125 lines
3.7 KiB
JavaScript
125 lines
3.7 KiB
JavaScript
// FILE: src/routes/correspondences.js
|
|
// 03.2 7) เพิ่ม routes/correspondences.js (ใหม่)
|
|
// - ใช้ร่วมกับ requirePerm() และ buildScopeWhere()
|
|
// - สำหรับจัดการ correspondences (ดู/เพิ่ม/แก้ไข/ลบ) ตามสิทธิ์ของผู้ใช้
|
|
// Correspondences routes
|
|
// - CRUD operations for correspondences
|
|
// - Requires appropriate permissions via requirePerm middleware
|
|
// - Uses org scope for all permissions
|
|
// - correspondence:read, correspondence:create, correspondence:update, correspondence:delete
|
|
// - Correspondence fields: id (PK), org_id, project_id, corr_no, subject, status, created_by
|
|
// - Basic validation: org_id, corr_no, subject required for create
|
|
|
|
import { Router } from "express";
|
|
import sql from "../db/index.js";
|
|
import { requirePerm } from "../middleware/requirePerm.js";
|
|
import { buildScopeWhere, ownerResolvers } from "../utils/scope.js";
|
|
import PERM from "../config/permissions.js";
|
|
|
|
const r = Router();
|
|
const OWN = ownerResolvers(sql, "correspondences", "id");
|
|
|
|
r.get(
|
|
"/",
|
|
requirePerm(PERM.correspondence.read, { scope: "global" }),
|
|
async (req, res) => {
|
|
const { project_id, org_id, q, limit = 50, offset = 0 } = req.query;
|
|
const base = buildScopeWhere(req.principal, {
|
|
tableAlias: "c",
|
|
orgColumn: "c.org_id",
|
|
projectColumn: "c.project_id",
|
|
permCode: PERM.correspondence.read,
|
|
preferProject: true,
|
|
});
|
|
const extra = [];
|
|
const params = {
|
|
...base.params,
|
|
limit: Number(limit),
|
|
offset: Number(offset),
|
|
};
|
|
if (project_id) {
|
|
extra.push("c.project_id = :project_id");
|
|
params.project_id = Number(project_id);
|
|
}
|
|
if (org_id) {
|
|
extra.push("c.org_id = :org_id");
|
|
params.org_id = Number(org_id);
|
|
}
|
|
if (q) {
|
|
extra.push("(c.corr_no LIKE :q OR c.subject LIKE :q)");
|
|
params.q = `%${q}%`;
|
|
}
|
|
const where = [base.where, ...extra].join(" AND ");
|
|
const [rows] = await sql.query(
|
|
`SELECT c.* FROM correspondences c WHERE ${where} ORDER BY c.id DESC LIMIT :limit OFFSET :offset`,
|
|
params
|
|
);
|
|
res.json(rows);
|
|
}
|
|
);
|
|
|
|
r.get(
|
|
"/:id",
|
|
requirePerm(PERM.correspondence.read, {
|
|
scope: "org",
|
|
getOrgId: OWN.getOrgIdById,
|
|
}),
|
|
async (req, res) => {
|
|
const id = Number(req.params.id);
|
|
const [[row]] = await sql.query(
|
|
"SELECT * FROM correspondences WHERE id=?",
|
|
[id]
|
|
);
|
|
if (!row) return res.status(404).json({ error: "Not found" });
|
|
res.json(row);
|
|
}
|
|
);
|
|
|
|
r.post(
|
|
"/",
|
|
requirePerm(PERM.correspondence.create, {
|
|
scope: "org",
|
|
getOrgId: async (req) => req.body?.org_id ?? null,
|
|
}),
|
|
async (req, res) => {
|
|
const { org_id, project_id, corr_no, subject, status } = req.body;
|
|
const [rs] = await sql.query(
|
|
`INSERT INTO correspondences (org_id, project_id, corr_no, subject, status, created_by) VALUES (?,?,?,?,?,?)`,
|
|
[org_id, project_id, corr_no, subject, status, req.principal.userId]
|
|
);
|
|
res.json({ id: rs.insertId });
|
|
}
|
|
);
|
|
|
|
r.put(
|
|
"/:id",
|
|
requirePerm(PERM.correspondence.update, {
|
|
scope: "org",
|
|
getOrgId: OWN.getOrgIdById,
|
|
}),
|
|
async (req, res) => {
|
|
const id = Number(req.params.id);
|
|
const { subject, status } = req.body;
|
|
await sql.query(
|
|
"UPDATE correspondences SET subject=?, status=? WHERE id=?",
|
|
[subject, status, id]
|
|
);
|
|
res.json({ ok: 1 });
|
|
}
|
|
);
|
|
|
|
r.delete(
|
|
"/:id",
|
|
requirePerm(PERM.correspondence.delete, {
|
|
scope: "org",
|
|
getOrgId: OWN.getOrgIdById,
|
|
}),
|
|
async (req, res) => {
|
|
const id = Number(req.params.id);
|
|
await sql.query("DELETE FROM correspondences WHERE id=?", [id]);
|
|
res.json({ ok: 1 });
|
|
}
|
|
);
|
|
|
|
export default r;
|