report access right

1年前 · 5fd20dcb0c
--- a/src/components/CostAndExpenseReport/CostAndExpenseReport.tsx
+++ b/src/components/CostAndExpenseReport/CostAndExpenseReport.tsx
@@ -11,12 +11,13 @@ import { downloadFile } from "@/app/utils/commonUtil";
 interface Props {
  team: TeamResult[];
  customer: Customer[];
  needAll: boolean | undefined;
 }

 type SearchQuery = Partial<Omit<CostAndExpenseReportFilter, "id">>;
 type SearchParamNames = keyof SearchQuery;

 const CostAndExpenseReport: React.FC<Props> = ({ team, customer }) => {
 const CostAndExpenseReport: React.FC<Props> = ({ team, customer, needAll }) => {
  const { t } = useTranslation("report");
  const teamCombo = team.map((t) => `${t.name} - ${t.code}`);
  const custCombo = customer.map(c => ({label: `${c.name} - ${c.code}`, value: c.id}))
@@ -28,7 +29,7 @@ const CostAndExpenseReport: React.FC<Props> = ({ team, customer }) => {
        paramName: "team",
        type: "select",
        options: teamCombo,
        needAll: true,
        needAll: needAll,
      },
      { 
        label: t("Client"), 
--- a/src/components/CostAndExpenseReport/CostAndExpenseReportWrapper.tsx
+++ b/src/components/CostAndExpenseReport/CostAndExpenseReportWrapper.tsx
@@ -1,18 +1,30 @@
 import React from "react";
 import { fetchAllCustomers } from "@/app/api/customer";
 import { fetchTeam } from "@/app/api/team";
 import { fetchIndivTeam, fetchTeam } from "@/app/api/team";
 import CostAndExpenseReport from "./CostAndExpenseReport";
 import CostAndExpenseReportLoading from "./CostAndExpenseReportLoading";

 import { headers, cookies } from 'next/headers';
 import { getServerSession } from "next-auth";
 import { authOptions } from "@/config/authConfig";
 import { TEAM_LEAD } from "@/middleware";
 interface SubComponents {
  Loading: typeof CostAndExpenseReportLoading;
 }

 const CostAndExpenseReportWrapper: React.FC & SubComponents = async () => {
    const customers = await fetchAllCustomers()
    const teams = await fetchTeam ()
    const session: any = await getServerSession(authOptions)
    const teamId = session.staff?.team.id
    const role = session!.role
    let customers = await fetchAllCustomers()
    let teams = await fetchTeam()
    let needAll = true
    
    if (role === TEAM_LEAD) {
      needAll = false
      teams = teams.filter((team) => team.id === teamId);
    } 

    return <CostAndExpenseReport team={teams} customer={customers}/>
    return <CostAndExpenseReport team={teams} customer={customers} needAll={needAll} />
 };

 CostAndExpenseReportWrapper.Loading = CostAndExpenseReportLoading;
--- a/src/config/authConfig.ts
+++ b/src/config/authConfig.ts
@@ -3,6 +3,8 @@ import CredentialsProvider from "next-auth/providers/credentials";
 import { LOGIN_API_PATH } from "./api";

 export interface SessionWithTokens extends Session {
  staff?: any;
  role?: String;
  abilities?: any[];
  accessToken?: string;
  refreshToken?: string;
@@ -52,12 +54,14 @@ export const authOptions: AuthOptions = {
    session({ session, token }) {
      const sessionWithToken: SessionWithTokens = {
        ...session,
        role: token.role as String,
        // Add the data from the token to the session
        abilities: (token.abilities as ability[]).map(
          (item: ability) => item.actionSubjectCombo,
        ) as string[],
        accessToken: token.accessToken as string | undefined,
        refreshToken: token.refreshToken as string | undefined,
        staff: token.staff as any
      };
      // console.log(sessionWithToken)
      return sessionWithToken;
--- a/src/middleware.ts
+++ b/src/middleware.ts
@@ -3,6 +3,21 @@ import { ability, authOptions } from "@/config/authConfig";
 import { NextFetchEvent, NextResponse } from "next/server";
 import { getToken } from "next-auth/jwt";

 // user groups
 export const [
  SUPER_ADMIN,
  TOP_MANAGEMENT,
  TEAM_LEAD,
  NORMAL_STAFF,
  SUPPORTING_STAFF
 ] = [
  "Super Admin",
  "Top Management",
  "Team Leader",
  "Normal Staff",
  "Supporting Staff"
 ]

 // abilities
 export const [
  VIEW_USER,
@@ -61,7 +76,7 @@ export default async function middleware(
  event: NextFetchEvent,
 ) {
  const langPref = req.nextUrl.searchParams.get(LANG_QUERY_PARAM);
  const token = await getToken({ req: req, secret: process.env.SECRET });
  // const token = await getToken({ req: req, secret: process.env.SECRET });
  if (langPref) {
    // Redirect to same url without the lang query param + set cookies
    const newUrl = new URL(req.nextUrl);