diff --git a/BMA.EHR.Leave/Controllers/LeaveController.cs b/BMA.EHR.Leave/Controllers/LeaveController.cs index 55493a74..6cbc93e6 100644 --- a/BMA.EHR.Leave/Controllers/LeaveController.cs +++ b/BMA.EHR.Leave/Controllers/LeaveController.cs @@ -17,6 +17,7 @@ using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.ObjectPool; using Newtonsoft.Json; +using Newtonsoft.Json.Linq; using RabbitMQ.Client; using Swashbuckle.AspNetCore.Annotations; using System.ComponentModel.DataAnnotations; @@ -48,8 +49,8 @@ namespace BMA.EHR.Leave.Service.Controllers private readonly UserDutyTimeRepository _userDutyTimeRepository; private readonly AdditionalCheckRequestRepository _additionalCheckRequestRepository; private readonly LeaveRequestRepository _leaveRequestRepository; - private readonly UserCalendarRepository _userCalendarRepository; + private readonly PermissionRepository _permission; private readonly CommandRepository _commandRepository; @@ -77,7 +78,8 @@ namespace BMA.EHR.Leave.Service.Controllers UserCalendarRepository userCalendarRepository, CommandRepository commandRepository, LeaveRequestRepository leaveRequestRepository, - ObjectPool objectPool) + ObjectPool objectPool, + PermissionRepository permission) { _dutyTimeRepository = dutyTimeRepository; _context = context; @@ -95,6 +97,7 @@ namespace BMA.EHR.Leave.Service.Controllers _leaveRequestRepository = leaveRequestRepository; _objectPool = objectPool; + _permission = permission; } #endregion @@ -140,6 +143,12 @@ namespace BMA.EHR.Leave.Service.Controllers [ProducesResponseType(StatusCodes.Status500InternalServerError)] public async Task> GetAllAsync() { + var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_WORK_ROUND"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data = await _dutyTimeRepository.GetAllAsync(); return Success(data); @@ -178,6 +187,13 @@ namespace BMA.EHR.Leave.Service.Controllers [ProducesResponseType(StatusCodes.Status500InternalServerError)] public async Task> PostAsync([FromBody] CreateDutyTimeDto data) { + var getPermission = await _permission.GetPermissionAPIAsync("CREATE", "SYS_WORK_ROUND"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } + // validate var startMorning = TimeOnly.Parse(data.StartTimeMorning); var endMorning = TimeOnly.Parse(data.EndTimeMorning); @@ -257,6 +273,13 @@ namespace BMA.EHR.Leave.Service.Controllers [ProducesResponseType(StatusCodes.Status500InternalServerError)] public async Task> PutAsync(Guid id, [FromBody] UpdateDutyTimeDto data) { + var getPermission = await _permission.GetPermissionAPIAsync("UPDATE", "SYS_WORK_ROUND"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } + var oldData = await _dutyTimeRepository.GetByIdAsync(id); if (oldData == null) { @@ -300,6 +323,13 @@ namespace BMA.EHR.Leave.Service.Controllers [ProducesResponseType(StatusCodes.Status500InternalServerError)] public async Task> DeleteAsync(Guid id) { + var getPermission = await _permission.GetPermissionAPIAsync("DELETE", "SYS_WORK_ROUND"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } + var oldData = await _dutyTimeRepository.GetByIdAsync(id); if (oldData == null) { @@ -339,6 +369,12 @@ namespace BMA.EHR.Leave.Service.Controllers [ProducesResponseType(StatusCodes.Status500InternalServerError)] public async Task> GetAllActiveAsync() { + var getPermission = await _permission.GetPermissionAPIAsync("GET", "SYS_WORK_ROUND_EDIT"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data = await _dutyTimeRepository.GetAllActiveAsync(); return Success(data); @@ -979,6 +1015,13 @@ namespace BMA.EHR.Leave.Service.Controllers [ProducesResponseType(StatusCodes.Status500InternalServerError)] public async Task> LogRecordAsync([Required] DateTime startDate, [Required] DateTime endDate, int page = 1, int pageSize = 10, string keyword = "") { + var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_CHECKIN"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } + if (startDate.Date > endDate.Date) { return Error(new Exception("วันเริ่มต้นต้องมีค่าน้อยกว่าหรือเท่ากับวันสิ้นสุด"), StatusCodes.Status400BadRequest); @@ -1047,8 +1090,14 @@ namespace BMA.EHR.Leave.Service.Controllers [ProducesResponseType(StatusCodes.Status500InternalServerError)] public async Task> GetTimeRecordAsync([Required] Guid id) { - var imgUrl = $"{_configuration["MinIO:Endpoint"]}{_configuration["MinIO:BucketName"]}"; + var getPermission = await _permission.GetPermissionAPIAsync("GET", "SYS_CHECKIN"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } + var imgUrl = $"{_configuration["MinIO:Endpoint"]}{_configuration["MinIO:BucketName"]}"; var d = (await _processUserTimeStampRepository.GetTimeStampById(id)); if (d == null) @@ -1145,6 +1194,12 @@ namespace BMA.EHR.Leave.Service.Controllers [AllowAnonymous] public async Task> GetTimeRecordAsync([Required] DateTime startDate, [Required] DateTime endDate, int page = 1, int pageSize = 10, string status = "NORMAL", string keyword = "") { + var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_CHECKIN"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } if (startDate.Date > endDate.Date) { return Error(new Exception("วันเริ่มต้นต้องมีค่าน้อยกว่าหรือเท่ากับวันสิ้นสุด"), StatusCodes.Status400BadRequest); @@ -1322,7 +1377,12 @@ namespace BMA.EHR.Leave.Service.Controllers [ProducesResponseType(StatusCodes.Status500InternalServerError)] public async Task> SearchProfileAsync([FromBody] DTOs.ChangeRound.SearchProfileDto req) { - + var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_WORK_ROUND_EDIT"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var profile = await _userProfileRepository.SearchProfile(req.CitizenId, req.FirstName, req.LastName, AccessToken ?? ""); var pagedProfile = profile.Skip((req.Page - 1) * req.PageSize).Take(req.PageSize).ToList(); @@ -1369,6 +1429,12 @@ namespace BMA.EHR.Leave.Service.Controllers [ProducesResponseType(StatusCodes.Status500InternalServerError)] public async Task> CreateChangeRoundAsync([FromBody] CreateChangeRoundDto req) { + var getPermission = await _permission.GetPermissionAPIAsync("UPDATE", "SYS_WORK_ROUND_EDIT"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var currentDate = DateTime.Now.Date; if (req.EffectiveDate.Date < currentDate) { @@ -1410,6 +1476,12 @@ namespace BMA.EHR.Leave.Service.Controllers [ProducesResponseType(StatusCodes.Status500InternalServerError)] public async Task> GetChangeRoundHistoryByProfileIdAsync(Guid id, int page = 1, int pageSize = 10, string keyword = "") { + var getPermission = await _permission.GetPermissionAPIAsync("GET", "SYS_WORK_ROUND_EDIT"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data = await _userDutyTimeRepository.GetListByProfileIdAsync(id); var resultSet = new List(); @@ -1498,6 +1570,13 @@ namespace BMA.EHR.Leave.Service.Controllers [ProducesResponseType(StatusCodes.Status500InternalServerError)] public async Task> GetAdditionalCheckRequestAsync([Required] int year, [Required] int month, [Required] int page = 1, [Required] int pageSize = 10, string keyword = "") { + var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_CHECKIN_SPECIAL"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } + var rawData = await _additionalCheckRequestRepository.GetAdditionalCheckRequests(year, month); var getDefaultRound = await _dutyTimeRepository.GetDefaultAsync(); @@ -1605,6 +1684,12 @@ namespace BMA.EHR.Leave.Service.Controllers [ProducesResponseType(StatusCodes.Status500InternalServerError)] public async Task> ApproveRequestAsync(Guid id, [FromBody] ApproveRequestDto req) { + var getPermission = await _permission.GetPermissionAPIAsync("UPDATE", "SYS_CHECKIN_SPECIAL"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } if (req.Reason == null || req.Reason == string.Empty) { return Error("กรุณากรอกเหตุผล", StatusCodes.Status400BadRequest); @@ -1701,6 +1786,12 @@ namespace BMA.EHR.Leave.Service.Controllers [ProducesResponseType(StatusCodes.Status500InternalServerError)] public async Task> RejectRequestAsync(Guid id, [FromBody] RejectRequestDto req) { + var getPermission = await _permission.GetPermissionAPIAsync("UPDATE", "SYS_CHECKIN_SPECIAL"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } if (req.Reason == null || req.Reason == string.Empty) { return Error("กรุณากรอกเหตุผล", StatusCodes.Status400BadRequest); @@ -1745,6 +1836,13 @@ namespace BMA.EHR.Leave.Service.Controllers [ProducesResponseType(StatusCodes.Status500InternalServerError)] public async Task> GetLogRecordAsync([Required] Guid id) { + var getPermission = await _permission.GetPermissionAPIAsync("GET", "SYS_CHECKIN"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } + var imgUrl = $"{_configuration["MinIO:Endpoint"]}{_configuration["MinIO:BucketName"]}"; @@ -1963,6 +2061,12 @@ namespace BMA.EHR.Leave.Service.Controllers [ProducesResponseType(StatusCodes.Status500InternalServerError)] public async Task> GetCalendarByProfileAsync(Guid id) { + var getPermission = await _permission.GetPermissionAPIAsync("GET", "SYS_WORK_ROUND_EDIT"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data = await _userCalendarRepository.GetExist(id); if (data == null) return Success(new { Work = "NORMAL" }); @@ -1984,6 +2088,12 @@ namespace BMA.EHR.Leave.Service.Controllers [ProducesResponseType(StatusCodes.Status500InternalServerError)] public async Task> UpdateCalendarByProfileAsync(Guid id, [FromBody] UpdateCalendarDto req) { + var getPermission = await _permission.GetPermissionAPIAsync("UPDATE", "SYS_WORK_ROUND_EDIT"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data = await _userCalendarRepository.GetExist(id); if (data != null) { @@ -2023,6 +2133,12 @@ namespace BMA.EHR.Leave.Service.Controllers [ProducesResponseType(StatusCodes.Status500InternalServerError)] public async Task> EditCheckInStatusAsync(Guid id, [FromBody] EditCheckInStatusDto req) { + var getPermission = await _permission.GetPermissionAPIAsync("UPDATE", "SYS_CHECKIN"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data = await _processUserTimeStampRepository.GetByIdAsync(id); if (data == null) return Error(GlobalMessages.DataNotFound); diff --git a/BMA.EHR.Leave/Controllers/LeaveReportController.cs b/BMA.EHR.Leave/Controllers/LeaveReportController.cs index 3e9a6f16..c8a2ca55 100644 --- a/BMA.EHR.Leave/Controllers/LeaveReportController.cs +++ b/BMA.EHR.Leave/Controllers/LeaveReportController.cs @@ -10,6 +10,8 @@ using BMA.EHR.Domain.Shared; using BMA.EHR.Leave.Service.DTOs.Reports; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; +using Newtonsoft.Json.Linq; +using Newtonsoft.Json; using Swashbuckle.AspNetCore.Annotations; using System.Globalization; using System.Security.Claims; @@ -37,6 +39,7 @@ namespace BMA.EHR.Leave.Service.Controllers private readonly HolidayRepository _holidayRepository; private readonly UserCalendarRepository _userCalendarRepository; private readonly IHttpContextAccessor _httpContextAccessor; + private readonly PermissionRepository _permission; #endregion @@ -51,7 +54,8 @@ namespace BMA.EHR.Leave.Service.Controllers UserDutyTimeRepository userDutyTimeRepository, HolidayRepository holidayRepository, UserCalendarRepository userCalendarRepository, - IHttpContextAccessor httpContextAccessor) + IHttpContextAccessor httpContextAccessor, + PermissionRepository permission) { _leaveRequestRepository = leaveRequestRepository; _userProfileRepository = userProfileRepository; @@ -63,6 +67,7 @@ namespace BMA.EHR.Leave.Service.Controllers _holidayRepository = holidayRepository; _userCalendarRepository = userCalendarRepository; _httpContextAccessor = httpContextAccessor; + _permission = permission; } #endregion @@ -743,6 +748,12 @@ namespace BMA.EHR.Leave.Service.Controllers { try { + var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_LEAVE_REPORT"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } //var profile = await _userProfileRepository.SearchProfile(null, null, null); var profile = await _userProfileRepository.GetProfileWithKeycloak(AccessToken); if (profile.Count > 0) @@ -915,6 +926,12 @@ namespace BMA.EHR.Leave.Service.Controllers { try { + var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_LEAVE_REPORT"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var profile = await _userProfileRepository.SearchProfileEmployee(null, null, null, AccessToken ?? ""); var count = 1; var employees = new List(); diff --git a/BMA.EHR.Leave/Controllers/LeaveRequestController.cs b/BMA.EHR.Leave/Controllers/LeaveRequestController.cs index 3bba1d70..9dd6664f 100644 --- a/BMA.EHR.Leave/Controllers/LeaveRequestController.cs +++ b/BMA.EHR.Leave/Controllers/LeaveRequestController.cs @@ -13,6 +13,8 @@ using BMA.EHR.Leave.Service.DTOs.LeaveRequest; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Microsoft.EntityFrameworkCore; +using Newtonsoft.Json.Linq; +using Newtonsoft.Json; using Swashbuckle.AspNetCore.Annotations; using System.Security.Claims; @@ -39,6 +41,7 @@ namespace BMA.EHR.Leave.Service.Controllers private readonly HolidayRepository _holidayRepository; private readonly CommandRepository _commandRepository; private readonly UserCalendarRepository _userCalendarRepository; + private readonly PermissionRepository _permission; private const string APPROVE_STEP_CREATE = "st1"; private const string APPROVE_STEP_OFFICER_APPROVE = "st2"; @@ -60,7 +63,8 @@ namespace BMA.EHR.Leave.Service.Controllers MinIOLeaveService minIOService, HolidayRepository holidayRepository, CommandRepository commandRepository, - UserCalendarRepository userCalendarRepository) + UserCalendarRepository userCalendarRepository, + PermissionRepository permission) { _context = context; _httpContextAccessor = httpContextAccessor; @@ -73,6 +77,7 @@ namespace BMA.EHR.Leave.Service.Controllers _holidayRepository = holidayRepository; _commandRepository = commandRepository; _userCalendarRepository = userCalendarRepository; + _permission = permission; } #endregion @@ -1088,6 +1093,12 @@ namespace BMA.EHR.Leave.Service.Controllers public async Task> GetLeaveRequestForAdminAsync( [FromBody] GetLeaveRequestForAdminDto req) { + var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_LEAVE_LIST"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var rawData = await _leaveRequestRepository.GetLeaveRequestForAdminAsync(req.Year, req.Type, req.Status, req.StartDate, req.EndDate); var result = new List(); @@ -1343,6 +1354,12 @@ namespace BMA.EHR.Leave.Service.Controllers [ProducesResponseType(StatusCodes.Status500InternalServerError)] public async Task> OfficerApproveLeaveRequestAsync(Guid id) { + var getPermission = await _permission.GetPermissionAPIAsync("UPDATE", "SYS_LEAVE_LIST"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } await _leaveRequestRepository.OfficerApproveLeaveRequest(id); return Success(); @@ -1442,6 +1459,13 @@ namespace BMA.EHR.Leave.Service.Controllers [ProducesResponseType(StatusCodes.Status500InternalServerError)] public async Task> GetLeaveRequestForAdminByIdAsync(Guid id) { + var getPermission = await _permission.GetPermissionAPIAsync("GET", "SYS_LEAVE_LIST"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } + var userId = UserId == null ? Guid.Empty : Guid.Parse(UserId); var rawData = await _leaveRequestRepository.GetByIdAsync(id);