Update frontend login page.jsx และ backend

backend/src/routes/projects.js

@@ -1,18 +1,34 @@
-import { Router } from 'express';
-import sql from '../db/index.js';
-import { requirePerm } from '../middleware/requirePerm.js';
-import { buildScopeWhere } from '../utils/scope.js';
-import PERM from '../config/permissions.js';
+// FILE: src/routes/projects.js
+// 03.2 6) เพิ่ม routes/projects.js (ใหม่)
+// - ใช้ร่วมกับ requirePerm() และ buildScopeWhere()
+// - สำหรับจัดการ projects (ดู/เพิ่ม/แก้ไข/ลบ) ตามสิทธิ์ของผู้ใช้
+// Projects routes
+// - CRUD operations for projects
+// - Requires appropriate permissions via requirePerm middleware
+// - Uses org/project scope for all permissions
+// - project:read, project:create, project:update, project:delete
+// - Project fields: project_id (PK), org_id (FK), project_code, project_name
+// - project_code is unique
+// - Basic validation: org_id, project_code, project_name required for create
+
+import { Router } from "express";
+import sql from "../db/index.js";
+import { requirePerm } from "../middleware/requirePerm.js";
+import { buildScopeWhere } from "../utils/scope.js";
 
 const r = Router();
 
 // LIST – จำกัดตาม org/project scope ของผู้ใช้
-r.get('/',
-  requirePerm('project.read', { scope: 'global' }),
+r.get(
+  "/",
+  requirePerm("project.read", { scope: "global" }),
   async (req, res) => {
     const { where, params } = buildScopeWhere(req.principal, {
-      tableAlias: 'p', orgColumn: 'p.org_id', projectColumn: 'p.project_id',
-      permCode: 'project.read', preferProject: true,
+      tableAlias: "p",
+      orgColumn: "p.org_id",
+      projectColumn: "p.project_id",
+      permCode: "project.read",
+      preferProject: true,
     });
     const [rows] = await sql.query(
       `SELECT p.* FROM projects p WHERE ${where}`,
@@ -23,29 +39,34 @@ r.get('/',
 );
 
 // GET
-r.get('/:id',
-  requirePerm('project.read', {
-    scope: 'project',
-    getProjectId: async req => Number(req.params.id),
+r.get(
+  "/:id",
+  requirePerm("project.read", {
+    scope: "project",
+    getProjectId: async (req) => Number(req.params.id),
   }),
   async (req, res) => {
     const id = Number(req.params.id);
-    const [[row]] = await sql.query('SELECT * FROM projects WHERE project_id=?', [id]);
-    if (!row) return res.status(404).json({ error: 'Not found' });
+    const [[row]] = await sql.query(
+      "SELECT * FROM projects WHERE project_id=?",
+      [id]
+    );
+    if (!row) return res.status(404).json({ error: "Not found" });
     res.json(row);
   }
 );
 
 // CREATE
-r.post('/',
-  requirePerm('project.create', {
-    scope: 'org',
-    getOrgId: async req => req.body?.org_id ?? null,
+r.post(
+  "/",
+  requirePerm("project.create", {
+    scope: "org",
+    getOrgId: async (req) => req.body?.org_id ?? null,
   }),
   async (req, res) => {
     const { org_id, project_code, project_name } = req.body;
     const [rs] = await sql.query(
-      'INSERT INTO projects (org_id, project_code, project_name) VALUES (?,?,?)',
+      "INSERT INTO projects (org_id, project_code, project_name) VALUES (?,?,?)",
       [org_id, project_code, project_name]
     );
     res.json({ project_id: rs.insertId });
@@ -53,28 +74,33 @@ r.post('/',
 );
 
 // UPDATE
-r.put('/:id',
-  requirePerm('project.update', {
-    scope: 'project',
-    getProjectId: async req => Number(req.params.id),
+r.put(
+  "/:id",
+  requirePerm("project.update", {
+    scope: "project",
+    getProjectId: async (req) => Number(req.params.id),
   }),
   async (req, res) => {
     const { project_name } = req.body;
     const id = Number(req.params.id);
-    await sql.query('UPDATE projects SET project_name=? WHERE project_id=?', [project_name, id]);
+    await sql.query("UPDATE projects SET project_name=? WHERE project_id=?", [
+      project_name,
+      id,
+    ]);
     res.json({ ok: 1 });
   }
 );
 
 // DELETE
-r.delete('/:id',
-  requirePerm('project.delete', {
-    scope: 'project',
-    getProjectId: async req => Number(req.params.id),
+r.delete(
+  "/:id",
+  requirePerm("project.delete", {
+    scope: "project",
+    getProjectId: async (req) => Number(req.params.id),
   }),
   async (req, res) => {
     const id = Number(req.params.id);
-    await sql.query('DELETE FROM projects WHERE project_id=?', [id]);
+    await sql.query("DELETE FROM projects WHERE project_id=?", [id]);
     res.json({ ok: 1 });
   }
 );