hrms-bangkok/hrms-api-salary
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

no message

Browse source
This commit is contained in:
kittapath 2024-08-22 17:23:48 +07:00
parent 927d9563f6
commit ce8bb41bda
7 changed files with 238 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/controllers/SalaryController.ts
View file

@ -247,7 +247,8 @@ export class SalaryController extends Controller {
endDate: "datetime", //วันที่สิ้นสุดบังคับใช้
detail: "string", //คำอธิบาย
})
async GetSalaryById(@Path() id: string) {
async GetSalaryById(@Request() request: RequestWithUser, @Path() id: string) {
await new permission().PermissionGet(request, "SYS_SALARY_CHART_OFFICER");
const salary = await this.salaryRepository.findOne({
relations: ["posType_", "posLevel_"],
where: { id: id },
@ -280,10 +281,12 @@ export class SalaryController extends Controller {
*/
@Get()
async listSalary(
@Request() request: RequestWithUser,
@Query("page") page: number = 1,
@Query("pageSize") pageSize: number = 10,
@Query("keyword") keyword?: string,
) {
await new permission().PermissionList(request, "SYS_SALARY_CHART_OFFICER");
const [salary, total] = await AppDataSource.getRepository(Salarys)
.createQueryBuilder("salary")
.leftJoinAndSelect("salary.posType_", "posType_")
@ -327,10 +330,7 @@ export class SalaryController extends Controller {
*
*/
@Post("copy")
async copySalary(
@Body() body: { id: string },
@Request() request: RequestWithUser,
) {
async copySalary(@Body() body: { id: string }, @Request() request: RequestWithUser) {
await new permission().PermissionCreate(request, "SYS_SALARY_CHART_OFFICER");
const salary = await this.salaryRepository.findOne({
relations: ["posLevel_", "posType_", "salaryRanks_"],

13
src/controllers/SalaryEmployeeController.ts
View file

@ -183,7 +183,7 @@ export class SalaryEmployeeController extends Controller {
const chk_SalaryFormulaEmp = await this.salaryFormulaEmployeeRepository.find({
where: { salaryEmployeeId: id },
});
if(chk_SalaryFormulaEmp.length > 0){
if (chk_SalaryFormulaEmp.length > 0) {
throw new HttpError(
HttpStatusCode.NOT_FOUND,
"ไม่สามารถลบรายการนี้ได้เนื่องจากมีการใช้งานอยู่",
@ -213,7 +213,9 @@ export class SalaryEmployeeController extends Controller {
endDate: "datetime", //วันที่สิ้นสุดบังคับใช้
detail: "string", //คำอธิบาย
})
async GetSalaryById(@Path() id: string) {
async GetSalaryById(
@Request() request: RequestWithUser,@Path() id: string) {
await new permission().PermissionGet(request, "SYS_WAGE_CHART_EMP");
const salary = await this.salaryEmployeeRepository.findOne({
where: { id: id },
select: ["name", "group", "isActive", "date", "startDate", "endDate", "details"],
@ -231,10 +233,12 @@ export class SalaryEmployeeController extends Controller {
*/
@Get()
async listSalary(
@Request() request: RequestWithUser,
@Query("page") page: number = 1,
@Query("pageSize") pageSize: number = 10,
@Query("keyword") keyword?: string,
) {
await new permission().PermissionList(request, "SYS_WAGE_CHART_EMP");
const [salaryEmployee, total] = await AppDataSource.getRepository(SalaryEmployee)
.createQueryBuilder("salaryEmployee")
.andWhere(
@ -270,10 +274,7 @@ export class SalaryEmployeeController extends Controller {
*
*/
@Post("copy")
async copySalary(
@Body() body: { id: string },
@Request() request: RequestWithUser,
) {
async copySalary(@Body() body: { id: string }, @Request() request: RequestWithUser) {
await new permission().PermissionCreate(request, "SYS_WAGE_CHART_EMP");
const salary = await this.salaryEmployeeRepository.findOne({
relations: ["salaryRankEmployees_"],

20
src/controllers/SalaryPeriodController.ts
View file

@ -402,8 +402,11 @@ export class SalaryPeriodController extends Controller {
* @param {string} amount
*/
@Post("change/amount")
async changeAmount(@Body() body: { profileId: string; amount: number }, @Request() request: RequestWithUser) {
await new permission().PermissionCreate(request, "SYS_SALARY_OFFICER");
async changeAmount(
@Body() body: { profileId: string; amount: number },
@Request() request: RequestWithUser,
) {
await new permission().PermissionCreate(request, "SYS_SALARY_OFFICER");
const salaryProfile = await this.salaryProfileRepository.findOne({
relations: ["salaryOrg", "salaryOrg.salaryPeriod"],
where: { id: body.profileId },
@ -679,8 +682,11 @@ export class SalaryPeriodController extends Controller {
* @param {string} groupId groupId
*/
@Post("change/group")
async changeGroup(@Body() body: { profileId: string; groupId: string } ,@Request() req: RequestWithUser) {
await new permission().PermissionCreate(req, "SYS_SALARY_OFFICER");
async changeGroup(
@Body() body: { profileId: string; groupId: string },
@Request() req: RequestWithUser,
) {
await new permission().PermissionCreate(req, "SYS_SALARY_OFFICER");
const salaryProfile = await this.salaryProfileRepository.findOne({
// relations: ["salaryOrg", "salaryOrg.salaryPeriod"],
where: { id: body.profileId },
@ -802,7 +808,7 @@ export class SalaryPeriodController extends Controller {
@Post("change/type")
async changeType(
@Body() body: { profileId: string; type: string; isReserve: boolean; remark?: string | null },
@Request() req: RequestWithUser
@Request() req: RequestWithUser,
) {
await new permission().PermissionCreate(req, "SYS_SALARY_OFFICER");
const salaryProfile = await this.salaryProfileRepository.findOne({
@ -1114,6 +1120,7 @@ export class SalaryPeriodController extends Controller {
*/
@Put("org/{id}")
async GetListsSalaryProfile(
@Request() request: RequestWithUser,
@Path() id: string,
@Body()
body: {
@ -1124,6 +1131,7 @@ export class SalaryPeriodController extends Controller {
isRetire?: string | null;
},
) {
await new permission().PermissionList(request, "SYS_SALARY_OFFICER");
const salaryOrg = await this.salaryOrgRepository.findOne({
where: {
id: id,
@ -1915,11 +1923,13 @@ export class SalaryPeriodController extends Controller {
*/
@Get()
async GetListsSalaryPeriod(
@Request() request: RequestWithUser,
@Query("page") page: number = 1,
@Query("pageSize") pageSize: number = 10,
@Query("keyword") keyword?: string,
@Query("year") year: number = 2024,
) {
await new permission().PermissionList(request, "SYS_SALARY_ROUND");
const [salaryPeriod, total] = await AppDataSource.getRepository(SalaryPeriod)
.createQueryBuilder("salaryPeriod")
.andWhere(year != 0 ? "salaryPeriod.year LIKE :year" : "1=1", { year: `${year}` })

18
src/controllers/SalaryPeriodEmployeeController.ts
View file

@ -363,7 +363,10 @@ export class SalaryPeriodEmployeeController extends Controller {
* @param {string} amount
*/
@Post("change/amount")
async changeAmount(@Body() body: { profileId: string; amount: number }, @Request() req: RequestWithUser) {
async changeAmount(
@Body() body: { profileId: string; amount: number },
@Request() req: RequestWithUser,
) {
await new permission().PermissionCreate(req, "SYS_WAGE");
const salaryProfile = await this.salaryProfileRepository.findOne({
relations: ["salaryOrg", "salaryOrg.salaryPeriod"],
@ -813,7 +816,10 @@ export class SalaryPeriodEmployeeController extends Controller {
* @param {string} groupId groupId
*/
@Post("change/group")
async changeGroup(@Body() body: { profileId: string; groupId: string }, @Request() req: RequestWithUser) {
async changeGroup(
@Body() body: { profileId: string; groupId: string },
@Request() req: RequestWithUser,
) {
await new permission().PermissionCreate(req, "SYS_WAGE");
const salaryProfile = await this.salaryProfileRepository.findOne({
// relations: ["salaryOrg", "salaryOrg.salaryPeriod"],
@ -936,7 +942,7 @@ export class SalaryPeriodEmployeeController extends Controller {
@Post("change/type")
async changeType(
@Body() body: { profileId: string; type: string; isReserve: boolean; remark?: string | null },
@Request() req: RequestWithUser
@Request() req: RequestWithUser,
) {
await new permission().PermissionCreate(req, "SYS_WAGE");
const salaryProfile = await this.salaryProfileRepository.findOne({
@ -1423,6 +1429,7 @@ export class SalaryPeriodEmployeeController extends Controller {
*/
@Put("org/{id}")
async GetListsSalaryProfile(
@Request() request: RequestWithUser,
@Path() id: string,
@Body()
body: {
@ -1433,6 +1440,7 @@ export class SalaryPeriodEmployeeController extends Controller {
isRetire?: string | null;
},
) {
await new permission().PermissionList(request, "SYS_WAGE");
const salaryOrg = await this.salaryOrgRepository.findOne({
where: {
id: id,
@ -2484,7 +2492,7 @@ export class SalaryPeriodEmployeeController extends Controller {
body: {
titleRecommend: string;
},
@Request() request: RequestWithUser
@Request() request: RequestWithUser,
) {
await new permission().PermissionUpdate(request, "SYS_WAGE");
const salaryPeriod = await this.salaryPeriodRepository.findOne({
@ -2521,7 +2529,7 @@ export class SalaryPeriodEmployeeController extends Controller {
body: {
titleRecommend: string;
},
@Request() request: RequestWithUser
@Request() request: RequestWithUser,
) {
await new permission().PermissionUpdate(request, "SYS_WAGE");
const salaryPeriod = await this.salaryPeriodRepository.findOne({

13
src/controllers/SalaryRankController.ts
View file

@ -21,6 +21,8 @@ import HttpStatusCode from "../interfaces/http-status";
import HttpError from "../interfaces/http-error";
import { CreateSalaryRank, SalaryRanks, UpdateSalaryRank } from "../entities/SalaryRanks";
import { Salarys } from "../entities/Salarys";
import permission from "../interfaces/permission";
import { RequestWithUser } from "../middlewares/user";
@Route("api/v1/salary/rate")
@Tags("SalaryRank")
@Security("bearerAuth")
@ -41,10 +43,11 @@ export class SalaryRanksController extends Controller {
*/
@Post()
async CreateSalaryRank(
@Request() request: RequestWithUser,
@Body()
requestBody: CreateSalaryRank,
@Request() request: { user: Record<string, any> },
) {
await new permission().PermissionCreate(request, "SYS_SALARY_CHART_OFFICER");
try {
const checkSalary = await this.salaryRepository.findOne({
where: { id: requestBody.salaryId },
@ -73,11 +76,12 @@ export class SalaryRanksController extends Controller {
*/
@Put("{id}")
async updateSalaryRanks(
@Request() request: RequestWithUser,
@Path() id: string,
@Body()
requestBody: UpdateSalaryRank,
@Request() request: { user: Record<string, any> },
) {
await new permission().PermissionUpdate(request, "SYS_SALARY_CHART_OFFICER");
const salaryRank = await this.salaryRankRepository.findOne({ where: { id: id } });
if (!salaryRank) {
throw new HttpError(HttpStatusCode.NOT_FOUND, "ไม่พบข้อมูลระดับผังเงินเดือนนี้");
@ -97,7 +101,8 @@ export class SalaryRanksController extends Controller {
* @param {string} id Id
*/
@Delete("{id}")
async deleteSalaryRanks(@Path() id: string) {
async deleteSalaryRanks(@Request() request: RequestWithUser, @Path() id: string) {
await new permission().PermissionDelete(request, "SYS_SALARY_CHART_OFFICER");
const delSalaryRanks = await this.salaryRankRepository.findOne({
where: { id },
});
@ -117,11 +122,13 @@ export class SalaryRanksController extends Controller {
*/
@Get("{id}")
async listSalaryRanks(
@Request() request: RequestWithUser,
@Path() id: string,
@Query("page") page: number = 1,
@Query("pageSize") pageSize: number = 10,
@Query("keyword") keyword?: string,
) {
await new permission().PermissionGet(request, "SYS_SALARY_CHART_OFFICER");
const [salaryRank, total] = await AppDataSource.getRepository(SalaryRanks)
.createQueryBuilder("salaryRank")
.andWhere(

13
src/controllers/SalaryRankEmployeeController.ts
View file

@ -25,6 +25,8 @@ import {
UpdateSalaryRankEmployee,
} from "../entities/SalaryRankEmployee";
import { SalaryEmployee } from "../entities/SalaryEmployee";
import permission from "../interfaces/permission";
import { RequestWithUser } from "../middlewares/user";
@Route("api/v1/salary/rate/employee")
@Tags("SalaryRankEmployee")
@Security("bearerAuth")
@ -44,10 +46,11 @@ export class SalaryRankEmployeeController extends Controller {
*/
@Post()
async CreateSalaryRankEmployee(
@Request() request: RequestWithUser,
@Body()
requestBody: CreateSalaryRankEmployee,
@Request() request: { user: Record<string, any> },
) {
await new permission().PermissionCreate(request, "SYS_WAGE_CHART_EMP");
try {
const checkSalary = await this.salaryEmployeeRepository.findOne({
where: { id: requestBody.salaryEmployeeId },
@ -84,11 +87,12 @@ export class SalaryRankEmployeeController extends Controller {
*/
@Put("{id}")
async updateSalaryRankEmployees(
@Request() request: RequestWithUser,
@Path() id: string,
@Body()
requestBody: UpdateSalaryRankEmployee,
@Request() request: { user: Record<string, any> },
) {
await new permission().PermissionUpdate(request, "SYS_WAGE_CHART_EMP");
const salaryRankEmployee = await this.salaryRankEmployeeRepository.findOne({
where: { id: id },
});
@ -119,7 +123,8 @@ export class SalaryRankEmployeeController extends Controller {
* @param {string} id Id
*/
@Delete("{id}")
async deleteSalaryRankEmployees(@Path() id: string) {
async deleteSalaryRankEmployees(@Request() request: RequestWithUser, @Path() id: string) {
await new permission().PermissionDelete(request, "SYS_WAGE_CHART_EMP");
const delSalaryRankEmployees = await this.salaryRankEmployeeRepository.findOne({
where: { id },
});
@ -138,11 +143,13 @@ export class SalaryRankEmployeeController extends Controller {
*/
@Get("{id}")
async listSalaryRankEmployees(
@Request() request: RequestWithUser,
@Path() id: string,
@Query("page") page: number = 1,
@Query("pageSize") pageSize: number = 10,
@Query("keyword") keyword?: string,
) {
await new permission().PermissionGet(request, "SYS_WAGE_CHART_EMP");
const [salaryRankEmployee, total] = await AppDataSource.getRepository(SalaryRankEmployee)
.createQueryBuilder("salaryRankEmployee")
.andWhere(

194
src/interfaces/permission.ts
View file

@ -1,16 +1,3 @@
import {
Controller,
Request,
Get,
Post,
Put,
Delete,
Patch,
Route,
Security,
Tags,
Path,
} from "tsoa";
import axios from "axios";
import { RequestWithUser } from "../middlewares/user";
import CallAPI from "./call-api";
@ -26,23 +13,166 @@ class CheckAuth {
) {
return null;
}
await new CallAPI()
return await new CallAPI()
.GetData(req, "/org/permission")
.then((x) => {
let permission = false;
let role = x.roles.find((x: any) => x.authSysId == system);
if (!role) throw "ไม่มีสิทธิ์เข้าระบบ";
if (role.attrOwnership == "OWNER") return "OWNER";
if (action.trim().toLocaleUpperCase() == "CREATE") permission = role.attrIsCreate;
if (action.trim().toLocaleUpperCase() == "DELETE") permission = role.attrIsDelete;
if (action.trim().toLocaleUpperCase() == "GET") permission = role.attrIsGet;
if (action.trim().toLocaleUpperCase() == "LIST") permission = role.attrIsList;
if (action.trim().toLocaleUpperCase() == "UPDATE") permission = role.attrIsUpdate;
if (role.attrOwnership == "OWNER") permission = true;
if (permission == false) throw "ไม่มีสิทธิ์ใช้งานระบบนี้";
return role.attrPrivilege;
})
.catch((x) => {
throw new HttpError(HttpStatus.FORBIDDEN, x);
if (x.status != undefined) {
throw new HttpError(x.status, x.message);
} else {
throw new HttpError(HttpStatus.FORBIDDEN, x);
}
});
}
public async PermissionOrg(req: RequestWithUser, system: string, action: string) {
if (
req.headers.hasOwnProperty("api_key") &&
req.headers["api_key"] &&
req.headers["api_key"] == process.env.API_KEY
) {
return null;
}
return await new CallAPI()
.GetData(req, "/org/permission/org")
.then(async (x) => {
let privilege = null;
if (action.trim().toLocaleUpperCase() == "CREATE")
privilege = await this.PermissionCreate(req, system);
if (action.trim().toLocaleUpperCase() == "DELETE")
privilege = await this.PermissionDelete(req, system);
if (action.trim().toLocaleUpperCase() == "GET")
privilege = await this.PermissionGet(req, system);
if (action.trim().toLocaleUpperCase() == "LIST")
privilege = await this.PermissionList(req, system);
if (action.trim().toLocaleUpperCase() == "UPDATE")
privilege = await this.PermissionUpdate(req, system);
let data: any = {
root: [null],
child1: [null],
child2: [null],
child3: [null],
child4: [null],
};
let node = 4;
if (x.orgChild1Id == null) {
node = 0;
} else if (x.orgChild2Id == null) {
node = 1;
} else if (x.orgChild3Id == null) {
node = 2;
} else if (x.orgChild4Id == null) {
node = 3;
}
if (privilege == "ROOT") {
data = {
root: [x.orgRootId],
child1: null,
child2: null,
child3: null,
child4: null,
};
} else if (privilege == "CHILD") {
data = {
root: node >= 0 ? [x.orgRootId] : null,
child1: node >= 1 ? [x.orgChild1Id] : null,
child2: node >= 2 ? [x.orgChild2Id] : null,
child3: node >= 3 ? [x.orgChild3Id] : null,
child4: node >= 4 ? [x.orgChild4Id] : null,
};
} else if (privilege == "NORMAL") {
data = {
root: [x.orgRootId],
child1: [x.orgChild1Id],
child2: [x.orgChild2Id],
child3: [x.orgChild3Id],
child4: [x.orgChild4Id],
};
} else if (privilege == "SPECIFIC") {
} else if (privilege == "OWNER") {
data = {
root: null,
child1: null,
child2: null,
child3: null,
child4: null,
};
}
return data;
})
.catch((x) => {
if (x.status != undefined) {
throw new HttpError(x.status, x.message);
} else {
throw new HttpError(HttpStatus.FORBIDDEN, x);
}
});
}
public async PermissionOrgByUser(
req: RequestWithUser,
system: string,
action: string,
profileId: string,
) {
if (
req.headers.hasOwnProperty("api_key") &&
req.headers["api_key"] &&
req.headers["api_key"] == process.env.API_KEY
) {
return true;
}
return await new CallAPI()
.GetData(req, `/org/permission/user/${profileId}`)
.then(async (x) => {
let org = {
root: [null],
child1: [null],
child2: [null],
child3: [null],
child4: [null],
};
if (action.trim().toLocaleUpperCase() == "CREATE")
org = await this.PermissionOrgCreate(req, system);
if (action.trim().toLocaleUpperCase() == "DELETE")
org = await this.PermissionOrgDelete(req, system);
if (action.trim().toLocaleUpperCase() == "GET")
org = await this.PermissionOrgGet(req, system);
if (action.trim().toLocaleUpperCase() == "LIST")
org = await this.PermissionOrgList(req, system);
if (action.trim().toLocaleUpperCase() == "UPDATE")
org = await this.PermissionOrgUpdate(req, system);
if (org.root != null) if (x.orgRootId != org.root[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล";
if (org.child1 != null)
if (x.orgChild1Id != org.child1[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล";
if (org.child2 != null)
if (x.orgChild2Id != org.child2[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล";
if (org.child3 != null)
if (x.orgChild3Id != org.child3[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล";
if (org.child4 != null)
if (x.orgChild4Id != org.child4[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล";
return true;
})
.catch((x) => {
if (x.status != undefined) {
throw new HttpError(x.status, x.message);
} else {
throw new HttpError(HttpStatus.FORBIDDEN, x);
}
});
}
public async PermissionCreate(req: RequestWithUser, system: string) {
@ -60,6 +190,38 @@ class CheckAuth {
public async PermissionUpdate(req: RequestWithUser, system: string) {
return await this.Permission(req, system, "UPDATE");
}
public async PermissionOrgCreate(req: RequestWithUser, system: string) {
return await this.PermissionOrg(req, system, "CREATE");
}
public async PermissionOrgDelete(req: RequestWithUser, system: string) {
return await this.PermissionOrg(req, system, "DELETE");
}
public async PermissionOrgGet(req: RequestWithUser, system: string) {
return await this.PermissionOrg(req, system, "GET");
}
public async PermissionOrgList(req: RequestWithUser, system: string) {
return await this.PermissionOrg(req, system, "LIST");
}
public async PermissionOrgUpdate(req: RequestWithUser, system: string) {
return await this.PermissionOrg(req, system, "UPDATE");
}
public async PermissionOrgUserCreate(req: RequestWithUser, system: string, profileId: string) {
return await this.PermissionOrgByUser(req, system, "CREATE", profileId);
}
public async PermissionOrgUserDelete(req: RequestWithUser, system: string, profileId: string) {
return await this.PermissionOrgByUser(req, system, "DELETE", profileId);
}
public async PermissionOrgUserGet(req: RequestWithUser, system: string, profileId: string) {
return await this.PermissionOrgByUser(req, system, "GET", profileId);
}
public async PermissionOrgUserList(req: RequestWithUser, system: string, profileId: string) {
return await this.PermissionOrgByUser(req, system, "LIST", profileId);
}
public async PermissionOrgUserUpdate(req: RequestWithUser, system: string, profileId: string) {
return await this.PermissionOrgByUser(req, system, "UPDATE", profileId);
}
}
export default CheckAuth;