From 0cb940a927bfa447c8b9bac35615bea5f73abf05 Mon Sep 17 00:00:00 2001 From: Bright Date: Wed, 25 Sep 2024 17:58:37 +0700 Subject: [PATCH] fix permission insignia #635, #636 --- .../Controllers/InsigniaRequestController.cs | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/BMA.EHR.Insignia/Controllers/InsigniaRequestController.cs b/BMA.EHR.Insignia/Controllers/InsigniaRequestController.cs index de5fe6b5..fa05b5d4 100644 --- a/BMA.EHR.Insignia/Controllers/InsigniaRequestController.cs +++ b/BMA.EHR.Insignia/Controllers/InsigniaRequestController.cs @@ -2123,6 +2123,12 @@ namespace BMA.EHR.Insignia.Service.Controllers [HttpPut("preview/receice/{insigniaNoteId:length(36)}"), DisableRequestSizeLimit] public async Task> PreviewReceiceProfile([FromForm] ImportFileRequest req, Guid insigniaNoteId) { + var getPermission = await _permission.GetPermissionAPIAsync("UPDATE", "SYS_INSIGNIA_RECORD"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var insigniaNote = await _context.InsigniaNotes .Include(x => x.InsigniaNoteProfiles) //.ThenInclude(x => x.Profile) @@ -2249,6 +2255,12 @@ namespace BMA.EHR.Insignia.Service.Controllers [HttpPut("preview/invoice/{insigniaNoteId:length(36)}"), DisableRequestSizeLimit] public async Task> PreviewInvoiceProfile([FromForm] ImportFileRequest req, Guid insigniaNoteId) { + var getPermission = await _permission.GetPermissionAPIAsync("UPDATE", "SYS_INSIGNIA_RECORD"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var insigniaNote = await _context.InsigniaNotes .Include(x => x.InsigniaNoteProfiles) //.ThenInclude(x => x.Profile)