1. add authority to dashboard

2. update projectTask (fix error -> cannot remove project task when edit project)

src/main/java/com/ffii/tsms/modules/data/service/DashboardService.kt

@@ -19,6 +19,7 @@ open class DashboardService(
     private val customerTypeRepository: CustomerTypeRepository,
     private val customerSubsidiaryService: CustomerSubsidiaryService,
     private val customerContactService: CustomerContactService,
+    private val staffsService: StaffsService,
     private val jdbcDao: JdbcDao
 ) {
 
@@ -43,6 +44,7 @@ open class DashboardService(
             + " from customer c"
             + " left join project p on c.id = p.customerId"
             + " left join subsidiary s on p.customerSubsidiaryId  = s.id"
+            + " left join team t on t.teamLead = p.teamLead"
             + " where c.deleted = 0"
             + " and p.status not in (\"Pending to Start\",\"Completed\",\"Deleted\")"
         )
@@ -52,6 +54,14 @@ open class DashboardService(
             if (args.containsKey("customerCode"))
                 sql.append(" AND c.code = :customerCode");
         }
+
+        if (viewDashboardAuthority() == "self") {
+            val teamId = staffsService.currentStaff()?.team?.id
+            if (teamId != null) {
+                sql.append(" AND t.id = $teamId")
+            }
+        }
+
         sql.append(" group by c.id, c.name, c.code, c.address, c.district, c.brNo, c.typeId, s.id, s.name, s.code, s.address, s.district, s.brNo, s.typeId");
         return jdbcDao.queryForList(sql.toString(), args)
     }
@@ -93,9 +103,16 @@ open class DashboardService(
                 + " where p.customerId = :customerId"
                 + " and p.customerSubsidiaryId = :subsidiaryId"
                 + " and p.status not in (\"Pending to Start\",\"Completed\",\"Deleted\")"
-                + " group by p.id, p.code, p.name, te.code, s.name, tg.name, p.totalManhour, milestonePayment.comingPaymentMilestone"
         )
 
+        if (viewDashboardAuthority() == "self") {
+            val teamId = staffsService.currentStaff()?.team?.id
+            if (teamId != null) {
+                sql.append(" and te.id = $teamId")
+            }
+        }
+
+        sql.append(" group by p.id, p.code, p.name, te.code, s.name, tg.name, p.totalManhour, milestonePayment.comingPaymentMilestone")
         return jdbcDao.queryForList(sql.toString(), args)
     }
 
@@ -236,9 +253,16 @@ open class DashboardService(
                 + " left join project p on s.id = p.teamLead"
                 + " where t.deleted = 0"
                 + " and p.status not in (\"Pending to Start\",\"Completed\",\"Deleted\")"
-                + " group by t.id,t.teamLead,t.code,t.name"
         )
 
+        if (viewDashboardAuthority() == "self") {
+            val teamId = staffsService.currentStaff()?.team?.id
+            if (teamId != null) {
+                sql.append(" and t.id = $teamId")
+            }
+        }
+
+        sql.append(" group by t.id,t.teamLead,t.code,t.name")
         return jdbcDao.queryForList(sql.toString(), args)
     }
 
@@ -339,6 +363,14 @@ open class DashboardService(
             + " where t.deleted = 0"
             + " and p.status = 'On-going'"
             )
+
+        if (viewDashboardAuthority() == "self") {
+            val teamId = staffsService.currentStaff()?.team?.id
+            if (teamId != null) {
+                sql.append(" and t.id = $teamId")
+            }
+        }
+
         sql.append(" group by t.id, t.name")
 
         return jdbcDao.queryForList(sql.toString(), args)
@@ -565,6 +597,13 @@ open class DashboardService(
                 + " and p.status = 'On-going'"
         )
 
+        if (viewDashboardAuthority() == "self") {
+            val teamId = staffsService.currentStaff()?.team?.id
+            if (teamId != null) {
+                sql.append(" and t.id = $teamId")
+            }
+        }
+
         return jdbcDao.queryForList(sql.toString(), args)
     }
     fun CashFlowMonthlyIncomeByMonth(args: Map<String, Any>): List<Map<String, Any>> {
@@ -977,6 +1016,13 @@ open class DashboardService(
                     + " and p.deleted = 0"
         )
 
+        if (viewDashboardAuthority() == "self") {
+            val teamLeadId = staffsService.currentStaff()?.id
+            if (teamLeadId != null) {
+                sql.append(" and p.teamLead = $teamLeadId")
+            }
+        }
+
         return jdbcDao.queryForList(sql.toString(), args)
     }
     fun projectResourceSummaryInformation(args: Map<String, Any>): List<Map<String, Any>> {
@@ -1384,11 +1430,20 @@ open class DashboardService(
                     + " where g.deleted = 0"
                     + " and t.recordDate >= :startdate"
                     + " and t.recordDate < DATE_FORMAT(:enddate, '%Y-%m-%d 23:59:59')"
-                    + " group by g.id"
-                    + " ) as records on records.gid = g.id"
-                    + " group by g.id, g.name,records.manhours"
+
         )
 
+        if (viewDashboardAuthority() == "self") {
+            val teamId = staffsService.currentStaff()?.team?.id
+            if (teamId != null) {
+                sql.append(" and s.teamId = $teamId")
+            }
+        }
+
+        sql.append(" group by g.id"
+                + " ) as records on records.gid = g.id"
+                + " group by g.id, g.name,records.manhours")
+
         return jdbcDao.queryForList(sql.toString(), args)
     }
     fun staffGradeTotalPlannedManhours(args: Map<String, Any>): List<Map<String, Any>> {
@@ -1417,9 +1472,17 @@ open class DashboardService(
             + " where p.status = 'On-going'"
             + " and p.planEnd > :startdate"
             + " and p.planStart < :enddate"
-            + " order by g.id"
         )
 
+        if (viewDashboardAuthority() == "self") {
+            val teamLeadId = staffsService.currentStaff()?.id
+            if (teamLeadId != null) {
+                sql.append(" and p.teamLead = $teamLeadId")
+            }
+        }
+
+        sql.append(" order by g.id")
+
         return jdbcDao.queryForList(sql.toString(), args)
     }
     fun IndividualStaffManhoursSpentByMonth(args: Map<String, Any>): List<Map<String, Any>> {
@@ -1606,8 +1669,30 @@ open class DashboardService(
                 + " where s.deleted = 0"
         )
 
+        if (viewDashboardAuthority() == "self") {
+            val teamId = staffsService.currentStaff()?.team?.id
+            if (teamId != null) {
+                sql.append(" and s.teamId = $teamId")
+            }
+        }
+
         return jdbcDao.queryForList(sql.toString(), args)
     }
+
+    fun viewDashboardAuthority(): String {
+        val authorities = staffsService.currentAuthorities() ?: return "no_authority"
+
+        val authorityViewDashboardAll = authorities.stream().anyMatch { it.authority.equals("VIEW_DASHBOARD_ALL") }
+        val authorityViewDashboardSelf = authorities.stream().anyMatch { it.authority.equals("VIEW_DASHBOARD_SELF") }
+
+        return if (authorityViewDashboardAll) {
+            "all"
+        } else if (authorityViewDashboardSelf) {
+            "self"
+        } else {
+            "no_authority"
+        }
+    }
 }
 
 

src/main/java/com/ffii/tsms/modules/data/service/StaffsService.kt

@@ -9,6 +9,7 @@ import com.ffii.tsms.modules.data.entity.projections.StaffSearchInfo
 import com.ffii.tsms.modules.data.web.models.NewStaffRequest
 import com.ffii.tsms.modules.user.entity.User
 import com.ffii.tsms.modules.user.entity.UserRepository
+import org.springframework.security.core.GrantedAuthority
 import org.springframework.security.crypto.password.PasswordEncoder
 import org.springframework.stereotype.Service
 import org.springframework.transaction.annotation.Transactional
@@ -94,12 +95,7 @@ open class StaffsService(
     }
 
     open fun getCurrentStaff(userId: Long): Optional<MutableMap<String, Any>>? {
-        val staff = staffRepository.findByUserId(userId).orElse(null)
-        logger.info(staff)
-
-        if (staff == null) {
-            return Optional.ofNullable(null)
-        }
+        val staff = staffRepository.findByUserId(userId).orElse(null) ?: return Optional.ofNullable(null)
 
         val sql = StringBuilder("select " +
                 " s.id as id, " +
@@ -255,4 +251,8 @@ open class StaffsService(
             staffRepository.findByUserId(user.id).getOrNull()
         }
     }
+
+    open fun currentAuthorities(): Collection<GrantedAuthority>? {
+        return SecurityUtils.getUser().getOrNull()?.authorities
+    }
 }

src/main/java/com/ffii/tsms/modules/data/web/DashboardController.kt

@@ -2,10 +2,6 @@ package com.ffii.tsms.modules.data.web
 
 import com.ffii.tsms.modules.data.entity.Customer
 import com.ffii.tsms.modules.data.entity.CustomerType
-import com.ffii.tsms.modules.data.service.CustomerContactService
-import com.ffii.tsms.modules.data.service.CustomerService
-import com.ffii.tsms.modules.data.service.CustomerSubsidiaryService
-import com.ffii.tsms.modules.data.service.DashboardService
 import com.ffii.tsms.modules.data.web.models.CustomerResponse
 import com.ffii.tsms.modules.data.web.models.SaveCustomerResponse
 import com.ffii.tsms.modules.project.web.models.SaveCustomerRequest
@@ -22,6 +18,7 @@ import org.springframework.web.bind.annotation.DeleteMapping
 import org.springframework.web.bind.annotation.ResponseStatus
 import com.ffii.core.response.RecordsRes
 import com.ffii.core.utils.CriteriaArgsBuilder
+import com.ffii.tsms.modules.data.service.*
 
 @RestController
 @RequestMapping("/dashboard")
@@ -29,7 +26,8 @@ class DashboardController(
     private val customerService: CustomerService,
     private val customerSubsidiaryService: CustomerSubsidiaryService,
     private val customerContactService: CustomerContactService,
-    private val dashboardService: DashboardService
+    private val dashboardService: DashboardService,
+    private val staffsService: StaffsService,
 ) {
     @GetMapping("/searchCustomerSubsidiary")
     fun searchCustomerSubsidiary(request: HttpServletRequest?): List<Map<String, Any>> {
@@ -94,13 +92,19 @@ class DashboardController(
     }
     @GetMapping("/searchFinancialSummaryCard")
     fun searchFinancialSummaryCard(request: HttpServletRequest?): List<Map<String, Any>> {
-        val args = mutableMapOf<String, Any>()
-        val allTeamCardData = dashboardService.searchFinancialSummaryAllTeamCard(args)
-        val cardData = dashboardService.searchFinancialSummaryCard(args)
+        val authority = dashboardService.viewDashboardAuthority()
 
+        val args = mutableMapOf<String, Any>()
         val result = mutableListOf<Map<String, Any>>()
-        result.addAll(allTeamCardData)
-        result.addAll(cardData)
+        if (authority == "all") {
+            val allTeamCardData = dashboardService.searchFinancialSummaryAllTeamCard(args)
+            val cardData = dashboardService.searchFinancialSummaryCard(args)
+            result.addAll(allTeamCardData)
+            result.addAll(cardData)
+        } else if (authority == "self") {
+            val cardData = dashboardService.searchFinancialSummaryCard(args)
+            result.addAll(cardData)
+        }
 
         return result
     }

src/main/java/com/ffii/tsms/modules/project/entity/ProjectTask.kt

@@ -11,7 +11,7 @@ open class ProjectTask : IdEntity<Long>() {
     @ManyToOne
     open var project: Project? = null
 
-    @ManyToOne(cascade = [CascadeType.ALL])
+    @ManyToOne
     @JoinColumn(name = "milestoneId")
     open var milestone: Milestone? = null