สิทธิ์ ลาลงเวลา admin

2024-09-24 11:53:09 +07:00 · 2024-09-24 11:53:09 +07:00 · 1496c1a438
commit 1496c1a438
parent 048a17224b
3 changed files with 163 additions and 6 deletions
--- a/BMA.EHR.Leave/Controllers/LeaveReportController.cs
+++ b/BMA.EHR.Leave/Controllers/LeaveReportController.cs
@ -10,6 +10,8 @@ using BMA.EHR.Domain.Shared;
 using BMA.EHR.Leave.Service.DTOs.Reports;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
+using Newtonsoft.Json.Linq;
+using Newtonsoft.Json;
 using Swashbuckle.AspNetCore.Annotations;
 using System.Globalization;
 using System.Security.Claims;
@ -37,6 +39,7 @@ namespace BMA.EHR.Leave.Service.Controllers
        private readonly HolidayRepository _holidayRepository;
        private readonly UserCalendarRepository _userCalendarRepository;
        private readonly IHttpContextAccessor _httpContextAccessor;
+        private readonly PermissionRepository _permission;

        #endregion

@ -51,7 +54,8 @@ namespace BMA.EHR.Leave.Service.Controllers
                                     UserDutyTimeRepository userDutyTimeRepository,
                                     HolidayRepository holidayRepository,
                                     UserCalendarRepository userCalendarRepository,
-                                     IHttpContextAccessor httpContextAccessor)
+                                     IHttpContextAccessor httpContextAccessor,
+                                     PermissionRepository permission)
        {
            _leaveRequestRepository = leaveRequestRepository;
            _userProfileRepository = userProfileRepository;
@ -63,6 +67,7 @@ namespace BMA.EHR.Leave.Service.Controllers
            _holidayRepository = holidayRepository;
            _userCalendarRepository = userCalendarRepository;
            _httpContextAccessor = httpContextAccessor;
+            _permission = permission;
        }

        #endregion
@ -743,6 +748,12 @@ namespace BMA.EHR.Leave.Service.Controllers
        {
            try
            {
+                var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_LEAVE_REPORT");
+                var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+                if (jsonData["status"]?.ToString() != "200")
+                {
+                    return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+                }
                //var profile = await _userProfileRepository.SearchProfile(null, null, null);
                var profile = await _userProfileRepository.GetProfileWithKeycloak(AccessToken);
                if (profile.Count > 0)
@ -915,6 +926,12 @@ namespace BMA.EHR.Leave.Service.Controllers
        {
            try
            {
+                var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_LEAVE_REPORT");
+                var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+                if (jsonData["status"]?.ToString() != "200")
+                {
+                    return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+                }
                var profile = await _userProfileRepository.SearchProfileEmployee(null, null, null, AccessToken ?? "");
                var count = 1;
                var employees = new List<dynamic>();