From ce8bb41bdaa3060848516ea72d9546baf3a5922f Mon Sep 17 00:00:00 2001 From: kittapath Date: Thu, 22 Aug 2024 17:23:48 +0700 Subject: [PATCH] no message --- src/controllers/SalaryController.ts | 10 +- src/controllers/SalaryEmployeeController.ts | 13 +- src/controllers/SalaryPeriodController.ts | 20 +- .../SalaryPeriodEmployeeController.ts | 18 +- src/controllers/SalaryRankController.ts | 13 +- .../SalaryRankEmployeeController.ts | 13 +- src/interfaces/permission.ts | 194 ++++++++++++++++-- 7 files changed, 238 insertions(+), 43 deletions(-) diff --git a/src/controllers/SalaryController.ts b/src/controllers/SalaryController.ts index 4c36e71..f94234a 100644 --- a/src/controllers/SalaryController.ts +++ b/src/controllers/SalaryController.ts @@ -247,7 +247,8 @@ export class SalaryController extends Controller { endDate: "datetime", //วันที่สิ้นสุดบังคับใช้ detail: "string", //คำอธิบาย }) - async GetSalaryById(@Path() id: string) { + async GetSalaryById(@Request() request: RequestWithUser, @Path() id: string) { + await new permission().PermissionGet(request, "SYS_SALARY_CHART_OFFICER"); const salary = await this.salaryRepository.findOne({ relations: ["posType_", "posLevel_"], where: { id: id }, @@ -280,10 +281,12 @@ export class SalaryController extends Controller { */ @Get() async listSalary( + @Request() request: RequestWithUser, @Query("page") page: number = 1, @Query("pageSize") pageSize: number = 10, @Query("keyword") keyword?: string, ) { + await new permission().PermissionList(request, "SYS_SALARY_CHART_OFFICER"); const [salary, total] = await AppDataSource.getRepository(Salarys) .createQueryBuilder("salary") .leftJoinAndSelect("salary.posType_", "posType_") @@ -327,10 +330,7 @@ export class SalaryController extends Controller { * */ @Post("copy") - async copySalary( - @Body() body: { id: string }, - @Request() request: RequestWithUser, - ) { + async copySalary(@Body() body: { id: string }, @Request() request: RequestWithUser) { await new permission().PermissionCreate(request, "SYS_SALARY_CHART_OFFICER"); const salary = await this.salaryRepository.findOne({ relations: ["posLevel_", "posType_", "salaryRanks_"], diff --git a/src/controllers/SalaryEmployeeController.ts b/src/controllers/SalaryEmployeeController.ts index 361e4f4..43a9fdb 100644 --- a/src/controllers/SalaryEmployeeController.ts +++ b/src/controllers/SalaryEmployeeController.ts @@ -183,7 +183,7 @@ export class SalaryEmployeeController extends Controller { const chk_SalaryFormulaEmp = await this.salaryFormulaEmployeeRepository.find({ where: { salaryEmployeeId: id }, }); - if(chk_SalaryFormulaEmp.length > 0){ + if (chk_SalaryFormulaEmp.length > 0) { throw new HttpError( HttpStatusCode.NOT_FOUND, "ไม่สามารถลบรายการนี้ได้เนื่องจากมีการใช้งานอยู่", @@ -213,7 +213,9 @@ export class SalaryEmployeeController extends Controller { endDate: "datetime", //วันที่สิ้นสุดบังคับใช้ detail: "string", //คำอธิบาย }) - async GetSalaryById(@Path() id: string) { + async GetSalaryById( + @Request() request: RequestWithUser,@Path() id: string) { + await new permission().PermissionGet(request, "SYS_WAGE_CHART_EMP"); const salary = await this.salaryEmployeeRepository.findOne({ where: { id: id }, select: ["name", "group", "isActive", "date", "startDate", "endDate", "details"], @@ -231,10 +233,12 @@ export class SalaryEmployeeController extends Controller { */ @Get() async listSalary( + @Request() request: RequestWithUser, @Query("page") page: number = 1, @Query("pageSize") pageSize: number = 10, @Query("keyword") keyword?: string, ) { + await new permission().PermissionList(request, "SYS_WAGE_CHART_EMP"); const [salaryEmployee, total] = await AppDataSource.getRepository(SalaryEmployee) .createQueryBuilder("salaryEmployee") .andWhere( @@ -270,10 +274,7 @@ export class SalaryEmployeeController extends Controller { * */ @Post("copy") - async copySalary( - @Body() body: { id: string }, - @Request() request: RequestWithUser, - ) { + async copySalary(@Body() body: { id: string }, @Request() request: RequestWithUser) { await new permission().PermissionCreate(request, "SYS_WAGE_CHART_EMP"); const salary = await this.salaryEmployeeRepository.findOne({ relations: ["salaryRankEmployees_"], diff --git a/src/controllers/SalaryPeriodController.ts b/src/controllers/SalaryPeriodController.ts index c94b965..0aa4061 100644 --- a/src/controllers/SalaryPeriodController.ts +++ b/src/controllers/SalaryPeriodController.ts @@ -402,8 +402,11 @@ export class SalaryPeriodController extends Controller { * @param {string} amount ฐานเงินเดือน */ @Post("change/amount") - async changeAmount(@Body() body: { profileId: string; amount: number }, @Request() request: RequestWithUser) { - await new permission().PermissionCreate(request, "SYS_SALARY_OFFICER"); + async changeAmount( + @Body() body: { profileId: string; amount: number }, + @Request() request: RequestWithUser, + ) { + await new permission().PermissionCreate(request, "SYS_SALARY_OFFICER"); const salaryProfile = await this.salaryProfileRepository.findOne({ relations: ["salaryOrg", "salaryOrg.salaryPeriod"], where: { id: body.profileId }, @@ -679,8 +682,11 @@ export class SalaryPeriodController extends Controller { * @param {string} groupId groupId */ @Post("change/group") - async changeGroup(@Body() body: { profileId: string; groupId: string } ,@Request() req: RequestWithUser) { - await new permission().PermissionCreate(req, "SYS_SALARY_OFFICER"); + async changeGroup( + @Body() body: { profileId: string; groupId: string }, + @Request() req: RequestWithUser, + ) { + await new permission().PermissionCreate(req, "SYS_SALARY_OFFICER"); const salaryProfile = await this.salaryProfileRepository.findOne({ // relations: ["salaryOrg", "salaryOrg.salaryPeriod"], where: { id: body.profileId }, @@ -802,7 +808,7 @@ export class SalaryPeriodController extends Controller { @Post("change/type") async changeType( @Body() body: { profileId: string; type: string; isReserve: boolean; remark?: string | null }, - @Request() req: RequestWithUser + @Request() req: RequestWithUser, ) { await new permission().PermissionCreate(req, "SYS_SALARY_OFFICER"); const salaryProfile = await this.salaryProfileRepository.findOne({ @@ -1114,6 +1120,7 @@ export class SalaryPeriodController extends Controller { */ @Put("org/{id}") async GetListsSalaryProfile( + @Request() request: RequestWithUser, @Path() id: string, @Body() body: { @@ -1124,6 +1131,7 @@ export class SalaryPeriodController extends Controller { isRetire?: string | null; }, ) { + await new permission().PermissionList(request, "SYS_SALARY_OFFICER"); const salaryOrg = await this.salaryOrgRepository.findOne({ where: { id: id, @@ -1915,11 +1923,13 @@ export class SalaryPeriodController extends Controller { */ @Get() async GetListsSalaryPeriod( + @Request() request: RequestWithUser, @Query("page") page: number = 1, @Query("pageSize") pageSize: number = 10, @Query("keyword") keyword?: string, @Query("year") year: number = 2024, ) { + await new permission().PermissionList(request, "SYS_SALARY_ROUND"); const [salaryPeriod, total] = await AppDataSource.getRepository(SalaryPeriod) .createQueryBuilder("salaryPeriod") .andWhere(year != 0 ? "salaryPeriod.year LIKE :year" : "1=1", { year: `${year}` }) diff --git a/src/controllers/SalaryPeriodEmployeeController.ts b/src/controllers/SalaryPeriodEmployeeController.ts index 9ce822a..8837444 100644 --- a/src/controllers/SalaryPeriodEmployeeController.ts +++ b/src/controllers/SalaryPeriodEmployeeController.ts @@ -363,7 +363,10 @@ export class SalaryPeriodEmployeeController extends Controller { * @param {string} amount ฐานเงินเดือน */ @Post("change/amount") - async changeAmount(@Body() body: { profileId: string; amount: number }, @Request() req: RequestWithUser) { + async changeAmount( + @Body() body: { profileId: string; amount: number }, + @Request() req: RequestWithUser, + ) { await new permission().PermissionCreate(req, "SYS_WAGE"); const salaryProfile = await this.salaryProfileRepository.findOne({ relations: ["salaryOrg", "salaryOrg.salaryPeriod"], @@ -813,7 +816,10 @@ export class SalaryPeriodEmployeeController extends Controller { * @param {string} groupId groupId */ @Post("change/group") - async changeGroup(@Body() body: { profileId: string; groupId: string }, @Request() req: RequestWithUser) { + async changeGroup( + @Body() body: { profileId: string; groupId: string }, + @Request() req: RequestWithUser, + ) { await new permission().PermissionCreate(req, "SYS_WAGE"); const salaryProfile = await this.salaryProfileRepository.findOne({ // relations: ["salaryOrg", "salaryOrg.salaryPeriod"], @@ -936,7 +942,7 @@ export class SalaryPeriodEmployeeController extends Controller { @Post("change/type") async changeType( @Body() body: { profileId: string; type: string; isReserve: boolean; remark?: string | null }, - @Request() req: RequestWithUser + @Request() req: RequestWithUser, ) { await new permission().PermissionCreate(req, "SYS_WAGE"); const salaryProfile = await this.salaryProfileRepository.findOne({ @@ -1423,6 +1429,7 @@ export class SalaryPeriodEmployeeController extends Controller { */ @Put("org/{id}") async GetListsSalaryProfile( + @Request() request: RequestWithUser, @Path() id: string, @Body() body: { @@ -1433,6 +1440,7 @@ export class SalaryPeriodEmployeeController extends Controller { isRetire?: string | null; }, ) { + await new permission().PermissionList(request, "SYS_WAGE"); const salaryOrg = await this.salaryOrgRepository.findOne({ where: { id: id, @@ -2484,7 +2492,7 @@ export class SalaryPeriodEmployeeController extends Controller { body: { titleRecommend: string; }, - @Request() request: RequestWithUser + @Request() request: RequestWithUser, ) { await new permission().PermissionUpdate(request, "SYS_WAGE"); const salaryPeriod = await this.salaryPeriodRepository.findOne({ @@ -2521,7 +2529,7 @@ export class SalaryPeriodEmployeeController extends Controller { body: { titleRecommend: string; }, - @Request() request: RequestWithUser + @Request() request: RequestWithUser, ) { await new permission().PermissionUpdate(request, "SYS_WAGE"); const salaryPeriod = await this.salaryPeriodRepository.findOne({ diff --git a/src/controllers/SalaryRankController.ts b/src/controllers/SalaryRankController.ts index 5ae8769..be303c3 100644 --- a/src/controllers/SalaryRankController.ts +++ b/src/controllers/SalaryRankController.ts @@ -21,6 +21,8 @@ import HttpStatusCode from "../interfaces/http-status"; import HttpError from "../interfaces/http-error"; import { CreateSalaryRank, SalaryRanks, UpdateSalaryRank } from "../entities/SalaryRanks"; import { Salarys } from "../entities/Salarys"; +import permission from "../interfaces/permission"; +import { RequestWithUser } from "../middlewares/user"; @Route("api/v1/salary/rate") @Tags("SalaryRank") @Security("bearerAuth") @@ -41,10 +43,11 @@ export class SalaryRanksController extends Controller { */ @Post() async CreateSalaryRank( + @Request() request: RequestWithUser, @Body() requestBody: CreateSalaryRank, - @Request() request: { user: Record }, ) { + await new permission().PermissionCreate(request, "SYS_SALARY_CHART_OFFICER"); try { const checkSalary = await this.salaryRepository.findOne({ where: { id: requestBody.salaryId }, @@ -73,11 +76,12 @@ export class SalaryRanksController extends Controller { */ @Put("{id}") async updateSalaryRanks( + @Request() request: RequestWithUser, @Path() id: string, @Body() requestBody: UpdateSalaryRank, - @Request() request: { user: Record }, ) { + await new permission().PermissionUpdate(request, "SYS_SALARY_CHART_OFFICER"); const salaryRank = await this.salaryRankRepository.findOne({ where: { id: id } }); if (!salaryRank) { throw new HttpError(HttpStatusCode.NOT_FOUND, "ไม่พบข้อมูลระดับผังเงินเดือนนี้"); @@ -97,7 +101,8 @@ export class SalaryRanksController extends Controller { * @param {string} id Id อัตราเงินเดือน */ @Delete("{id}") - async deleteSalaryRanks(@Path() id: string) { + async deleteSalaryRanks(@Request() request: RequestWithUser, @Path() id: string) { + await new permission().PermissionDelete(request, "SYS_SALARY_CHART_OFFICER"); const delSalaryRanks = await this.salaryRankRepository.findOne({ where: { id }, }); @@ -117,11 +122,13 @@ export class SalaryRanksController extends Controller { */ @Get("{id}") async listSalaryRanks( + @Request() request: RequestWithUser, @Path() id: string, @Query("page") page: number = 1, @Query("pageSize") pageSize: number = 10, @Query("keyword") keyword?: string, ) { + await new permission().PermissionGet(request, "SYS_SALARY_CHART_OFFICER"); const [salaryRank, total] = await AppDataSource.getRepository(SalaryRanks) .createQueryBuilder("salaryRank") .andWhere( diff --git a/src/controllers/SalaryRankEmployeeController.ts b/src/controllers/SalaryRankEmployeeController.ts index 1b0324e..2889444 100644 --- a/src/controllers/SalaryRankEmployeeController.ts +++ b/src/controllers/SalaryRankEmployeeController.ts @@ -25,6 +25,8 @@ import { UpdateSalaryRankEmployee, } from "../entities/SalaryRankEmployee"; import { SalaryEmployee } from "../entities/SalaryEmployee"; +import permission from "../interfaces/permission"; +import { RequestWithUser } from "../middlewares/user"; @Route("api/v1/salary/rate/employee") @Tags("SalaryRankEmployee") @Security("bearerAuth") @@ -44,10 +46,11 @@ export class SalaryRankEmployeeController extends Controller { */ @Post() async CreateSalaryRankEmployee( + @Request() request: RequestWithUser, @Body() requestBody: CreateSalaryRankEmployee, - @Request() request: { user: Record }, ) { + await new permission().PermissionCreate(request, "SYS_WAGE_CHART_EMP"); try { const checkSalary = await this.salaryEmployeeRepository.findOne({ where: { id: requestBody.salaryEmployeeId }, @@ -84,11 +87,12 @@ export class SalaryRankEmployeeController extends Controller { */ @Put("{id}") async updateSalaryRankEmployees( + @Request() request: RequestWithUser, @Path() id: string, @Body() requestBody: UpdateSalaryRankEmployee, - @Request() request: { user: Record }, ) { + await new permission().PermissionUpdate(request, "SYS_WAGE_CHART_EMP"); const salaryRankEmployee = await this.salaryRankEmployeeRepository.findOne({ where: { id: id }, }); @@ -119,7 +123,8 @@ export class SalaryRankEmployeeController extends Controller { * @param {string} id Id อัตราเงินเดือน */ @Delete("{id}") - async deleteSalaryRankEmployees(@Path() id: string) { + async deleteSalaryRankEmployees(@Request() request: RequestWithUser, @Path() id: string) { + await new permission().PermissionDelete(request, "SYS_WAGE_CHART_EMP"); const delSalaryRankEmployees = await this.salaryRankEmployeeRepository.findOne({ where: { id }, }); @@ -138,11 +143,13 @@ export class SalaryRankEmployeeController extends Controller { */ @Get("{id}") async listSalaryRankEmployees( + @Request() request: RequestWithUser, @Path() id: string, @Query("page") page: number = 1, @Query("pageSize") pageSize: number = 10, @Query("keyword") keyword?: string, ) { + await new permission().PermissionGet(request, "SYS_WAGE_CHART_EMP"); const [salaryRankEmployee, total] = await AppDataSource.getRepository(SalaryRankEmployee) .createQueryBuilder("salaryRankEmployee") .andWhere( diff --git a/src/interfaces/permission.ts b/src/interfaces/permission.ts index 539def0..1669018 100644 --- a/src/interfaces/permission.ts +++ b/src/interfaces/permission.ts @@ -1,16 +1,3 @@ -import { - Controller, - Request, - Get, - Post, - Put, - Delete, - Patch, - Route, - Security, - Tags, - Path, -} from "tsoa"; import axios from "axios"; import { RequestWithUser } from "../middlewares/user"; import CallAPI from "./call-api"; @@ -26,23 +13,166 @@ class CheckAuth { ) { return null; } - await new CallAPI() + return await new CallAPI() .GetData(req, "/org/permission") .then((x) => { let permission = false; let role = x.roles.find((x: any) => x.authSysId == system); if (!role) throw "ไม่มีสิทธิ์เข้าระบบ"; + if (role.attrOwnership == "OWNER") return "OWNER"; if (action.trim().toLocaleUpperCase() == "CREATE") permission = role.attrIsCreate; if (action.trim().toLocaleUpperCase() == "DELETE") permission = role.attrIsDelete; if (action.trim().toLocaleUpperCase() == "GET") permission = role.attrIsGet; if (action.trim().toLocaleUpperCase() == "LIST") permission = role.attrIsList; if (action.trim().toLocaleUpperCase() == "UPDATE") permission = role.attrIsUpdate; - if (role.attrOwnership == "OWNER") permission = true; if (permission == false) throw "ไม่มีสิทธิ์ใช้งานระบบนี้"; return role.attrPrivilege; }) .catch((x) => { - throw new HttpError(HttpStatus.FORBIDDEN, x); + if (x.status != undefined) { + throw new HttpError(x.status, x.message); + } else { + throw new HttpError(HttpStatus.FORBIDDEN, x); + } + }); + } + public async PermissionOrg(req: RequestWithUser, system: string, action: string) { + if ( + req.headers.hasOwnProperty("api_key") && + req.headers["api_key"] && + req.headers["api_key"] == process.env.API_KEY + ) { + return null; + } + return await new CallAPI() + .GetData(req, "/org/permission/org") + .then(async (x) => { + let privilege = null; + if (action.trim().toLocaleUpperCase() == "CREATE") + privilege = await this.PermissionCreate(req, system); + if (action.trim().toLocaleUpperCase() == "DELETE") + privilege = await this.PermissionDelete(req, system); + if (action.trim().toLocaleUpperCase() == "GET") + privilege = await this.PermissionGet(req, system); + if (action.trim().toLocaleUpperCase() == "LIST") + privilege = await this.PermissionList(req, system); + if (action.trim().toLocaleUpperCase() == "UPDATE") + privilege = await this.PermissionUpdate(req, system); + + let data: any = { + root: [null], + child1: [null], + child2: [null], + child3: [null], + child4: [null], + }; + let node = 4; + if (x.orgChild1Id == null) { + node = 0; + } else if (x.orgChild2Id == null) { + node = 1; + } else if (x.orgChild3Id == null) { + node = 2; + } else if (x.orgChild4Id == null) { + node = 3; + } + if (privilege == "ROOT") { + data = { + root: [x.orgRootId], + child1: null, + child2: null, + child3: null, + child4: null, + }; + } else if (privilege == "CHILD") { + data = { + root: node >= 0 ? [x.orgRootId] : null, + child1: node >= 1 ? [x.orgChild1Id] : null, + child2: node >= 2 ? [x.orgChild2Id] : null, + child3: node >= 3 ? [x.orgChild3Id] : null, + child4: node >= 4 ? [x.orgChild4Id] : null, + }; + } else if (privilege == "NORMAL") { + data = { + root: [x.orgRootId], + child1: [x.orgChild1Id], + child2: [x.orgChild2Id], + child3: [x.orgChild3Id], + child4: [x.orgChild4Id], + }; + } else if (privilege == "SPECIFIC") { + } else if (privilege == "OWNER") { + data = { + root: null, + child1: null, + child2: null, + child3: null, + child4: null, + }; + } + + return data; + }) + .catch((x) => { + if (x.status != undefined) { + throw new HttpError(x.status, x.message); + } else { + throw new HttpError(HttpStatus.FORBIDDEN, x); + } + }); + } + public async PermissionOrgByUser( + req: RequestWithUser, + system: string, + action: string, + profileId: string, + ) { + if ( + req.headers.hasOwnProperty("api_key") && + req.headers["api_key"] && + req.headers["api_key"] == process.env.API_KEY + ) { + return true; + } + return await new CallAPI() + .GetData(req, `/org/permission/user/${profileId}`) + .then(async (x) => { + let org = { + root: [null], + child1: [null], + child2: [null], + child3: [null], + child4: [null], + }; + if (action.trim().toLocaleUpperCase() == "CREATE") + org = await this.PermissionOrgCreate(req, system); + if (action.trim().toLocaleUpperCase() == "DELETE") + org = await this.PermissionOrgDelete(req, system); + if (action.trim().toLocaleUpperCase() == "GET") + org = await this.PermissionOrgGet(req, system); + if (action.trim().toLocaleUpperCase() == "LIST") + org = await this.PermissionOrgList(req, system); + if (action.trim().toLocaleUpperCase() == "UPDATE") + org = await this.PermissionOrgUpdate(req, system); + + if (org.root != null) if (x.orgRootId != org.root[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล"; + if (org.child1 != null) + if (x.orgChild1Id != org.child1[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล"; + if (org.child2 != null) + if (x.orgChild2Id != org.child2[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล"; + if (org.child3 != null) + if (x.orgChild3Id != org.child3[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล"; + if (org.child4 != null) + if (x.orgChild4Id != org.child4[0]) throw "ไม่มีสิทธิ์เข้าถึงข้อมูล"; + + return true; + }) + .catch((x) => { + if (x.status != undefined) { + throw new HttpError(x.status, x.message); + } else { + throw new HttpError(HttpStatus.FORBIDDEN, x); + } }); } public async PermissionCreate(req: RequestWithUser, system: string) { @@ -60,6 +190,38 @@ class CheckAuth { public async PermissionUpdate(req: RequestWithUser, system: string) { return await this.Permission(req, system, "UPDATE"); } + + public async PermissionOrgCreate(req: RequestWithUser, system: string) { + return await this.PermissionOrg(req, system, "CREATE"); + } + public async PermissionOrgDelete(req: RequestWithUser, system: string) { + return await this.PermissionOrg(req, system, "DELETE"); + } + public async PermissionOrgGet(req: RequestWithUser, system: string) { + return await this.PermissionOrg(req, system, "GET"); + } + public async PermissionOrgList(req: RequestWithUser, system: string) { + return await this.PermissionOrg(req, system, "LIST"); + } + public async PermissionOrgUpdate(req: RequestWithUser, system: string) { + return await this.PermissionOrg(req, system, "UPDATE"); + } + + public async PermissionOrgUserCreate(req: RequestWithUser, system: string, profileId: string) { + return await this.PermissionOrgByUser(req, system, "CREATE", profileId); + } + public async PermissionOrgUserDelete(req: RequestWithUser, system: string, profileId: string) { + return await this.PermissionOrgByUser(req, system, "DELETE", profileId); + } + public async PermissionOrgUserGet(req: RequestWithUser, system: string, profileId: string) { + return await this.PermissionOrgByUser(req, system, "GET", profileId); + } + public async PermissionOrgUserList(req: RequestWithUser, system: string, profileId: string) { + return await this.PermissionOrgByUser(req, system, "LIST", profileId); + } + public async PermissionOrgUserUpdate(req: RequestWithUser, system: string, profileId: string) { + return await this.PermissionOrgByUser(req, system, "UPDATE", profileId); + } } export default CheckAuth;