diff --git a/BMA.EHR.Insignia/Controllers/InsigniaManageController.cs b/BMA.EHR.Insignia/Controllers/InsigniaManageController.cs index 9218d370..c6fbbf5f 100644 --- a/BMA.EHR.Insignia/Controllers/InsigniaManageController.cs +++ b/BMA.EHR.Insignia/Controllers/InsigniaManageController.cs @@ -11,6 +11,7 @@ using Microsoft.AspNetCore.Mvc; using Microsoft.EntityFrameworkCore; using Microsoft.EntityFrameworkCore.Storage.ValueConversion.Internal; using Newtonsoft.Json; +using Newtonsoft.Json.Linq; using OfficeOpenXml.Export.ToDataTable; using Swashbuckle.AspNetCore.Annotations; @@ -30,13 +31,14 @@ namespace BMA.EHR.Insignia.Service.Controllers private readonly InsigniaPeriodsRepository _repository; private readonly NotificationRepository _repositoryNoti; private readonly UserProfileRepository _userProfileRepository; - + private readonly PermissionRepository _permission; public InsigniaManageController(ApplicationDBContext context, MinIOService documentService, InsigniaPeriodsRepository repository, NotificationRepository repositoryNoti, IHttpContextAccessor httpContextAccessor, - UserProfileRepository userProfileRepository) + UserProfileRepository userProfileRepository, + PermissionRepository permission) { _context = context; _documentService = documentService; @@ -44,6 +46,7 @@ namespace BMA.EHR.Insignia.Service.Controllers _repositoryNoti = repositoryNoti; _httpContextAccessor = httpContextAccessor; _userProfileRepository = userProfileRepository; + _permission = permission; } #region " Properties " @@ -69,6 +72,12 @@ namespace BMA.EHR.Insignia.Service.Controllers [HttpGet("type/{year}/{insigniaTypeId:length(36)}")] public async Task> GetList(int year, Guid insigniaTypeId) { + var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_INSIGNIA_ALLOCATE"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var insigniaType = await _context.InsigniaTypes .FirstOrDefaultAsync(x => x.Id == insigniaTypeId); if (insigniaType == null) @@ -135,6 +144,12 @@ namespace BMA.EHR.Insignia.Service.Controllers [HttpPost()] public async Task> Post([FromBody] InsigniaManageRequest req) { + var getPermission = await _permission.GetPermissionAPIAsync("CREATE", "SYS_INSIGNIA_ALLOCATE"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var insignia = await _context.Insignias.AsQueryable() .FirstOrDefaultAsync(x => x.Id == req.Insignia); if (insignia == null) @@ -176,6 +191,12 @@ namespace BMA.EHR.Insignia.Service.Controllers [HttpDelete("{insigniaManageId:length(36)}")] public async Task> Delete(Guid insigniaManageId) { + var getPermission = await _permission.GetPermissionAPIAsync("DELETE", "SYS_INSIGNIA_ALLOCATE"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var deleted = await _context.InsigniaManages.AsQueryable() .Where(x => x.Id == insigniaManageId) .FirstOrDefaultAsync(); @@ -200,6 +221,12 @@ namespace BMA.EHR.Insignia.Service.Controllers [HttpPut("{insigniaManageId:length(36)}")] public async Task> Put([FromBody] InsigniaManageRequest req, Guid insigniaManageId) { + var getPermission = await _permission.GetPermissionAPIAsync("UPDATE", "SYS_INSIGNIA_ALLOCATE"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var insignia = await _context.Insignias.AsQueryable() .FirstOrDefaultAsync(x => x.Id == req.Insignia); if (insignia == null) @@ -241,6 +268,12 @@ namespace BMA.EHR.Insignia.Service.Controllers [HttpGet("org/{insigniaManageId:length(36)}")] public async Task> GetListOrganization(Guid insigniaManageId) { + var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_INSIGNIA_ALLOCATE"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var insigniaManage = await _context.InsigniaManages.AsQueryable() .FirstOrDefaultAsync(x => x.Id == insigniaManageId); if (insigniaManage == null) @@ -274,6 +307,12 @@ namespace BMA.EHR.Insignia.Service.Controllers [HttpPost("org")] public async Task> PostOrganization([FromBody] InsigniaManageOrganizationRequest req) { + var getPermission = await _permission.GetPermissionAPIAsync("CREATE", "SYS_INSIGNIA_ALLOCATE"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var organization = _userProfileRepository.GetOc(req.OrganizationOrganizationId, 0, AccessToken); @@ -331,6 +370,13 @@ namespace BMA.EHR.Insignia.Service.Controllers [HttpDelete("org/{insigniaManageOrgId:length(36)}")] public async Task> DeleteOrganization(Guid insigniaManageOrgId) { + var getPermission = await _permission.GetPermissionAPIAsync("DELETE", "SYS_INSIGNIA_ALLOCATE"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } + var deleted = await _context.InsigniaManageOrganiations.AsQueryable() .FirstOrDefaultAsync(x => x.Id == insigniaManageOrgId); @@ -353,6 +399,12 @@ namespace BMA.EHR.Insignia.Service.Controllers [HttpPut("org/{insigniaManageOrgId:length(36)}")] public async Task> PutOrganization([FromBody] InsigniaManageOrganizationUpdateRequest req, Guid insigniaManageOrgId) { + var getPermission = await _permission.GetPermissionAPIAsync("UPDATE", "SYS_INSIGNIA_ALLOCATE"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var uppdated = await _context.InsigniaManageOrganiations.AsQueryable() //.Include(x => x.OrganizationOrganization) .Include(x => x.InsigniaManage) @@ -392,6 +444,12 @@ namespace BMA.EHR.Insignia.Service.Controllers [HttpGet("org/dashboard/{insigniaManageId:length(36)}")] public async Task> GetListDashboardOrganization(Guid insigniaManageId) { + var getPermission = await _permission.GetPermissionAPIAsync("GET", "SYS_INSIGNIA_ALLOCATE"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var insigniaManage = await _context.InsigniaManages.AsQueryable() .Include(x => x.InsigniaManageOrganiations) .Select(p => new diff --git a/BMA.EHR.Insignia/Controllers/InsigniaPeriodController.cs b/BMA.EHR.Insignia/Controllers/InsigniaPeriodController.cs index cc8868e8..baf7b1f7 100644 --- a/BMA.EHR.Insignia/Controllers/InsigniaPeriodController.cs +++ b/BMA.EHR.Insignia/Controllers/InsigniaPeriodController.cs @@ -9,6 +9,8 @@ using BMA.EHR.Infrastructure.Persistence; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Microsoft.EntityFrameworkCore; +using Newtonsoft.Json.Linq; +using Newtonsoft.Json; using Swashbuckle.AspNetCore.Annotations; namespace BMA.EHR.Insignia.Service.Controllers @@ -27,13 +29,14 @@ namespace BMA.EHR.Insignia.Service.Controllers private readonly InsigniaPeriodsRepository _repository; private readonly NotificationRepository _repositoryNoti; private readonly UserProfileRepository _userProfileRepository; - + private readonly PermissionRepository _permission; public InsigniaPeriodController(ApplicationDBContext context, MinIOService documentService, InsigniaPeriodsRepository repository, NotificationRepository repositoryNoti, IHttpContextAccessor httpContextAccessor, - UserProfileRepository userProfileRepository) + UserProfileRepository userProfileRepository, + PermissionRepository permission) { _context = context; _documentService = documentService; @@ -41,6 +44,7 @@ namespace BMA.EHR.Insignia.Service.Controllers _repositoryNoti = repositoryNoti; _httpContextAccessor = httpContextAccessor; _userProfileRepository = userProfileRepository; + _permission = permission; } #region " Properties " @@ -64,6 +68,12 @@ namespace BMA.EHR.Insignia.Service.Controllers [HttpGet()] public async Task> GetList() { + var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_INSIGNIA_ROUND"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var insigniaPeriods = await _context.InsigniaPeriods.AsQueryable() // .Where(x => x.Type == type) .OrderByDescending(x => x.Year) @@ -116,6 +126,12 @@ namespace BMA.EHR.Insignia.Service.Controllers [HttpGet("{id:length(36)}")] public async Task> GetById(Guid id) { + var getPermission = await _permission.GetPermissionAPIAsync("GET", "SYS_INSIGNIA_ROUND"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data = await _context.InsigniaPeriods.AsQueryable() .Where(x => x.Id == id) .Select(p => new @@ -170,6 +186,12 @@ namespace BMA.EHR.Insignia.Service.Controllers [HttpPost()] public async Task> Post([FromForm] InsigniaPeriodRequest req) { + var getPermission = await _permission.GetPermissionAPIAsync("CREATE", "SYS_INSIGNIA_ROUND"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var revisionId = await _userProfileRepository.GetLastRevision(AccessToken); var insigniaPeriod = await _context.InsigniaPeriods.AsQueryable() @@ -225,6 +247,12 @@ namespace BMA.EHR.Insignia.Service.Controllers [HttpDelete("{id:length(36)}")] public async Task> Delete(Guid id) { + var getPermission = await _permission.GetPermissionAPIAsync("DELETE", "SYS_INSIGNIA_ROUND"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var deleted = await _context.InsigniaPeriods.AsQueryable() .Include(x => x.ReliefDoc) .FirstOrDefaultAsync(x => x.Id == id); @@ -258,6 +286,12 @@ namespace BMA.EHR.Insignia.Service.Controllers [HttpPut("{id:length(36)}")] public async Task> Put([FromForm] InsigniaPeriodRequest req, Guid id) { + var getPermission = await _permission.GetPermissionAPIAsync("UPDATE", "SYS_INSIGNIA_ROUND"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } if (req == null) return BadRequest(); diff --git a/BMA.EHR.Insignia/Controllers/InsigniaRequestController.cs b/BMA.EHR.Insignia/Controllers/InsigniaRequestController.cs index 56eaf696..912e88d0 100644 --- a/BMA.EHR.Insignia/Controllers/InsigniaRequestController.cs +++ b/BMA.EHR.Insignia/Controllers/InsigniaRequestController.cs @@ -15,6 +15,7 @@ using Microsoft.AspNetCore.Mvc; using Microsoft.EntityFrameworkCore; using Microsoft.EntityFrameworkCore.Metadata.Internal; using Newtonsoft.Json; +using Newtonsoft.Json.Linq; using OfficeOpenXml; using RabbitMQ.Client; using Swashbuckle.AspNetCore.Annotations; @@ -43,7 +44,7 @@ namespace BMA.EHR.Insignia.Service.Controllers private readonly InsigniaPeriodsRepository _insigniaPeriodRepository; private readonly IConfiguration _configuration; - + private readonly PermissionRepository _permission; /// /// /// @@ -64,7 +65,8 @@ namespace BMA.EHR.Insignia.Service.Controllers IHttpContextAccessor httpContextAccessor, UserProfileRepository userProfileRepository, InsigniaPeriodsRepository insigniaPeriodRepository, - IConfiguration configuration) + IConfiguration configuration, + PermissionRepository permission) { _context = context; _documentService = documentService; @@ -75,6 +77,7 @@ namespace BMA.EHR.Insignia.Service.Controllers _userProfileRepository = userProfileRepository; _insigniaPeriodRepository = insigniaPeriodRepository; _configuration = configuration; + _permission = permission; } #region " Properties " @@ -343,6 +346,12 @@ namespace BMA.EHR.Insignia.Service.Controllers [HttpGet("{insigniaPeriodId:length(36)}/{ocId:length(36)}/{role}/{status}")] public async Task> GetInsignaiRequestBkk(Guid insigniaPeriodId, Guid ocId, string role, string status) { + var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_INSIGNIA_MANAGE"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var result = await _repository.GetInsigniaRequest(insigniaPeriodId, ocId); if (result != null) { @@ -947,6 +956,12 @@ namespace BMA.EHR.Insignia.Service.Controllers [HttpGet("dashboard/{insigniaPeriodId:length(36)}")] public async Task> DashboardInsigniaPeriod(Guid insigniaPeriodId) { + var getPermission = await _permission.GetPermissionAPIAsync("GET", "SYS_INSIGNIA_MANAGE"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var insigniaPeriod = await _context.InsigniaPeriods.FirstOrDefaultAsync(x => x.Id == insigniaPeriodId); if (insigniaPeriod == null) return Error(GlobalMessages.InsigniaRequestNotFound); @@ -974,6 +989,12 @@ namespace BMA.EHR.Insignia.Service.Controllers [HttpGet("org/no-send/{insigniaPeriodId:length(36)}")] public async Task> ListOrgDontSentUser(Guid insigniaPeriodId) { + var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_INSIGNIA_MANAGE"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var insigniaPeriod = await _context.InsigniaPeriods.FirstOrDefaultAsync(x => x.Id == insigniaPeriodId); if (insigniaPeriod == null) return Error(GlobalMessages.InsigniaRequestNotFound); @@ -1335,6 +1356,12 @@ namespace BMA.EHR.Insignia.Service.Controllers [HttpGet("note")] public async Task> GetListNote() { + var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_INSIGNIA_RECORD"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var insigniaNotes = await _context.InsigniaNotes.AsQueryable() .OrderByDescending(x => x.Year) // .ThenByDescending(x => x.StartDate) @@ -1381,6 +1408,12 @@ namespace BMA.EHR.Insignia.Service.Controllers [HttpPost("note/search")] public async Task> GetListNoteProfile([FromBody] InsigniaNoteSearchRequest req) { + var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_INSIGNIA_RECORD"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var insigniaNote = await _context.InsigniaNotes .FirstOrDefaultAsync(x => x.Id == req.InsigniaNoteId); if (insigniaNote == null) @@ -1821,6 +1854,12 @@ namespace BMA.EHR.Insignia.Service.Controllers [HttpPut("note/doc/{insigniaNoteId:length(36)}")] public async Task> AddDocumentProfile([FromForm] InsigniaNoteDocRequest req, Guid insigniaNoteId) { + var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_INSIGNIA_RECORD"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var insigniaNote = await _context.InsigniaNotes .FirstOrDefaultAsync(x => x.Id == insigniaNoteId); if (insigniaNote == null)