From 1736f5043e54a0f11c15ac9beadf8b33c3439133 Mon Sep 17 00:00:00 2001 From: AdisakKanthawilang Date: Fri, 9 Aug 2024 14:17:24 +0700 Subject: [PATCH] role --- src/controllers/SalaryController.ts | 17 +++--- src/controllers/SalaryEmployeeController.ts | 14 +++-- .../SalaryFormulaEmployeeController.ts | 11 +++- src/controllers/SalaryPeriodController.ts | 32 +++++++--- .../SalaryPeriodEmployeeController.ts | 32 +++++++--- src/interfaces/permission.ts | 58 +++++++++++++++++++ src/middlewares/user.ts | 13 +++++ 7 files changed, 147 insertions(+), 30 deletions(-) create mode 100644 src/interfaces/permission.ts create mode 100644 src/middlewares/user.ts diff --git a/src/controllers/SalaryController.ts b/src/controllers/SalaryController.ts index 74bc80f..4c36e71 100644 --- a/src/controllers/SalaryController.ts +++ b/src/controllers/SalaryController.ts @@ -23,6 +23,8 @@ import HttpError from "../interfaces/http-error"; import HttpStatusCode from "../interfaces/http-status"; import { SalaryRanks } from "../entities/SalaryRanks"; import { randomUUID } from "crypto"; +import { RequestWithUser } from "../middlewares/user"; +import permission from "../interfaces/permission"; @Route("api/v1/salary") @Tags("Salary") @@ -50,10 +52,8 @@ export class SalaryController extends Controller { endDate: "datetime", //วันที่สิ้นสุดบังคับใช้ detail: "string", //คำอธิบาย }) - async create_salary( - @Body() requestBody: CreateSalary, - @Request() request: { user: Record }, - ) { + async create_salary(@Body() requestBody: CreateSalary, @Request() request: RequestWithUser) { + await new permission().PermissionCreate(request, "SYS_SALARY_CHART_OFFICER"); const salarys = Object.assign(new Salarys(), requestBody); if (!salarys) { throw new HttpError(HttpStatusCode.NOT_FOUND, "ไม่พบข้อมูล"); @@ -126,8 +126,9 @@ export class SalaryController extends Controller { async update_salary( @Path() id: string, @Body() requestBody: UpdateSalary, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionUpdate(request, "SYS_SALARY_CHART_OFFICER"); const chk_Salary = await this.salaryRepository.findOne({ where: { id: id }, }); @@ -206,7 +207,8 @@ export class SalaryController extends Controller { * @param {string} id Guid, *Id ผังเงินเดือน */ @Delete("{id}") - async delete_salary(@Path() id: string) { + async delete_salary(@Path() id: string, @Request() request: RequestWithUser) { + await new permission().PermissionDelete(request, "SYS_SALARY_CHART_OFFICER"); const chk_Salary = await this.salaryRepository.findOne({ where: { id: id }, }); @@ -327,8 +329,9 @@ export class SalaryController extends Controller { @Post("copy") async copySalary( @Body() body: { id: string }, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionCreate(request, "SYS_SALARY_CHART_OFFICER"); const salary = await this.salaryRepository.findOne({ relations: ["posLevel_", "posType_", "salaryRanks_"], where: { id: body.id }, diff --git a/src/controllers/SalaryEmployeeController.ts b/src/controllers/SalaryEmployeeController.ts index 71e6bd6..361e4f4 100644 --- a/src/controllers/SalaryEmployeeController.ts +++ b/src/controllers/SalaryEmployeeController.ts @@ -27,6 +27,8 @@ import { SalaryRankEmployee } from "../entities/SalaryRankEmployee"; import { randomUUID } from "crypto"; import { Salarys } from "../entities/Salarys"; import { SalaryFormulaEmployee } from "../entities/SalaryFormulaEmployee"; +import { RequestWithUser } from "../middlewares/user"; +import permission from "../interfaces/permission"; @Route("api/v1/salary/employee") @Tags("SalaryEmployee") @@ -68,8 +70,9 @@ export class SalaryEmployeeController extends Controller { }) async create_salary( @Body() requestBody: CreateSalaryEmployee, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionCreate(request, "SYS_WAGE_CHART_EMP"); const salarys = Object.assign(new SalaryEmployee(), requestBody); if (!salarys) { throw new HttpError(HttpStatusCode.NOT_FOUND, "ไม่พบข้อมูล"); @@ -110,8 +113,9 @@ export class SalaryEmployeeController extends Controller { async update_salary( @Path() id: string, @Body() requestBody: UpdateSalaryEmployee, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionUpdate(request, "SYS_WAGE_CHART_EMP"); const chk_Salary = await this.salaryEmployeeRepository.findOne({ where: { id: id }, }); @@ -161,7 +165,8 @@ export class SalaryEmployeeController extends Controller { * @param {string} id Guid, *Id ผังเงินเดือน */ @Delete("{id}") - async delete_salary(@Path() id: string) { + async delete_salary(@Path() id: string, @Request() request: RequestWithUser) { + await new permission().PermissionDelete(request, "SYS_WAGE_CHART_EMP"); const chk_Salary = await this.salaryEmployeeRepository.findOne({ where: { id: id }, }); @@ -267,8 +272,9 @@ export class SalaryEmployeeController extends Controller { @Post("copy") async copySalary( @Body() body: { id: string }, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionCreate(request, "SYS_WAGE_CHART_EMP"); const salary = await this.salaryEmployeeRepository.findOne({ relations: ["salaryRankEmployees_"], where: { id: body.id }, diff --git a/src/controllers/SalaryFormulaEmployeeController.ts b/src/controllers/SalaryFormulaEmployeeController.ts index 3ac3c6c..6ef1ce5 100644 --- a/src/controllers/SalaryFormulaEmployeeController.ts +++ b/src/controllers/SalaryFormulaEmployeeController.ts @@ -30,6 +30,8 @@ import { import { EmployeePosLevel } from "../entities/EmployeePosLevel"; import { EmployeePosType } from "../entities/EmployeePosType"; import { SalaryEmployee } from "../entities/SalaryEmployee"; +import { RequestWithUser } from "../middlewares/user"; +import permission from "../interfaces/permission"; @Route("api/v1/salary/formula") @Tags("SalaryFormula") @@ -54,8 +56,9 @@ export class SalaryFormulaEmployeeController extends Controller { async createFormula( @Body() requestBody: CreateSalaryFormulaEmployee, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionCreate(request, "SYS_WAGE_CHART_EMP"); const formula = Object.assign(new SalaryFormulaEmployee(), requestBody); const chkPosLevel = await this.employeePosLevelRepository.findOne({ @@ -114,8 +117,9 @@ export class SalaryFormulaEmployeeController extends Controller { async editFormula( @Path() id: string, @Body() requestBody: UpdateSalaryFormulaEmployee, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionUpdate(request, "SYS_WAGE_CHART_EMP"); const formula = await this.salaryFormulaEmployeeRepository.findOne({ where: { id } }); if (!formula) throw new HttpError(HttpStatusCode.NOT_FOUND, "ไม่พบข้อมูลหลักเกณฑ์นี้"); @@ -178,7 +182,8 @@ export class SalaryFormulaEmployeeController extends Controller { * @param {string} id Id หลักเกณฑ์ */ @Delete("{id}") - async deleteFormula(@Path() id: string) { + async deleteFormula(@Path() id: string, @Request() request: RequestWithUser) { + await new permission().PermissionDelete(request, "SYS_WAGE_CHART_EMP"); const delFormula = await this.salaryFormulaEmployeeRepository.findOne({ where: { id } }); if (!delFormula) throw new HttpError(HttpStatusCode.NOT_FOUND, "ไม่พบข้อมูลผังค่าจ้างนี้"); diff --git a/src/controllers/SalaryPeriodController.ts b/src/controllers/SalaryPeriodController.ts index 8d271b3..c94b965 100644 --- a/src/controllers/SalaryPeriodController.ts +++ b/src/controllers/SalaryPeriodController.ts @@ -29,6 +29,8 @@ import CallAPI from "../interfaces/call-api"; import { SalaryOrgEmployee } from "../entities/SalaryOrgEmployee"; import { SalaryProfileEmployee } from "../entities/SalaryProfileEmployee"; import { isNullOrUndefined } from "util"; +import { RequestWithUser } from "../middlewares/user"; +import permission from "../interfaces/permission"; @Route("api/v1/salary/period") @Tags("Salary") @@ -285,7 +287,8 @@ export class SalaryPeriodController extends Controller { * @param {string} id profile Id */ @Delete("profile/{id}") - async deleteSalaryProfile(@Path() id: string) { + async deleteSalaryProfile(@Path() id: string, @Request() req: RequestWithUser) { + await new permission().PermissionDelete(req, "SYS_SALARY_OFFICER"); const salaryProfile = await this.salaryProfileRepository.findOne({ relations: ["salaryOrg", "salaryOrg.salaryPeriod"], where: { id: id }, @@ -399,7 +402,8 @@ export class SalaryPeriodController extends Controller { * @param {string} amount ฐานเงินเดือน */ @Post("change/amount") - async changeAmount(@Body() body: { profileId: string; amount: number }) { + async changeAmount(@Body() body: { profileId: string; amount: number }, @Request() request: RequestWithUser) { + await new permission().PermissionCreate(request, "SYS_SALARY_OFFICER"); const salaryProfile = await this.salaryProfileRepository.findOne({ relations: ["salaryOrg", "salaryOrg.salaryPeriod"], where: { id: body.profileId }, @@ -675,7 +679,8 @@ export class SalaryPeriodController extends Controller { * @param {string} groupId groupId */ @Post("change/group") - async changeGroup(@Body() body: { profileId: string; groupId: string }) { + async changeGroup(@Body() body: { profileId: string; groupId: string } ,@Request() req: RequestWithUser) { + await new permission().PermissionCreate(req, "SYS_SALARY_OFFICER"); const salaryProfile = await this.salaryProfileRepository.findOne({ // relations: ["salaryOrg", "salaryOrg.salaryPeriod"], where: { id: body.profileId }, @@ -797,7 +802,9 @@ export class SalaryPeriodController extends Controller { @Post("change/type") async changeType( @Body() body: { profileId: string; type: string; isReserve: boolean; remark?: string | null }, + @Request() req: RequestWithUser ) { + await new permission().PermissionCreate(req, "SYS_SALARY_OFFICER"); const salaryProfile = await this.salaryProfileRepository.findOne({ relations: ["salaryOrg", "salaryOrg.salaryPeriod"], where: { id: body.profileId }, @@ -1195,8 +1202,9 @@ export class SalaryPeriodController extends Controller { isAbsent: any; isLeave: any; }, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionUpdate(request, "SYS_SALARY_OFFICER"); const salaryProfile = await this.salaryProfileRepository.findOne({ where: { id: id, @@ -1225,8 +1233,9 @@ export class SalaryPeriodController extends Controller { @Post("org/profile") async addSalaryProfile( @Body() requestBody: CreateSalaryProfile, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionCreate(request, "SYS_SALARY_OFFICER"); const salaryOrg = await this.salaryOrgRepository.findOne({ relations: ["salaryPeriod", "salaryProfiles"], where: { @@ -1558,8 +1567,9 @@ export class SalaryPeriodController extends Controller { @Post() async create_salary_period( @Body() requestBody: CreateSalaryPeriod, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionCreate(request, "SYS_SALARY_ROUND"); const salaryPeriod = Object.assign(new SalaryPeriod(), requestBody); const chk_toUpper = ["SPECIAL", "APR", "OCT"]; @@ -1663,8 +1673,9 @@ export class SalaryPeriodController extends Controller { async update_salary_period( @Path() id: string, @Body() requestBody: UpdateSalaryPeriod, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionUpdate(request, "SYS_SALARY_ROUND"); const chk_SalaryPeriod = await this.salaryPeriodRepository.findOne({ where: { id: id }, }); @@ -1770,7 +1781,8 @@ export class SalaryPeriodController extends Controller { * @param {string} id Guid, *Id รอบเงินเดือน */ @Delete("{id}") - async delete_salary_period(@Path() id: string) { + async delete_salary_period(@Path() id: string, @Request() request: RequestWithUser) { + await new permission().PermissionDelete(request, "SYS_SALARY_ROUND"); const SalaryPeriod = await this.salaryPeriodRepository.findOne({ where: { id: id }, }); @@ -2965,7 +2977,9 @@ export class SalaryPeriodController extends Controller { body: { titleRecommend: string; }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionUpdate(request, "SYS_SALARY_OFFICER"); const salaryPeriod = await this.salaryPeriodRepository.findOne({ where: { id: periodId }, relations: ["salaryOrgs"], @@ -2994,6 +3008,7 @@ export class SalaryPeriodController extends Controller { */ @Put("head/comment/{periodId}/{rootId}") async WaitHeadApprove( + @Request() request: RequestWithUser, @Path() periodId: string, rootId: string, @Body() @@ -3001,6 +3016,7 @@ export class SalaryPeriodController extends Controller { titleRecommend: string; }, ) { + await new permission().PermissionUpdate(request, "SYS_SALARY_ROUND"); const salaryPeriod = await this.salaryPeriodRepository.findOne({ where: { id: periodId }, relations: ["salaryOrgs"], diff --git a/src/controllers/SalaryPeriodEmployeeController.ts b/src/controllers/SalaryPeriodEmployeeController.ts index 09bf39e..9ce822a 100644 --- a/src/controllers/SalaryPeriodEmployeeController.ts +++ b/src/controllers/SalaryPeriodEmployeeController.ts @@ -30,6 +30,8 @@ import { EmployeePosLevel } from "../entities/EmployeePosLevel"; import { SalaryEmployee } from "../entities/SalaryEmployee"; import { SalaryRankEmployee } from "../entities/SalaryRankEmployee"; import { SalaryFormulaEmployee } from "../entities/SalaryFormulaEmployee"; +import { RequestWithUser } from "../middlewares/user"; +import permission from "../interfaces/permission"; @Route("api/v1/salary/period-employee") @Tags("SalaryEmployee") @@ -246,7 +248,8 @@ export class SalaryPeriodEmployeeController extends Controller { * @param {string} id profile Id */ @Delete("profile/{id}") - async deleteSalaryProfile(@Path() id: string) { + async deleteSalaryProfile(@Path() id: string, @Request() request: RequestWithUser) { + await new permission().PermissionDelete(request, "SYS_WAGE"); const salaryProfile = await this.salaryProfileRepository.findOne({ relations: ["salaryOrg", "salaryOrg.salaryPeriod"], where: { id: id }, @@ -360,7 +363,8 @@ export class SalaryPeriodEmployeeController extends Controller { * @param {string} amount ฐานเงินเดือน */ @Post("change/amount") - async changeAmount(@Body() body: { profileId: string; amount: number }) { + async changeAmount(@Body() body: { profileId: string; amount: number }, @Request() req: RequestWithUser) { + await new permission().PermissionCreate(req, "SYS_WAGE"); const salaryProfile = await this.salaryProfileRepository.findOne({ relations: ["salaryOrg", "salaryOrg.salaryPeriod"], where: { id: body.profileId }, @@ -809,7 +813,8 @@ export class SalaryPeriodEmployeeController extends Controller { * @param {string} groupId groupId */ @Post("change/group") - async changeGroup(@Body() body: { profileId: string; groupId: string }) { + async changeGroup(@Body() body: { profileId: string; groupId: string }, @Request() req: RequestWithUser) { + await new permission().PermissionCreate(req, "SYS_WAGE"); const salaryProfile = await this.salaryProfileRepository.findOne({ // relations: ["salaryOrg", "salaryOrg.salaryPeriod"], where: { id: body.profileId }, @@ -931,7 +936,9 @@ export class SalaryPeriodEmployeeController extends Controller { @Post("change/type") async changeType( @Body() body: { profileId: string; type: string; isReserve: boolean; remark?: string | null }, + @Request() req: RequestWithUser ) { + await new permission().PermissionCreate(req, "SYS_WAGE"); const salaryProfile = await this.salaryProfileRepository.findOne({ relations: ["salaryOrg", "salaryOrg.salaryPeriod"], where: { id: body.profileId }, @@ -1557,8 +1564,9 @@ export class SalaryPeriodEmployeeController extends Controller { isAbsent: any; isLeave: any; }, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionUpdate(request, "SYS_WAGE"); const salaryProfile = await this.salaryProfileRepository.findOne({ where: { id: id, @@ -1587,8 +1595,9 @@ export class SalaryPeriodEmployeeController extends Controller { @Post("org/profile") async addSalaryProfile( @Body() requestBody: CreateSalaryProfileEmployee, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionCreate(request, "SYS_WAGE"); const salaryOrg = await this.salaryOrgRepository.findOne({ relations: ["salaryPeriod", "salaryProfiles"], where: { @@ -2095,8 +2104,9 @@ export class SalaryPeriodEmployeeController extends Controller { @Post() async create_salary_period( @Body() requestBody: CreateSalaryPeriod, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionCreate(request, "SYS_WAGE"); const salaryPeriod = Object.assign(new SalaryPeriod(), requestBody); const chk_toUpper = ["SPECIAL", "APR", "OCT"]; @@ -2173,8 +2183,9 @@ export class SalaryPeriodEmployeeController extends Controller { async update_salary_period( @Path() id: string, @Body() requestBody: UpdateSalaryPeriod, - @Request() request: { user: Record }, + @Request() request: RequestWithUser, ) { + await new permission().PermissionUpdate(request, "SYS_WAGE"); const chk_SalaryPeriod = await this.salaryPeriodRepository.findOne({ where: { id: id }, }); @@ -2252,7 +2263,8 @@ export class SalaryPeriodEmployeeController extends Controller { * @param {string} id Guid, *Id รอบเงินเดือน */ @Delete("{id}") - async delete_salary_period(@Path() id: string) { + async delete_salary_period(@Path() id: string, @Request() request: RequestWithUser) { + await new permission().PermissionDelete(request, "SYS_WAGE"); const SalaryPeriod = await this.salaryPeriodRepository.findOne({ where: { id: id }, }); @@ -2472,7 +2484,9 @@ export class SalaryPeriodEmployeeController extends Controller { body: { titleRecommend: string; }, + @Request() request: RequestWithUser ) { + await new permission().PermissionUpdate(request, "SYS_WAGE"); const salaryPeriod = await this.salaryPeriodRepository.findOne({ where: { id: periodId }, relations: ["salaryOrgEmployees"], @@ -2507,7 +2521,9 @@ export class SalaryPeriodEmployeeController extends Controller { body: { titleRecommend: string; }, + @Request() request: RequestWithUser ) { + await new permission().PermissionUpdate(request, "SYS_WAGE"); const salaryPeriod = await this.salaryPeriodRepository.findOne({ where: { id: periodId }, relations: ["salaryOrgEmployees"], diff --git a/src/interfaces/permission.ts b/src/interfaces/permission.ts new file mode 100644 index 0000000..74bb1de --- /dev/null +++ b/src/interfaces/permission.ts @@ -0,0 +1,58 @@ +import { + Controller, + Request, + Get, + Post, + Put, + Delete, + Patch, + Route, + Security, + Tags, + Path, +} from "tsoa"; +import axios from "axios"; +import { RequestWithUser } from "../middlewares/user"; +import CallAPI from "./call-api"; +import HttpError from "./http-error"; +import HttpStatus from "./http-status"; + +class CheckAuth { + public async Permission(req: RequestWithUser, system: string, action: string) { + await new CallAPI() + .GetData(req, "/org/permission") + .then((x) => { + let permission = false; + let role = x.roles.find((x: any) => x.authSysId == system); + if (!role) throw "ไม่มีสิทธิ์เข้าระบบ"; + if (action.trim().toLocaleUpperCase() == "CREATE") permission = role.attrIsCreate; + if (action.trim().toLocaleUpperCase() == "DELETE") permission = role.attrIsDelete; + if (action.trim().toLocaleUpperCase() == "GET") permission = role.attrIsGet; + if (action.trim().toLocaleUpperCase() == "LIST") permission = role.attrIsList; + if (action.trim().toLocaleUpperCase() == "UPDATE") permission = role.attrIsUpdate; + if (role.attrOwnership == "OWNER") permission = true; + if (permission == false) throw "ไม่มีสิทธิ์ใช้งานระบบนี้"; + return role.attrPrivilege; + }) + .catch((x) => { + throw new HttpError(HttpStatus.FORBIDDEN, x); + }); + } + public async PermissionCreate(req: RequestWithUser, system: string) { + this.Permission(req, system, "CREATE"); + } + public async PermissionDelete(req: RequestWithUser, system: string) { + this.Permission(req, system, "DELETE"); + } + public async PermissionGet(req: RequestWithUser, system: string) { + this.Permission(req, system, "GET"); + } + public async PermissionList(req: RequestWithUser, system: string) { + this.Permission(req, system, "LIST"); + } + public async PermissionUpdate(req: RequestWithUser, system: string) { + this.Permission(req, system, "UPDATE"); + } +} + +export default CheckAuth; diff --git a/src/middlewares/user.ts b/src/middlewares/user.ts new file mode 100644 index 0000000..a35cdc4 --- /dev/null +++ b/src/middlewares/user.ts @@ -0,0 +1,13 @@ +import type { Request } from "express"; + +export type RequestWithUser = Request & { + user: { + sub: string; + name: string; + given_name: string; + familiy_name: string; + preferred_username: string; + email: string; + role: string[]; + }; +};