task

2024-09-11 15:59:38 +07:00 · 2024-09-11 15:59:38 +07:00 · 0fd8e81d71
commit 0fd8e81d71
parent 172a917086
5 changed files with 32 additions and 2 deletions
--- a/BMA.EHR.Command.Service/Controllers/OrderController.cs
+++ b/BMA.EHR.Command.Service/Controllers/OrderController.cs
@ -6431,6 +6431,12 @@ namespace BMA.EHR.Command.Service.Controllers
        {
            try
            {
+                var getPermission = await _permission.GetPermissionAPIAsync("CREATE", "COMMAND");
+                var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+                if (jsonData["status"]?.ToString() != "200")
+                {
+                    return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+                }
                var token = string.Empty;
                if (AuthenticationHeaderValue.TryParse(authorization, out var headerValue))
                {
--- a/BMA.EHR.Discipline.Service/Controllers/DisciplineComplaint_ChannelController.cs
+++ b/BMA.EHR.Discipline.Service/Controllers/DisciplineComplaint_ChannelController.cs
@ -60,7 +60,7 @@ namespace BMA.EHR.DisciplineComplaint_Channel.Service.Controllers
        [HttpGet()]
        public async Task<ActionResult<ResponseObject>> GetDiscipline(int page = 1, int pageSize = 25, string keyword = "")
        {
-            var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_DISCIPLINE_COMPLAIN");
+            var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_DISCIPLINE_INFO");
            var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
            if (jsonData["status"]?.ToString() != "200")
            {
--- a/BMA.EHR.Placement.Service/Controllers/PlacementTransferController.cs
+++ b/BMA.EHR.Placement.Service/Controllers/PlacementTransferController.cs
@ -618,6 +618,13 @@ namespace BMA.EHR.Placement.Service.Controllers
        [HttpGet("confirm/{id:length(36)}")]
        public async Task<ActionResult<ResponseObject>> AdminConfirm(Guid id)
        {
+            var getPermission = await _permission.GetPermissionAPIAsync("UPDATE", "SYS_TRANSFER_REQ");
+            var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+            if (jsonData["status"]?.ToString() != "200")
+            {
+                return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+            }
+
            var uppdated = await _context.PlacementTransfers
                            .FirstOrDefaultAsync(x => x.Id == id);
            if (uppdated == null)
--- a/BMA.EHR.Retirement.Service/Controllers/RetirementDeceasedController.cs
+++ b/BMA.EHR.Retirement.Service/Controllers/RetirementDeceasedController.cs
@ -82,6 +82,12 @@ namespace BMA.EHR.Retirement.Service.Controllers
        [HttpGet()]
        public async Task<ActionResult<ResponseObject>> GetList()
        {
+            var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_PASSAWAY");
+            var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+            if (jsonData["status"]?.ToString() != "200")
+            {
+                return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+            }
            var rootId = "";
            var child1Id = "";
            var child2Id = "";
--- a/BMA.EHR.Retirement.Service/Controllers/RetirementResignController.cs
+++ b/BMA.EHR.Retirement.Service/Controllers/RetirementResignController.cs
@ -174,7 +174,12 @@ namespace BMA.EHR.Retirement.Service.Controllers
        [HttpGet()]
        public async Task<ActionResult<ResponseObject>> GetListByAdmin()
        {
-
+            var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_RESIGN");
+            var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+            if (jsonData["status"]?.ToString() != "200")
+            {
+                return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+            }
            var retirementResigns = await _context.RetirementResigns.AsQueryable()
                        .OrderByDescending(x => x.CreatedAt)
                        .Select(p => new
@ -1083,6 +1088,12 @@ $"คำขอลาออกของ {updated.prefix}{updated.firstName} {upda
        [HttpGet("questionnaire")]
        public async Task<ActionResult<ResponseObject>> GetListQuestion()
        {
+            var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_RESIGN_INTERVIEW");
+            var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+            if (jsonData["status"]?.ToString() != "200")
+            {
+                return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+            }
            var data = await _context.RetirementQuestions.AsQueryable()
                        .OrderByDescending(x => x.CreatedAt)
                        .Select(p => new