251121:1700 Backend T3 wait testt

2025-11-21 17:16:40 +07:00
parent 58cee2d007
commit bf0308e350
27 changed files with 6651 additions and 196 deletions
--- a/backend/src/modules/user/user.controller.ts
+++ b/backend/src/modules/user/user.controller.ts
@@ -8,40 +8,48 @@ import {
  Delete,
  UseGuards,
  ParseIntPipe,
+  Request, // <--- อย่าลืม Import Request
 } from '@nestjs/common';
 import { UserService } from './user.service.js';
 import { CreateUserDto } from './dto/create-user.dto.js';
 import { UpdateUserDto } from './dto/update-user.dto.js';
+import { AssignRoleDto } from './dto/assign-role.dto.js'; // <--- Import DTO
+import { UserAssignmentService } from './user-assignment.service.js'; // <--- Import Service ใหม่
+
 import { JwtAuthGuard } from '../../common/auth/jwt-auth.guard.js';
-import { RequirePermission } from '../../common/decorators/require-permission.decorator.js';
 import { RbacGuard } from '../../common/auth/rbac.guard.js';
+import { RequirePermission } from '../../common/decorators/require-permission.decorator.js';

@Controller('users')
-@UseGuards(JwtAuthGuard, RbacGuard) // 🔒 เพิ่ม RbacGuard ต่อท้าย) // 🔒 บังคับ Login ทุก Endpoints ในนี้
+@UseGuards(JwtAuthGuard, RbacGuard)
 export class UserController {
-  constructor(private readonly userService: UserService) {}
+  constructor(
+    private readonly userService: UserService,
+    private readonly assignmentService: UserAssignmentService, // <--- ✅ Inject Service เข้ามา
+  ) {}
+
+  // --- User CRUD ---

-  // 1. สร้างผู้ใช้ใหม่
  @Post()
-  @RequirePermission('user.create') // 🔒 ต้องมีสิทธิ์ user.create ถึงจะเข้าได้
+  @RequirePermission('user.create')
  create(@Body() createUserDto: CreateUserDto) {
    return this.userService.create(createUserDto);
  }

-  // 2. ดูรายชื่อผู้ใช้ทั้งหมด
  @Get()
+  @RequirePermission('user.view')
  findAll() {
    return this.userService.findAll();
  }

-  // 3. ดูข้อมูลผู้ใช้รายคน (ตาม ID)
  @Get(':id')
+  @RequirePermission('user.view')
  findOne(@Param('id', ParseIntPipe) id: number) {
    return this.userService.findOne(id);
  }

-  // 4. แก้ไขข้อมูลผู้ใช้
  @Patch(':id')
+  @RequirePermission('user.edit')
  update(
    @Param('id', ParseIntPipe) id: number,
    @Body() updateUserDto: UpdateUserDto,
@@ -49,9 +57,17 @@ export class UserController {
    return this.userService.update(id, updateUserDto);
  }

-  // 5. ลบผู้ใช้ (Soft Delete)
  @Delete(':id')
+  @RequirePermission('user.delete')
  remove(@Param('id', ParseIntPipe) id: number) {
    return this.userService.remove(id);
  }
+
+  // --- Role Assignment ---
+
+  @Post('assign-role') // <--- ✅ ต้องมี @ เสมอครับ
+  @RequirePermission('permission.assign')
+  assignRole(@Body() dto: AssignRoleDto, @Request() req: any) {
+    return this.assignmentService.assignRole(dto, req.user);
+  }
 }