Request() request: RequestWithUser) {
await new permission().PermissionCreate(request, "SYS_SALARY_CHART_OFFICER");
const salarys = Object.assign(new Salarys(), requestBody);
if (!salarys) {
throw new HttpError(HttpStatusCode.NOT_FOUND, "ไม่พบข้อมูล");
@ -126,8 +126,9 @@ export class SalaryController extends Controller {
async update_salary(
@Path() id: string,
@Body() requestBody: UpdateSalary,
@Request() request: { user: Record<string, any> },
@Request() request: RequestWithUser,
) {
await new permission().PermissionUpdate(request, "SYS_SALARY_CHART_OFFICER");
const chk_Salary = await this.salaryRepository.findOne({
where: { id: id },
});
@ -206,7 +207,8 @@ export class SalaryController extends Controller {
* @param {string} id Guid, *Id
*/
@Delete("{id}")
async delete_salary(@Path() id: string) {
async delete_salary(@Path() id: string, @Request() request: RequestWithUser) {
await new permission().PermissionDelete(request, "SYS_SALARY_CHART_OFFICER");
const chk_Salary = await this.salaryRepository.findOne({
where: { id: id },
});
@ -327,8 +329,9 @@ export class SalaryController extends Controller {
@Post("copy")
async copySalary(
@Body() body: { id: string },
@Request() request: { user: Record<string, any> },
@Request() request: RequestWithUser,
) {
await new permission().PermissionCreate(request, "SYS_SALARY_CHART_OFFICER");
const salary = await this.salaryRepository.findOne({
relations: ["posLevel_", "posType_", "salaryRanks_"],
where: { id: body.id },

View file

@ -27,6 +27,8 @@ import { SalaryRankEmployee } from "../entities/SalaryRankEmployee";
import { randomUUID } from "crypto";
import { Salarys } from "../entities/Salarys";
import { SalaryFormulaEmployee } from "../entities/SalaryFormulaEmployee";
import { RequestWithUser } from "../middlewares/user";
import permission from "../interfaces/permission";
@Route("api/v1/salary/employee")
@Tags("SalaryEmployee")
@ -68,8 +70,9 @@ export class SalaryEmployeeController extends Controller {
})
async create_salary(
@Body() requestBody: CreateSalaryEmployee,
@Request() request: { user: Record<string, any> },
@Request() request: RequestWithUser,
) {
await new permission().PermissionCreate(request, "SYS_WAGE_CHART_EMP");
const salarys = Object.assign(new SalaryEmployee(), requestBody);
if (!salarys) {
throw new HttpError(HttpStatusCode.NOT_FOUND, "ไม่พบข้อมูล");
@ -110,8 +113,9 @@ export class SalaryEmployeeController extends Controller {
async update_salary(
@Path() id: string,
@Body() requestBody: UpdateSalaryEmployee,
@Request() request: { user: Record<string, any> },
@Request() request: RequestWithUser,
) {
await new permission().PermissionUpdate(request, "SYS_WAGE_CHART_EMP");
const chk_Salary = await this.salaryEmployeeRepository.findOne({
where: { id: id },
});
@ -161,7 +165,8 @@ export class SalaryEmployeeController extends Controller {
* @param {string} id Guid, *Id
*/
@Delete("{id}")
async delete_salary(@Path() id: string) {
async delete_salary(@Path() id: string, @Request() request: RequestWithUser) {
await new permission().PermissionDelete(request, "SYS_WAGE_CHART_EMP");
const chk_Salary = await this.salaryEmployeeRepository.findOne({
where: { id: id },
});
@ -267,8 +272,9 @@ export class SalaryEmployeeController extends Controller {
@Post("copy")
async copySalary(
@Body() body: { id: string },
@Request() request: { user: Record<string, any> },
@Request() request: RequestWithUser,
) {
await new permission().PermissionCreate(request, "SYS_WAGE_CHART_EMP");
const salary = await this.salaryEmployeeRepository.findOne({
relations: ["salaryRankEmployees_"],
where: { id: body.id },

View file

@ -30,6 +30,8 @@ import {
import { EmployeePosLevel } from "../entities/EmployeePosLevel";
import { EmployeePosType } from "../entities/EmployeePosType";
import { SalaryEmployee } from "../entities/SalaryEmployee";
import { RequestWithUser } from "../middlewares/user";
import permission from "../interfaces/permission";
@Route("api/v1/salary/formula")
@Tags("SalaryFormula")
@ -54,8 +56,9 @@ export class SalaryFormulaEmployeeController extends Controller {
async createFormula(
@Body()
requestBody: CreateSalaryFormulaEmployee,
@Request() request: { user: Record<string, any> },
@Request() request: RequestWithUser,
) {
await new permission().PermissionCreate(request, "SYS_WAGE_CHART_EMP");
const formula = Object.assign(new SalaryFormulaEmployee(), requestBody);
const chkPosLevel = await this.employeePosLevelRepository.findOne({
@ -114,8 +117,9 @@ export class SalaryFormulaEmployeeController extends Controller {
async editFormula(
@Path() id: string,
@Body() requestBody: UpdateSalaryFormulaEmployee,
@Request() request: { user: Record<string, any> },
@Request() request: RequestWithUser,
) {
await new permission().PermissionUpdate(request, "SYS_WAGE_CHART_EMP");
const formula = await this.salaryFormulaEmployeeRepository.findOne({ where: { id } });
if (!formula) throw new HttpError(HttpStatusCode.NOT_FOUND, "ไม่พบข้อมูลหลักเกณฑ์นี้");
@ -178,7 +182,8 @@ export class SalaryFormulaEmployeeController extends Controller {
* @param {string} id Id
*/
@Delete("{id}")
async deleteFormula(@Path() id: string) {
async deleteFormula(@Path() id: string, @Request() request: RequestWithUser) {
await new permission().PermissionDelete(request, "SYS_WAGE_CHART_EMP");
const delFormula = await this.salaryFormulaEmployeeRepository.findOne({ where: { id } });
if (!delFormula) throw new HttpError(HttpStatusCode.NOT_FOUND, "ไม่พบข้อมูลผังค่าจ้างนี้");

View file

@ -29,6 +29,8 @@ import CallAPI from "../interfaces/call-api";
import { SalaryOrgEmployee } from "../entities/SalaryOrgEmployee";
import { SalaryProfileEmployee } from "../entities/SalaryProfileEmployee";
import { isNullOrUndefined } from "util";
import { RequestWithUser } from "../middlewares/user";
import permission from "../interfaces/permission";
@Route("api/v1/salary/period")
@Tags("Salary")
@ -285,7 +287,8 @@ export class SalaryPeriodController extends Controller {
* @param {string} id profile Id
*/
@Delete("profile/{id}")
async deleteSalaryProfile(@Path() id: string) {
async deleteSalaryProfile(@Path() id: string, @Request() req: RequestWithUser) {
await new permission().PermissionDelete(req, "SYS_SALARY_OFFICER");
const salaryProfile = await this.salaryProfileRepository.findOne({
relations: ["salaryOrg", "salaryOrg.salaryPeriod"],
where: { id: id },
@ -399,7 +402,8 @@ export class SalaryPeriodController extends Controller {
* @param {string} amount
*/
@Post("change/amount")
async changeAmount(@Body() body: { profileId: string; amount: number }) {
async changeAmount(@Body() body: { profileId: string; amount: number }, @Request() request: RequestWithUser) {
await new permission().PermissionCreate(request, "SYS_SALARY_OFFICER");
const salaryProfile = await this.salaryProfileRepository.findOne({
relations: ["salaryOrg", "salaryOrg.salaryPeriod"],
where: { id: body.profileId },
@ -675,7 +679,8 @@ export class SalaryPeriodController extends Controller {
* @param {string} groupId groupId
*/
@Post("change/group")
async changeGroup(@Body() body: { profileId: string; groupId: string }) {
async changeGroup(@Body() body: { profileId: string; groupId: string } ,@Request() req: RequestWithUser) {
await new permission().PermissionCreate(req, "SYS_SALARY_OFFICER");
const salaryProfile = await this.salaryProfileRepository.findOne({
// relations: ["salaryOrg", "salaryOrg.salaryPeriod"],
where: { id: body.profileId },
@ -797,7 +802,9 @@ export class SalaryPeriodController extends Controller {
@Post("change/type")
async changeType(
@Body() body: { profileId: string; type: string; isReserve: boolean; remark?: string | null },
@Request() req: RequestWithUser
) {
await new permission().PermissionCreate(req, "SYS_SALARY_OFFICER");
const salaryProfile = await this.salaryProfileRepository.findOne({
relations: ["salaryOrg", "salaryOrg.salaryPeriod"],
where: { id: body.profileId },
@ -1195,8 +1202,9 @@ export class SalaryPeriodController extends Controller {
isAbsent: any;
isLeave: any;
},
@Request() request: { user: Record<string, any> },
@Request() request: RequestWithUser,
) {
await new permission().PermissionUpdate(request, "SYS_SALARY_OFFICER");
const salaryProfile = await this.salaryProfileRepository.findOne({
where: {
id: id,
@ -1225,8 +1233,9 @@ export class SalaryPeriodController extends Controller {
@Post("org/profile")
async addSalaryProfile(
@Body() requestBody: CreateSalaryProfile,
@Request() request: { user: Record<string, any> },
@Request() request: RequestWithUser,
) {
await new permission().PermissionCreate(request, "SYS_SALARY_OFFICER");
const salaryOrg = await this.salaryOrgRepository.findOne({
relations: ["salaryPeriod", "salaryProfiles"],
where: {
@ -1558,8 +1567,9 @@ export class SalaryPeriodController extends Controller {
@Post()
async create_salary_period(
@Body() requestBody: CreateSalaryPeriod,
@Request() request: { user: Record<string, any> },
@Request() request: RequestWithUser,
) {
await new permission().PermissionCreate(request, "SYS_SALARY_ROUND");
const salaryPeriod = Object.assign(new SalaryPeriod(), requestBody);
const chk_toUpper = ["SPECIAL", "APR", "OCT"];
@ -1663,8 +1673,9 @@ export class SalaryPeriodController extends Controller {
async update_salary_period(
@Path() id: string,
@Body() requestBody: UpdateSalaryPeriod,
@Request() request: { user: Record<string, any> },
@Request() request: RequestWithUser,
) {
await new permission().PermissionUpdate(request, "SYS_SALARY_ROUND");
const chk_SalaryPeriod = await this.salaryPeriodRepository.findOne({
where: { id: id },
});
@ -1770,7 +1781,8 @@ export class SalaryPeriodController extends Controller {
* @param {string} id Guid, *Id
*/
@Delete("{id}")
async delete_salary_period(@Path() id: string) {
async delete_salary_period(@Path() id: string, @Request() request: RequestWithUser) {
await new permission().PermissionDelete(request, "SYS_SALARY_ROUND");
const SalaryPeriod = await this.salaryPeriodRepository.findOne({
where: { id: id },
});
@ -2965,7 +2977,9 @@ export class SalaryPeriodController extends Controller {
body: {
titleRecommend: string;
},
@Request() request: RequestWithUser,
) {
await new permission().PermissionUpdate(request, "SYS_SALARY_OFFICER");
const salaryPeriod = await this.salaryPeriodRepository.findOne({
where: { id: periodId },
relations: ["salaryOrgs"],
@ -2994,6 +3008,7 @@ export class SalaryPeriodController extends Controller {
*/
@Put("head/comment/{periodId}/{rootId}")
async WaitHeadApprove(
@Request() request: RequestWithUser,
@Path() periodId: string,
rootId: string,
@Body()
@ -3001,6 +3016,7 @@ export class SalaryPeriodController extends Controller {
titleRecommend: string;
},
) {
await new permission().PermissionUpdate(request, "SYS_SALARY_ROUND");
const salaryPeriod = await this.salaryPeriodRepository.findOne({
where: { id: periodId },
relations: ["salaryOrgs"],

View file

@ -30,6 +30,8 @@ import { EmployeePosLevel } from "../entities/EmployeePosLevel";
import { SalaryEmployee } from "../entities/SalaryEmployee";
import { SalaryRankEmployee } from "../entities/SalaryRankEmployee";
import { SalaryFormulaEmployee } from "../entities/SalaryFormulaEmployee";
import { RequestWithUser } from "../middlewares/user";
import permission from "../interfaces/permission";
@Route("api/v1/salary/period-employee")
@Tags("SalaryEmployee")
@ -246,7 +248,8 @@ export class SalaryPeriodEmployeeController extends Controller {
* @param {string} id profile Id
*/
@Delete("profile/{id}")
async deleteSalaryProfile(@Path() id: string) {
async deleteSalaryProfile(@Path() id: string, @Request() request: RequestWithUser) {
await new permission().PermissionDelete(request, "SYS_WAGE");
const salaryProfile = await this.salaryProfileRepository.findOne({
relations: ["salaryOrg", "salaryOrg.salaryPeriod"],
where: { id: id },
@ -360,7 +363,8 @@ export class SalaryPeriodEmployeeController extends Controller {
* @param {string} amount
*/
@Post("change/amount")
async changeAmount(@Body() body: { profileId: string; amount: number }) {
async changeAmount(@Body() body: { profileId: string; amount: number }, @Request() req: RequestWithUser) {
await new permission().PermissionCreate(req, "SYS_WAGE");
const salaryProfile = await this.salaryProfileRepository.findOne({
relations: ["salaryOrg", "salaryOrg.salaryPeriod"],
where: { id: body.profileId },
@ -809,7 +813,8 @@ export class SalaryPeriodEmployeeController extends Controller {
* @param {string} groupId groupId
*/
@Post("change/group")
async changeGroup(@Body() body: { profileId: string; groupId: string }) {
async changeGroup(@Body() body: { profileId: string; groupId: string }, @Request() req: RequestWithUser) {
await new permission().PermissionCreate(req, "SYS_WAGE");
const salaryProfile = await this.salaryProfileRepository.findOne({
// relations: ["salaryOrg", "salaryOrg.salaryPeriod"],
where: { id: body.profileId },
@ -931,7 +936,9 @@ export class SalaryPeriodEmployeeController extends Controller {
@Post("change/type")
async changeType(
@Body() body: { profileId: string; type: string; isReserve: boolean; remark?: string | null },
@Request() req: RequestWithUser
) {
await new permission().PermissionCreate(req, "SYS_WAGE");
const salaryProfile = await this.salaryProfileRepository.findOne({
relations: ["salaryOrg", "salaryOrg.salaryPeriod"],
where: { id: body.profileId },
@ -1557,8 +1564,9 @@ export class SalaryPeriodEmployeeController extends Controller {
isAbsent: any;
isLeave: any;
},
@Request() request: { user: Record<string, any> },
@Request() request: RequestWithUser,
) {
await new permission().PermissionUpdate(request, "SYS_WAGE");
const salaryProfile = await this.salaryProfileRepository.findOne({
where: {
id: id,
@ -1587,8 +1595,9 @@ export class SalaryPeriodEmployeeController extends Controller {
@Post("org/profile")
async addSalaryProfile(
@Body() requestBody: CreateSalaryProfileEmployee,
@Request() request: { user: Record<string, any> },
@Request() request: RequestWithUser,
) {
await new permission().PermissionCreate(request, "SYS_WAGE");
const salaryOrg = await this.salaryOrgRepository.findOne({
relations: ["salaryPeriod", "salaryProfiles"],
where: {
@ -2095,8 +2104,9 @@ export class SalaryPeriodEmployeeController extends Controller {
@Post()
async create_salary_period(
@Body() requestBody: CreateSalaryPeriod,
@Request() request: { user: Record<string, any> },
@Request() request: RequestWithUser,
) {
await new permission().PermissionCreate(request, "SYS_WAGE");
const salaryPeriod = Object.assign(new SalaryPeriod(), requestBody);
const chk_toUpper = ["SPECIAL", "APR", "OCT"];
@ -2173,8 +2183,9 @@ export class SalaryPeriodEmployeeController extends Controller {
async update_salary_period(
@Path() id: string,
@Body() requestBody: UpdateSalaryPeriod,
@Request() request: { user: Record<string, any> },
@Request() request: RequestWithUser,
) {
await new permission().PermissionUpdate(request, "SYS_WAGE");
const chk_SalaryPeriod = await this.salaryPeriodRepository.findOne({
where: { id: id },
});
@ -2252,7 +2263,8 @@ export class SalaryPeriodEmployeeController extends Controller {
* @param {string} id Guid, *Id
*/
@Delete("{id}")
async delete_salary_period(@Path() id: string) {
async delete_salary_period(@Path() id: string, @Request() request: RequestWithUser) {
await new permission().PermissionDelete(request, "SYS_WAGE");
const SalaryPeriod = await this.salaryPeriodRepository.findOne({
where: { id: id },
});
@ -2472,7 +2484,9 @@ export class SalaryPeriodEmployeeController extends Controller {
body: {
titleRecommend: string;
},
@Request() request: RequestWithUser
) {
await new permission().PermissionUpdate(request, "SYS_WAGE");
const salaryPeriod = await this.salaryPeriodRepository.findOne({
where: { id: periodId },
relations: ["salaryOrgEmployees"],
@ -2507,7 +2521,9 @@ export class SalaryPeriodEmployeeController extends Controller {
body: {
titleRecommend: string;
},
@Request() request: RequestWithUser
) {
await new permission().PermissionUpdate(request, "SYS_WAGE");
const salaryPeriod = await this.salaryPeriodRepository.findOne({
where: { id: periodId },
relations: ["salaryOrgEmployees"],

View file

@ -0,0 +1,58 @@
import {
Controller,
Request,
Get,
Post,
Put,
Delete,
Patch,
Route,
Security,
Tags,
Path,
} from "tsoa";
import axios from "axios";
import { RequestWithUser } from "../middlewares/user";
import CallAPI from "./call-api";
import HttpError from "./http-error";
import HttpStatus from "./http-status";
class CheckAuth {
public async Permission(req: RequestWithUser, system: string, action: string) {
await new CallAPI()
.GetData(req, "/org/permission")
.then((x) => {
let permission = false;
let role = x.roles.find((x: any) => x.authSysId == system);
if (!role) throw "ไม่มีสิทธิ์เข้าระบบ";
if (action.trim().toLocaleUpperCase() == "CREATE") permission = role.attrIsCreate;
if (action.trim().toLocaleUpperCase() == "DELETE") permission = role.attrIsDelete;
if (action.trim().toLocaleUpperCase() == "GET") permission = role.attrIsGet;
if (action.trim().toLocaleUpperCase() == "LIST") permission = role.attrIsList;
if (action.trim().toLocaleUpperCase() == "UPDATE") permission = role.attrIsUpdate;
if (role.attrOwnership == "OWNER") permission = true;
if (permission == false) throw "ไม่มีสิทธิ์ใช้งานระบบนี้";
return role.attrPrivilege;
})
.catch((x) => {
throw new HttpError(HttpStatus.FORBIDDEN, x);
});
}
public async PermissionCreate(req: RequestWithUser, system: string) {
this.Permission(req, system, "CREATE");
}
public async PermissionDelete(req: RequestWithUser, system: string) {
this.Permission(req, system, "DELETE");
}
public async PermissionGet(req: RequestWithUser, system: string) {
this.Permission(req, system, "GET");
}
public async PermissionList(req: RequestWithUser, system: string) {
this.Permission(req, system, "LIST");
}
public async PermissionUpdate(req: RequestWithUser, system: string) {
this.Permission(req, system, "UPDATE");
}
}
export default CheckAuth;

13
src/middlewares/user.ts Normal file
View file

@ -0,0 +1,13 @@
import type { Request } from "express";
export type RequestWithUser = Request & {
user: {
sub: string;
name: string;
given_name: string;
familiy_name: string;
preferred_username: string;
email: string;
role: string[];
};
};