diff --git a/BMA.EHR.Insignia/Controllers/InsigniaRequestController.cs b/BMA.EHR.Insignia/Controllers/InsigniaRequestController.cs index de5fe6b5..fa05b5d4 100644 --- a/BMA.EHR.Insignia/Controllers/InsigniaRequestController.cs +++ b/BMA.EHR.Insignia/Controllers/InsigniaRequestController.cs @@ -2123,6 +2123,12 @@ namespace BMA.EHR.Insignia.Service.Controllers [HttpPut("preview/receice/{insigniaNoteId:length(36)}"), DisableRequestSizeLimit] public async Task> PreviewReceiceProfile([FromForm] ImportFileRequest req, Guid insigniaNoteId) { + var getPermission = await _permission.GetPermissionAPIAsync("UPDATE", "SYS_INSIGNIA_RECORD"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var insigniaNote = await _context.InsigniaNotes .Include(x => x.InsigniaNoteProfiles) //.ThenInclude(x => x.Profile) @@ -2249,6 +2255,12 @@ namespace BMA.EHR.Insignia.Service.Controllers [HttpPut("preview/invoice/{insigniaNoteId:length(36)}"), DisableRequestSizeLimit] public async Task> PreviewInvoiceProfile([FromForm] ImportFileRequest req, Guid insigniaNoteId) { + var getPermission = await _permission.GetPermissionAPIAsync("UPDATE", "SYS_INSIGNIA_RECORD"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var insigniaNote = await _context.InsigniaNotes .Include(x => x.InsigniaNoteProfiles) //.ThenInclude(x => x.Profile)