56 lines
1.6 KiB
JavaScript
Executable File
56 lines
1.6 KiB
JavaScript
Executable File
// FILE: backend/src/routes/users.js
|
|
import { Router } from "express";
|
|
import sql from "../db/index.js";
|
|
import { requirePerm } from "../middleware/requirePerm.js";
|
|
|
|
const r = Router();
|
|
|
|
// ME (ทุกคน)
|
|
r.get("/me", async (req, res) => {
|
|
const p = req.principal;
|
|
const [[u]] = await sql.query(
|
|
`SELECT user_id, username, email, first_name, last_name, org_id FROM users WHERE user_id=?`,
|
|
[p.user_id]
|
|
);
|
|
if (!u) return res.status(404).json({ error: "User not found" });
|
|
const [roles] = await sql.query(
|
|
`SELECT r.role_code, r.role_name, ur.org_id, ur.project_id
|
|
FROM user_roles ur JOIN roles r ON r.role_id = ur.role_id
|
|
WHERE ur.user_id=?`,
|
|
[p.user_id]
|
|
);
|
|
res.json({
|
|
...u,
|
|
roles,
|
|
role_codes: roles.map((r) => r.role_code),
|
|
permissions: [...(p.permissions || [])],
|
|
project_ids: p.project_ids,
|
|
org_ids: p.org_ids,
|
|
is_superadmin: p.is_superadmin,
|
|
});
|
|
});
|
|
|
|
// USERS LIST (ORG scope) — admin.access
|
|
r.get(
|
|
"/",
|
|
requirePerm("admin.access", { orgParam: "org_id" }),
|
|
async (req, res) => {
|
|
const P = req.principal;
|
|
let rows = [];
|
|
if (P.is_superadmin) {
|
|
[rows] = await sql.query(
|
|
"SELECT user_id, username, email, org_id FROM users ORDER BY user_id DESC LIMIT 500"
|
|
);
|
|
} else if (P.org_ids?.length) {
|
|
const inSql = P.org_ids.map(() => "?").join(",");
|
|
[rows] = await sql.query(
|
|
`SELECT user_id, username, email, org_id FROM users WHERE org_id IN (${inSql}) ORDER BY user_id DESC LIMIT 500`,
|
|
P.org_ids
|
|
);
|
|
}
|
|
res.json(rows);
|
|
}
|
|
);
|
|
|
|
export default r;
|