wibu/sistem-desa-mandiri
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: filter approver berdasarkan group pada project dan division task

Browse Source 
- project/task approval: filter isApprover berdasarkan desa + group project
- project/task approval: supadmin tetap hanya filter desa
- division/task approval: expose idGroup dari Division pada response cat=data
- division/task approval: filter isApprover berdasarkan desa + group division
- division/task approval PUT: ganti getApproverStatus dengan cek langsung
  berdasarkan village, group, dan keanggotaan division admin
This commit is contained in:
amaliadwiy
2026-05-18 14:52:38 +08:00
parent 7622c58ce4
commit b95fd9543c
3 changed files with 55 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/app/api/mobile/task/[id]/route.ts
View File

@@ -25,6 +25,9 @@ export async function GET(request: Request, context: { params: { id: string } })
where: {
id: String(id),
isActive: true
},
include: {
Division: { select: { idGroup: true } }
}
});
@@ -33,7 +36,7 @@ export async function GET(request: Request, context: { params: { id: string } })
}
if (kategori == "data") {
allData = data
allData = { ...data, idGroup: data.Division.idGroup }
} else if (kategori == "progress") {
const dataProgress = await prisma.divisionProjectTask.findMany({
where: {

54
src/app/api/mobile/task/tugas/[id]/approval/route.ts
View File

@@ -96,13 +96,19 @@ async function sendNotification({
}
async function getApproversForDivision(idVillage: string, idDivision: string): Promise<NotifTarget[]> {
const division = await prisma.division.findUnique({
where: { id: idDivision },
select: { idGroup: true }
});
const idGroup = division?.idGroup;
const [globalApprovers, divisionAdmins] = await Promise.all([
prisma.user.findMany({
where: {
isActive: true,
idVillage,
OR: [
{ isApprover: true },
{ isApprover: true, idGroup },
{ UserRole: { id: 'supadmin' } }
]
},
@@ -285,23 +291,35 @@ export async function PUT(request: Request, context: { params: { id: string } })
return NextResponse.json({ success: false, message: "Anda harus login untuk mengakses ini" }, { status: 200 });
}
const canApprove = await getApproverStatus(userMobile.id);
if (!canApprove) {
// Check if division admin
const task = await prisma.divisionProjectTask.findUnique({
where: { id, isActive: true },
select: { idDivision: true }
});
if (task) {
const isDivAdmin = await prisma.divisionMember.count({
where: { idDivision: task.idDivision, idUser: userMobile.id, isAdmin: true, isActive: true }
});
if (isDivAdmin === 0) {
return NextResponse.json({ success: false, message: "Anda tidak memiliki izin untuk menyetujui atau menolak tugas" }, { status: 200 });
}
} else {
return NextResponse.json({ success: false, message: "Tugas tidak ditemukan" }, { status: 200 });
}
const taskForAuth = await prisma.divisionProjectTask.findUnique({
where: { id, isActive: true },
select: { idDivision: true }
});
if (!taskForAuth) {
return NextResponse.json({ success: false, message: "Tugas tidak ditemukan" }, { status: 200 });
}
const [division, userFull, isDivAdmin] = await Promise.all([
prisma.division.findUnique({
where: { id: taskForAuth.idDivision },
select: { idGroup: true, idVillage: true }
}),
prisma.user.findUnique({
where: { id: userMobile.id },
select: { isApprover: true, idGroup: true, idVillage: true, UserRole: { select: { id: true } } }
}),
prisma.divisionMember.count({
where: { idDivision: taskForAuth.idDivision, idUser: userMobile.id, isAdmin: true, isActive: true }
})
]);
const isSupadmin = APPROVER_ROLES.includes(userFull?.UserRole?.id ?? '');
const isGroupApprover = !!(userFull?.isApprover &&
userFull.idVillage === division?.idVillage &&
userFull.idGroup === division?.idGroup);
if (!isSupadmin && !isGroupApprover && isDivAdmin === 0) {
return NextResponse.json({ success: false, message: "Anda tidak memiliki izin untuk menyetujui atau menolak tugas" }, { status: 200 });
}
const task = await prisma.divisionProjectTask.findUnique({