add permission insignia

2024-09-24 15:40:07 +07:00 · 2024-09-24 15:40:07 +07:00 · 90f3a7bfe5
commit 90f3a7bfe5
parent 1496c1a438
3 changed files with 137 additions and 6 deletions
--- a/BMA.EHR.Insignia/Controllers/InsigniaPeriodController.cs
+++ b/BMA.EHR.Insignia/Controllers/InsigniaPeriodController.cs
@ -9,6 +9,8 @@ using BMA.EHR.Infrastructure.Persistence;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
+using Newtonsoft.Json.Linq;
+using Newtonsoft.Json;
 using Swashbuckle.AspNetCore.Annotations;

 namespace BMA.EHR.Insignia.Service.Controllers
@ -27,13 +29,14 @@ namespace BMA.EHR.Insignia.Service.Controllers
        private readonly InsigniaPeriodsRepository _repository;
        private readonly NotificationRepository _repositoryNoti;
        private readonly UserProfileRepository _userProfileRepository;
-
+        private readonly PermissionRepository _permission;
        public InsigniaPeriodController(ApplicationDBContext context,
                                   MinIOService documentService,
                                   InsigniaPeriodsRepository repository,
                                   NotificationRepository repositoryNoti,
                                   IHttpContextAccessor httpContextAccessor,
-                                   UserProfileRepository userProfileRepository)
+                                   UserProfileRepository userProfileRepository,
+                                   PermissionRepository permission)
        {
            _context = context;
            _documentService = documentService;
@ -41,6 +44,7 @@ namespace BMA.EHR.Insignia.Service.Controllers
            _repositoryNoti = repositoryNoti;
            _httpContextAccessor = httpContextAccessor;
            _userProfileRepository = userProfileRepository;
+            _permission = permission;
        }

        #region " Properties "
@ -64,6 +68,12 @@ namespace BMA.EHR.Insignia.Service.Controllers
        [HttpGet()]
        public async Task<ActionResult<ResponseObject>> GetList()
        {
+            var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_INSIGNIA_ROUND");
+            var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+            if (jsonData["status"]?.ToString() != "200")
+            {
+                return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+            }
            var insigniaPeriods = await _context.InsigniaPeriods.AsQueryable()
                        // .Where(x => x.Type == type)
                        .OrderByDescending(x => x.Year)
@ -116,6 +126,12 @@ namespace BMA.EHR.Insignia.Service.Controllers
        [HttpGet("{id:length(36)}")]
        public async Task<ActionResult<ResponseObject>> GetById(Guid id)
        {
+            var getPermission = await _permission.GetPermissionAPIAsync("GET", "SYS_INSIGNIA_ROUND");
+            var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+            if (jsonData["status"]?.ToString() != "200")
+            {
+                return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+            }
            var data = await _context.InsigniaPeriods.AsQueryable()
                        .Where(x => x.Id == id)
                        .Select(p => new
@ -170,6 +186,12 @@ namespace BMA.EHR.Insignia.Service.Controllers
        [HttpPost()]
        public async Task<ActionResult<ResponseObject>> Post([FromForm] InsigniaPeriodRequest req)
        {
+            var getPermission = await _permission.GetPermissionAPIAsync("CREATE", "SYS_INSIGNIA_ROUND");
+            var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+            if (jsonData["status"]?.ToString() != "200")
+            {
+                return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+            }
            var revisionId = await _userProfileRepository.GetLastRevision(AccessToken);

            var insigniaPeriod = await _context.InsigniaPeriods.AsQueryable()
@ -225,6 +247,12 @@ namespace BMA.EHR.Insignia.Service.Controllers
        [HttpDelete("{id:length(36)}")]
        public async Task<ActionResult<ResponseObject>> Delete(Guid id)
        {
+            var getPermission = await _permission.GetPermissionAPIAsync("DELETE", "SYS_INSIGNIA_ROUND");
+            var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+            if (jsonData["status"]?.ToString() != "200")
+            {
+                return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+            }
            var deleted = await _context.InsigniaPeriods.AsQueryable()
                            .Include(x => x.ReliefDoc)
                            .FirstOrDefaultAsync(x => x.Id == id);
@ -258,6 +286,12 @@ namespace BMA.EHR.Insignia.Service.Controllers
        [HttpPut("{id:length(36)}")]
        public async Task<ActionResult<ResponseObject>> Put([FromForm] InsigniaPeriodRequest req, Guid id)
        {
+            var getPermission = await _permission.GetPermissionAPIAsync("UPDATE", "SYS_INSIGNIA_ROUND");
+            var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+            if (jsonData["status"]?.ToString() != "200")
+            {
+                return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+            }
            if (req == null)
                return BadRequest();