Update frontend login page.jsx และ backend

2025-09-29 13:25:09 +07:00
parent aca3667a9d
commit 7dd5ce8015
52 changed files with 2903 additions and 1289 deletions
--- a/backend/src/routes/drawings.js
+++ b/backend/src/routes/drawings.js
@@ -1,31 +1,63 @@
-import { Router } from 'express';
-import sql from '../db/index.js';
-import { requirePerm } from '../middleware/requirePerm.js';
-import { buildScopeWhere, ownerResolvers } from '../utils/scope.js';
-import PERM from '../config/permissions.js';
+// FILE: src/routes/drawings.js
+// 03.2 9) เพิ่ม routes/drawings.js (ใหม่)
+// - ใช้ร่วมกับ requirePerm() และ buildScopeWhere()
+// - สำหรับจัดการ drawings (ดู/เพิ่ม/แก้ไข/ลบ) ตามสิทธิ์ของผู้ใช้
+// Drawings routes
+// - CRUD operations for drawings
+// - Requires appropriate permissions via requirePerm middleware
+// - Uses org scope for all permissions
+// - drawing:read, drawing:create, drawing:update, drawing:delete
+// - Drawing fields: id (PK), org_id, project_id, dwg_no, dwg_code, title, created_by
+// - Basic validation: org_id, dwg_no required for create
+
+import { Router } from "express";
+import sql from "../db/index.js";
+import { requirePerm } from "../middleware/requirePerm.js";
+import { buildScopeWhere, ownerResolvers } from "../utils/scope.js";
+import PERM from "../config/permissions.js";

 const r = Router();
-const OWN = ownerResolvers(sql, 'drawings', 'id');
+const OWN = ownerResolvers(sql, "drawings", "id");

 // LIST
-r.get('/',
-  requirePerm('drawing.read', { scope: 'global' }),
+r.get(
+  "/",
+  requirePerm("drawing.read", { scope: "global" }),
  async (req, res) => {
    const { project_id, org_id, code, q, limit = 50, offset = 0 } = req.query;

    const base = buildScopeWhere(req.principal, {
-      tableAlias: 'd', orgColumn: 'd.org_id', projectColumn: 'd.project_id',
-      permCode: 'drawing.read', preferProject: true,
+      tableAlias: "d",
+      orgColumn: "d.org_id",
+      projectColumn: "d.project_id",
+      permCode: "drawing.read",
+      preferProject: true,
    });

    const extra = [];
-    const params = { ...base.params, limit: Number(limit), offset: Number(offset) };
-    if (project_id) { extra.push('d.project_id = :project_id'); params.project_id = Number(project_id); }
-    if (org_id)     { extra.push('d.org_id = :org_id');         params.org_id = Number(org_id); }
-    if (code)       { extra.push('d.dwg_code = :code');         params.code = code; }
-    if (q)          { extra.push('(d.dwg_no LIKE :q OR d.title LIKE :q)'); params.q = `%${q}%`; }
+    const params = {
+      ...base.params,
+      limit: Number(limit),
+      offset: Number(offset),
+    };
+    if (project_id) {
+      extra.push("d.project_id = :project_id");
+      params.project_id = Number(project_id);
+    }
+    if (org_id) {
+      extra.push("d.org_id = :org_id");
+      params.org_id = Number(org_id);
+    }
+    if (code) {
+      extra.push("d.dwg_code = :code");
+      params.code = code;
+    }
+    if (q) {
+      extra.push("(d.dwg_no LIKE :q OR d.title LIKE :q)");
+      params.q = `%${q}%`;
+    }

-    const where = [base.where, ...extra].filter(Boolean).join(' AND ');
+    const where = [base.where, ...extra].filter(Boolean).join(" AND ");

    const [rows] = await sql.query(
      `SELECT d.* FROM drawings d WHERE ${where}
@@ -37,19 +69,24 @@ r.get('/',
 );

 // GET
-r.get('/:id',
-  requirePerm('drawing.read', { scope: 'org', getOrgId: OWN.getOrgIdById }),
+r.get(
+  "/:id",
+  requirePerm("drawing.read", { scope: "org", getOrgId: OWN.getOrgIdById }),
  async (req, res) => {
    const id = Number(req.params.id);
-    const [[row]] = await sql.query('SELECT * FROM drawings WHERE id=?', [id]);
-    if (!row) return res.status(404).json({ error: 'Not found' });
+    const [[row]] = await sql.query("SELECT * FROM drawings WHERE id=?", [id]);
+    if (!row) return res.status(404).json({ error: "Not found" });
    res.json(row);
  }
 );

 // CREATE
-r.post('/',
-  requirePerm('drawing.create', { scope: 'org', getOrgId: async req => req.body?.org_id ?? null }),
+r.post(
+  "/",
+  requirePerm("drawing.create", {
+    scope: "org",
+    getOrgId: async (req) => req.body?.org_id ?? null,
+  }),
  async (req, res) => {
    const { org_id, project_id, dwg_no, dwg_code, title } = req.body;
    const [rs] = await sql.query(
@@ -62,22 +99,24 @@ r.post('/',
 );

 // UPDATE
-r.put('/:id',
-  requirePerm('drawing.update', { scope: 'org', getOrgId: OWN.getOrgIdById }),
+r.put(
+  "/:id",
+  requirePerm("drawing.update", { scope: "org", getOrgId: OWN.getOrgIdById }),
  async (req, res) => {
    const id = Number(req.params.id);
    const { title } = req.body;
-    await sql.query('UPDATE drawings SET title=? WHERE id=?', [title, id]);
+    await sql.query("UPDATE drawings SET title=? WHERE id=?", [title, id]);
    res.json({ ok: 1 });
  }
 );

 // DELETE
-r.delete('/:id',
-  requirePerm('drawing.delete', { scope: 'org', getOrgId: OWN.getOrgIdById }),
+r.delete(
+  "/:id",
+  requirePerm("drawing.delete", { scope: "org", getOrgId: OWN.getOrgIdById }),
  async (req, res) => {
    const id = Number(req.params.id);
-    await sql.query('DELETE FROM drawings WHERE id=?', [id]);
+    await sql.query("DELETE FROM drawings WHERE id=?", [id]);
    res.json({ ok: 1 });
  }
 );