Update frontend login page.jsx และ backend
This commit is contained in:
admin
@@ -1,72 +1,130 @@
|
||||
import { Router } from 'express';
|
||||
import sql from '../db/index.js';
|
||||
import { requirePerm } from '../middleware/requirePerm.js';
|
||||
import { buildScopeWhere, ownerResolvers } from '../utils/scope.js';
|
||||
import PERM from '../config/permissions.js';
|
||||
// FILE: src/routes/contracts.js
|
||||
// Contracts routes
|
||||
// - CRUD operations for contracts
|
||||
// - Requires appropriate permissions via requirePerm middleware
|
||||
// - Uses org scope for all permissions
|
||||
// - contract.read, contract.create, contract.update, contract.delete
|
||||
// - Contract fields: id (PK), org_id, project_id, contract_no, title, status, created_by
|
||||
// - Basic filtering on list endpoint by project_id, org_id, contract_no
|
||||
// - Uses async/await for asynchronous operations
|
||||
// - Middleware functions are used for permission checks
|
||||
// - Owner resolvers are used to fetch org_id for specific contract ids
|
||||
|
||||
import { Router } from "express";
|
||||
import sql from "../db/index.js";
|
||||
import { requirePerm } from "../middleware/requirePerm.js";
|
||||
import { buildScopeWhere, ownerResolvers } from "../utils/scope.js";
|
||||
import PERM from "../config/permissions.js";
|
||||
|
||||
const r = Router();
|
||||
const OWN = ownerResolvers(sql, 'contracts', 'id');
|
||||
const OWN = ownerResolvers(sql, "contracts", "id");
|
||||
|
||||
|
||||
r.get('/',
|
||||
requirePerm(PERM.contract.read, { scope: 'global' }),
|
||||
async (req, res) => {
|
||||
const { project_id, org_id, contract_no, q, limit = 50, offset = 0 } = req.query;
|
||||
const base = buildScopeWhere(req.principal, { tableAlias: 'c', orgColumn: 'c.org_id', projectColumn: 'c.project_id', permCode: PERM.contract.read, preferProject: true });
|
||||
const extra = [];
|
||||
const params = { ...base.params, limit: Number(limit), offset: Number(offset) };
|
||||
if (project_id) { extra.push('c.project_id = :project_id'); params.project_id = Number(project_id); }
|
||||
if (org_id) { extra.push('c.org_id = :org_id'); params.org_id = Number(org_id); }
|
||||
if (contract_no){ extra.push('c.contract_no = :contract_no'); params.contract_no = contract_no; }
|
||||
if (q) { extra.push('(c.contract_no LIKE :q OR c.title LIKE :q)'); params.q = `%${q}%`; }
|
||||
const where = [base.where, ...extra].filter(Boolean).join(' AND ');
|
||||
const [rows] = await sql.query(`SELECT c.* FROM contracts c WHERE ${where} ORDER BY c.id DESC LIMIT :limit OFFSET :offset`, params);
|
||||
res.json(rows);
|
||||
}
|
||||
r.get(
|
||||
"/",
|
||||
requirePerm(PERM.contract.read, { scope: "global" }),
|
||||
async (req, res) => {
|
||||
const {
|
||||
project_id,
|
||||
org_id,
|
||||
contract_no,
|
||||
q,
|
||||
limit = 50,
|
||||
offset = 0,
|
||||
} = req.query;
|
||||
const base = buildScopeWhere(req.principal, {
|
||||
tableAlias: "c",
|
||||
orgColumn: "c.org_id",
|
||||
projectColumn: "c.project_id",
|
||||
permCode: PERM.contract.read,
|
||||
preferProject: true,
|
||||
});
|
||||
const extra = [];
|
||||
const params = {
|
||||
...base.params,
|
||||
limit: Number(limit),
|
||||
offset: Number(offset),
|
||||
};
|
||||
if (project_id) {
|
||||
extra.push("c.project_id = :project_id");
|
||||
params.project_id = Number(project_id);
|
||||
}
|
||||
if (org_id) {
|
||||
extra.push("c.org_id = :org_id");
|
||||
params.org_id = Number(org_id);
|
||||
}
|
||||
if (contract_no) {
|
||||
extra.push("c.contract_no = :contract_no");
|
||||
params.contract_no = contract_no;
|
||||
}
|
||||
if (q) {
|
||||
extra.push("(c.contract_no LIKE :q OR c.title LIKE :q)");
|
||||
params.q = `%${q}%`;
|
||||
}
|
||||
const where = [base.where, ...extra].filter(Boolean).join(" AND ");
|
||||
const [rows] = await sql.query(
|
||||
`SELECT c.* FROM contracts c WHERE ${where} ORDER BY c.id DESC LIMIT :limit OFFSET :offset`,
|
||||
params
|
||||
);
|
||||
res.json(rows);
|
||||
}
|
||||
);
|
||||
|
||||
|
||||
r.get('/:id',
|
||||
requirePerm(PERM.contract.read, { scope: 'org', getOrgId: OWN.getOrgIdById }),
|
||||
async (req, res) => {
|
||||
const id = Number(req.params.id);
|
||||
const [[row]] = await sql.query('SELECT * FROM contracts WHERE id=?', [id]);
|
||||
if (!row) return res.status(404).json({ error: 'Not found' });
|
||||
res.json(row);
|
||||
}
|
||||
r.get(
|
||||
"/:id",
|
||||
requirePerm(PERM.contract.read, { scope: "org", getOrgId: OWN.getOrgIdById }),
|
||||
async (req, res) => {
|
||||
const id = Number(req.params.id);
|
||||
const [[row]] = await sql.query("SELECT * FROM contracts WHERE id=?", [id]);
|
||||
if (!row) return res.status(404).json({ error: "Not found" });
|
||||
res.json(row);
|
||||
}
|
||||
);
|
||||
|
||||
|
||||
r.post('/',
|
||||
requirePerm(PERM.contract.create, { scope: 'org', getOrgId: async req => req.body?.org_id ?? null }),
|
||||
async (req, res) => {
|
||||
const { org_id, project_id, contract_no, title, status } = req.body;
|
||||
const [rs] = await sql.query(`INSERT INTO contracts (org_id, project_id, contract_no, title, status, created_by) VALUES (?,?,?,?,?,?)`, [org_id, project_id, contract_no, title, status, req.principal.userId]);
|
||||
res.json({ id: rs.insertId });
|
||||
}
|
||||
r.post(
|
||||
"/",
|
||||
requirePerm(PERM.contract.create, {
|
||||
scope: "org",
|
||||
getOrgId: async (req) => req.body?.org_id ?? null,
|
||||
}),
|
||||
async (req, res) => {
|
||||
const { org_id, project_id, contract_no, title, status } = req.body;
|
||||
const [rs] = await sql.query(
|
||||
`INSERT INTO contracts (org_id, project_id, contract_no, title, status, created_by) VALUES (?,?,?,?,?,?)`,
|
||||
[org_id, project_id, contract_no, title, status, req.principal.userId]
|
||||
);
|
||||
res.json({ id: rs.insertId });
|
||||
}
|
||||
);
|
||||
|
||||
|
||||
r.put('/:id',
|
||||
requirePerm(PERM.contract.update, { scope: 'org', getOrgId: OWN.getOrgIdById }),
|
||||
async (req, res) => {
|
||||
const id = Number(req.params.id);
|
||||
const { title, status } = req.body;
|
||||
await sql.query('UPDATE contracts SET title=?, status=? WHERE id=?', [title, status, id]);
|
||||
res.json({ ok: 1 });
|
||||
}
|
||||
r.put(
|
||||
"/:id",
|
||||
requirePerm(PERM.contract.update, {
|
||||
scope: "org",
|
||||
getOrgId: OWN.getOrgIdById,
|
||||
}),
|
||||
async (req, res) => {
|
||||
const id = Number(req.params.id);
|
||||
const { title, status } = req.body;
|
||||
await sql.query("UPDATE contracts SET title=?, status=? WHERE id=?", [
|
||||
title,
|
||||
status,
|
||||
id,
|
||||
]);
|
||||
res.json({ ok: 1 });
|
||||
}
|
||||
);
|
||||
|
||||
|
||||
r.delete('/:id',
|
||||
requirePerm(PERM.contract.delete, { scope: 'org', getOrgId: OWN.getOrgIdById }),
|
||||
async (req, res) => {
|
||||
const id = Number(req.params.id);
|
||||
await sql.query('DELETE FROM contracts WHERE id=?', [id]);
|
||||
res.json({ ok: 1 });
|
||||
}
|
||||
r.delete(
|
||||
"/:id",
|
||||
requirePerm(PERM.contract.delete, {
|
||||
scope: "org",
|
||||
getOrgId: OWN.getOrgIdById,
|
||||
}),
|
||||
async (req, res) => {
|
||||
const id = Number(req.params.id);
|
||||
await sql.query("DELETE FROM contracts WHERE id=?", [id]);
|
||||
res.json({ ok: 1 });
|
||||
}
|
||||
);
|
||||
|
||||
|
||||
export default r;
|
||||
export default r;
|
||||
|
||||
Reference in New Issue
Block a user