diff --git a/BMA.EHR.Discipline.Service/Controllers/DisciplineComplaintController.cs b/BMA.EHR.Discipline.Service/Controllers/DisciplineComplaintController.cs index f993ab1c..e8b878f7 100644 --- a/BMA.EHR.Discipline.Service/Controllers/DisciplineComplaintController.cs +++ b/BMA.EHR.Discipline.Service/Controllers/DisciplineComplaintController.cs @@ -12,6 +12,8 @@ using Microsoft.EntityFrameworkCore; using Swashbuckle.AspNetCore.Annotations; using System.Runtime.Serialization; using System.Security.Claims; +using Newtonsoft.Json; +using Newtonsoft.Json.Linq; namespace BMA.EHR.DisciplineComplaint.Service.Controllers { @@ -27,17 +29,20 @@ namespace BMA.EHR.DisciplineComplaint.Service.Controllers private readonly MinIODisciplineService _documentService; private readonly IHttpContextAccessor _httpContextAccessor; private readonly NotificationRepository _repositoryNoti; + private readonly PermissionRepository _permission; public DisciplineComplaintController(DisciplineDbContext context, MinIODisciplineService documentService, NotificationRepository repositoryNoti, - IHttpContextAccessor httpContextAccessor) + IHttpContextAccessor httpContextAccessor, + PermissionRepository permission) { // _repository = repository; _context = context; _documentService = documentService; _httpContextAccessor = httpContextAccessor; _repositoryNoti = repositoryNoti; + _permission = permission; } #region " Properties " @@ -59,6 +64,12 @@ namespace BMA.EHR.DisciplineComplaint.Service.Controllers [HttpGet()] public async Task> GetDisciplineComplaint(int page = 1, int pageSize = 25, string keyword = "", string status = "") { + var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_DISCIPLINE_COMPLAIN"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data_search = (from x in _context.DisciplineComplaints where x.Title.Contains(keyword) || (x.Appellant == null ? false : x.Appellant.Contains(keyword)) @@ -126,6 +137,12 @@ namespace BMA.EHR.DisciplineComplaint.Service.Controllers [HttpGet("{id:guid}")] public async Task> GetByDisciplineComplaint(Guid id) { + var getPermission = await _permission.GetPermissionAPIAsync("GET", "SYS_DISCIPLINE_COMPLAIN"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var _data = await _context.DisciplineComplaints .Select(x => new { @@ -239,6 +256,12 @@ namespace BMA.EHR.DisciplineComplaint.Service.Controllers [HttpPost()] public async Task> CreateDisciplineComplaint([FromBody] DisciplineComplaintRequest req) { + var getPermission = await _permission.GetPermissionAPIAsync("CREATE", "SYS_DISCIPLINE_COMPLAIN"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var disciplineComplaint = new Domain.Models.Discipline.DisciplineComplaint { RespondentType = req.respondentType.Trim().ToUpper(), @@ -335,6 +358,12 @@ namespace BMA.EHR.DisciplineComplaint.Service.Controllers [HttpPut("{id:guid}")] public async Task> UpdateDisciplineComplaint([FromBody] DisciplineComplaintRequest req, Guid id) { + var getPermission = await _permission.GetPermissionAPIAsync("UPDATE", "SYS_DISCIPLINE_COMPLAIN"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data = await _context.DisciplineComplaints.Include(x => x.DisciplineComplaint_Profiles).Where(x => x.Id == id).FirstOrDefaultAsync(); if (data == null) return Error(new Exception(GlobalMessages.DataNotFound), StatusCodes.Status404NotFound); @@ -426,6 +455,12 @@ namespace BMA.EHR.DisciplineComplaint.Service.Controllers [HttpDelete("{id:guid}")] public async Task> DeleteDisciplineComplaint(Guid id) { + var getPermission = await _permission.GetPermissionAPIAsync("DELETE", "SYS_DISCIPLINE_COMPLAIN"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data = await _context.DisciplineComplaints // .Include(x=>x.Document) .Where(x => x.Id == id) @@ -451,6 +486,12 @@ namespace BMA.EHR.DisciplineComplaint.Service.Controllers [HttpGet("reject/{id:guid}")] public async Task> RejectDisciplineComplaint(Guid id) { + var getPermission = await _permission.GetPermissionAPIAsync("GET", "SYS_DISCIPLINE_COMPLAIN"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data = await _context.DisciplineComplaints .Where(x => x.Id == id) .FirstOrDefaultAsync(); @@ -475,6 +516,12 @@ namespace BMA.EHR.DisciplineComplaint.Service.Controllers [HttpPut("approve/{id:guid}")] public async Task> ApproveDisciplineComplaint([FromBody] DisciplinePersonIdRequest req, Guid id) { + var getPermission = await _permission.GetPermissionAPIAsync("UPDATE", "SYS_DISCIPLINE_COMPLAIN"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data = await _context.DisciplineComplaints .Include(x => x.DisciplineComplaint_Profiles) .Include(x => x.DisciplineComplaint_Docs) @@ -596,6 +643,12 @@ namespace BMA.EHR.DisciplineComplaint.Service.Controllers [HttpGet("resume/{id:guid}")] public async Task> ResumeDisciplineComplaint(Guid id) { + var getPermission = await _permission.GetPermissionAPIAsync("GET", "SYS_DISCIPLINE_COMPLAIN"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data = await _context.DisciplineComplaints .Where(x => x.Id == id) .FirstOrDefaultAsync(); @@ -620,6 +673,12 @@ namespace BMA.EHR.DisciplineComplaint.Service.Controllers [HttpPut("file/{id:guid}")] public async Task> UploadFileDisciplineComplaint([FromForm] DisciplineFileRequest req, Guid id) { + var getPermission = await _permission.GetPermissionAPIAsync("UPDATE", "SYS_DISCIPLINE_COMPLAIN"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data = await _context.DisciplineComplaints .Where(x => x.Id == id) .FirstOrDefaultAsync(); @@ -668,6 +727,12 @@ namespace BMA.EHR.DisciplineComplaint.Service.Controllers [HttpDelete("file/{id:guid}/{docId:guid}")] public async Task> DeleteFileDisciplineComplaint(Guid id, Guid docId) { + var getPermission = await _permission.GetPermissionAPIAsync("DELETE", "SYS_DISCIPLINE_COMPLAIN"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data = await _context.DisciplineComplaints .Include(x => x.DisciplineComplaint_Docs) .ThenInclude(x => x.Document) diff --git a/BMA.EHR.Discipline.Service/Controllers/DisciplineComplaint_AppealController.cs b/BMA.EHR.Discipline.Service/Controllers/DisciplineComplaint_AppealController.cs index 822ac704..45bdcbf5 100644 --- a/BMA.EHR.Discipline.Service/Controllers/DisciplineComplaint_AppealController.cs +++ b/BMA.EHR.Discipline.Service/Controllers/DisciplineComplaint_AppealController.cs @@ -11,6 +11,7 @@ using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Microsoft.EntityFrameworkCore; using Newtonsoft.Json; +using Newtonsoft.Json.Linq; using Swashbuckle.AspNetCore.Annotations; using System.Net.Http.Headers; using System.Security.Claims; @@ -31,13 +32,15 @@ namespace BMA.EHR.DisciplineComplaint_Appeal.Service.Controllers private readonly IHttpContextAccessor _httpContextAccessor; private readonly NotificationRepository _repositoryNoti; private readonly IConfiguration _configuration; + private readonly PermissionRepository _permission; public DisciplineComplaint_AppealController(DisciplineDbContext context, NotificationRepository repositoryNoti, ApplicationDBContext contextMain, MinIODisciplineService documentService, IHttpContextAccessor httpContextAccessor, - IConfiguration configuration) + IConfiguration configuration, + PermissionRepository permission) { // _repository = repository; _context = context; @@ -46,6 +49,7 @@ namespace BMA.EHR.DisciplineComplaint_Appeal.Service.Controllers _documentService = documentService; _httpContextAccessor = httpContextAccessor; _configuration = configuration; + _permission = permission; } #region " Properties " @@ -150,6 +154,12 @@ namespace BMA.EHR.DisciplineComplaint_Appeal.Service.Controllers [HttpGet("{id:guid}")] public async Task> GetByDiscipline(Guid id) { + var getPermission = await _permission.GetPermissionAPIAsync("GET", "SYS_DISCIPLINE_APPEAL"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var _data = await _context.DisciplineComplaint_Appeals .Include(x => x.DisciplineComplaint_Appeal_Docs) .Include(x => x.DisciplineComplaint_Appeal_Historys) @@ -459,6 +469,12 @@ namespace BMA.EHR.DisciplineComplaint_Appeal.Service.Controllers [HttpDelete("file/{id:guid}/{docId:guid}")] public async Task> DeleteFileComplaintAppeals(Guid id, Guid docId) { + var getPermission = await _permission.GetPermissionAPIAsync("DELETE", "SYS_DISCIPLINE_APPEAL"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data = await _context.DisciplineComplaint_Appeals .Include(x => x.DisciplineComplaint_Appeal_Docs) .ThenInclude(x => x.Document) @@ -499,6 +515,12 @@ namespace BMA.EHR.DisciplineComplaint_Appeal.Service.Controllers [HttpGet("admin")] public async Task> GetDisciplineAdmin(string status = "ALL", string type = "ALL", int year = 0, int page = 1, int pageSize = 25, string keyword = "") { + var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_DISCIPLINE_APPEAL"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data_search = (from x in _context.DisciplineComplaint_Appeals where (x.Title == null ? false : x.Title.Contains(keyword)) || (x.Description == null ? false : x.Description.Contains(keyword)) || @@ -547,6 +569,12 @@ namespace BMA.EHR.DisciplineComplaint_Appeal.Service.Controllers [HttpPut("{id:guid}")] public async Task> UpdateDiscipline(Guid id, [FromBody] DisciplineComplaint_AppealUpdateRequest req) { + var getPermission = await _permission.GetPermissionAPIAsync("UPDATE", "SYS_DISCIPLINE_APPEAL"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data = await _context.DisciplineComplaint_Appeals .Where(x => x.Id == id) .FirstOrDefaultAsync(); diff --git a/BMA.EHR.Discipline.Service/Controllers/DisciplineComplaint_ChannelController.cs b/BMA.EHR.Discipline.Service/Controllers/DisciplineComplaint_ChannelController.cs index 13e582ed..e0adc9a8 100644 --- a/BMA.EHR.Discipline.Service/Controllers/DisciplineComplaint_ChannelController.cs +++ b/BMA.EHR.Discipline.Service/Controllers/DisciplineComplaint_ChannelController.cs @@ -11,6 +11,8 @@ using Microsoft.AspNetCore.Mvc; using Microsoft.EntityFrameworkCore; using Swashbuckle.AspNetCore.Annotations; using System.Security.Claims; +using Newtonsoft.Json; +using Newtonsoft.Json.Linq; namespace BMA.EHR.DisciplineComplaint_Channel.Service.Controllers { @@ -25,15 +27,18 @@ namespace BMA.EHR.DisciplineComplaint_Channel.Service.Controllers private readonly DisciplineDbContext _context; private readonly MinIOService _documentService; private readonly IHttpContextAccessor _httpContextAccessor; + private readonly PermissionRepository _permission; public DisciplineComplaint_ChannelController(DisciplineDbContext context, MinIOService documentService, - IHttpContextAccessor httpContextAccessor) + IHttpContextAccessor httpContextAccessor, + PermissionRepository permission) { // _repository = repository; _context = context; _documentService = documentService; _httpContextAccessor = httpContextAccessor; + _permission = permission; } #region " Properties " @@ -55,6 +60,12 @@ namespace BMA.EHR.DisciplineComplaint_Channel.Service.Controllers [HttpGet()] public async Task> GetDiscipline(int page = 1, int pageSize = 25, string keyword = "") { + var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_DISCIPLINE_INFO"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data_search = (from x in _context.DisciplineComplaint_Channels where x.Name.Contains(keyword) select x).ToList(); @@ -81,6 +92,12 @@ namespace BMA.EHR.DisciplineComplaint_Channel.Service.Controllers [HttpGet("{id:guid}")] public async Task> GetByDiscipline(Guid id) { + var getPermission = await _permission.GetPermissionAPIAsync("GET", "SYS_DISCIPLINE_INFO"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data = await _context.DisciplineComplaint_Channels .Select(x => new { @@ -105,6 +122,12 @@ namespace BMA.EHR.DisciplineComplaint_Channel.Service.Controllers [HttpPost()] public async Task> CreateDiscipline([FromBody] DisciplineComplaint_ChannelRequest req) { + var getPermission = await _permission.GetPermissionAPIAsync("CREATE", "SYS_DISCIPLINE_INFO"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var disciplineComplaint_Channel = new Domain.Models.Discipline.DisciplineComplaint_Channel { Name = req.name, @@ -131,6 +154,12 @@ namespace BMA.EHR.DisciplineComplaint_Channel.Service.Controllers [HttpPut("{id:guid}")] public async Task> UpdateDiscipline(Guid id, [FromBody] DisciplineComplaint_ChannelRequest req) { + var getPermission = await _permission.GetPermissionAPIAsync("UPDATE", "SYS_DISCIPLINE_INFO"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data = await _context.DisciplineComplaint_Channels.Where(x => x.Id == id).FirstOrDefaultAsync(); if (data == null) return Error(new Exception(GlobalMessages.DataNotFound), StatusCodes.Status404NotFound); @@ -158,6 +187,12 @@ namespace BMA.EHR.DisciplineComplaint_Channel.Service.Controllers [HttpDelete("{id:guid}")] public async Task> DeleteDiscipline(Guid id) { + var getPermission = await _permission.GetPermissionAPIAsync("DELETE", "SYS_DISCIPLINE_INFO"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data = await _context.DisciplineComplaint_Channels.Where(x => x.Id == id).FirstOrDefaultAsync(); if (data == null) return Error(new Exception(GlobalMessages.DataNotFound), StatusCodes.Status404NotFound); diff --git a/BMA.EHR.Discipline.Service/Controllers/DisciplineDirectorController.cs b/BMA.EHR.Discipline.Service/Controllers/DisciplineDirectorController.cs index 70113888..cce9df20 100644 --- a/BMA.EHR.Discipline.Service/Controllers/DisciplineDirectorController.cs +++ b/BMA.EHR.Discipline.Service/Controllers/DisciplineDirectorController.cs @@ -11,6 +11,8 @@ using Microsoft.AspNetCore.Mvc; using Microsoft.EntityFrameworkCore; using Swashbuckle.AspNetCore.Annotations; using System.Security.Claims; +using Newtonsoft.Json; +using Newtonsoft.Json.Linq; namespace BMA.EHR.DisciplineDirector.Service.Controllers { @@ -25,15 +27,18 @@ namespace BMA.EHR.DisciplineDirector.Service.Controllers private readonly DisciplineDbContext _context; private readonly MinIOService _documentService; private readonly IHttpContextAccessor _httpContextAccessor; + private readonly PermissionRepository _permission; public DisciplineDirectorController(DisciplineDbContext context, MinIOService documentService, - IHttpContextAccessor httpContextAccessor) + IHttpContextAccessor httpContextAccessor, + PermissionRepository permission) { // _repository = repository; _context = context; _documentService = documentService; _httpContextAccessor = httpContextAccessor; + _permission = permission; } #region " Properties " @@ -55,6 +60,12 @@ namespace BMA.EHR.DisciplineDirector.Service.Controllers [HttpGet()] public async Task> GetDiscipline(int page = 1, int pageSize = 25, string keyword = "") { + var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_DISCIPLINE_INFO"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data_search = (from x in _context.DisciplineDirectors.Include(x => x.DisciplineInvestigate_Directors).Include(x => x.DisciplineDisciplinary_DirectorInvestigates) where x.Prefix.Contains(keyword) || x.FirstName.Contains(keyword) || @@ -95,6 +106,12 @@ namespace BMA.EHR.DisciplineDirector.Service.Controllers [HttpGet("{id:guid}")] public async Task> GetByDiscipline(Guid id) { + var getPermission = await _permission.GetPermissionAPIAsync("GET", "SYS_DISCIPLINE_INFO"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data = await _context.DisciplineDirectors .Select(x => new { @@ -127,6 +144,12 @@ namespace BMA.EHR.DisciplineDirector.Service.Controllers [HttpPost()] public async Task> CreateDiscipline([FromBody] DisciplineDirectorRequest req) { + var getPermission = await _permission.GetPermissionAPIAsync("CREATE", "SYS_DISCIPLINE_INFO"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var dataDup = await _context.DisciplineDirectors.Where(x => x.FirstName == req.firstName && x.LastName == req.lastName).FirstOrDefaultAsync(); if (dataDup != null) return Error("ชื่อกรรมการนี้มีอยู่ในระบบแล้ว", StatusCodes.Status404NotFound); @@ -163,6 +186,12 @@ namespace BMA.EHR.DisciplineDirector.Service.Controllers [HttpPut("{id:guid}")] public async Task> UpdateDiscipline(Guid id, [FromBody] DisciplineDirectorRequest req) { + var getPermission = await _permission.GetPermissionAPIAsync("UPDATE", "SYS_DISCIPLINE_INFO"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var dataDup = await _context.DisciplineDirectors.Where(x => x.FirstName == req.firstName && x.LastName == req.lastName && x.Id != id).FirstOrDefaultAsync(); if (dataDup != null) return Error("ชื่อกรรมการนี้มีอยู่ในระบบแล้ว", StatusCodes.Status404NotFound); @@ -196,6 +225,12 @@ namespace BMA.EHR.DisciplineDirector.Service.Controllers [HttpDelete("{id:guid}")] public async Task> DeleteDiscipline(Guid id) { + var getPermission = await _permission.GetPermissionAPIAsync("DELETE", "SYS_DISCIPLINE_INFO"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data = await _context.DisciplineDirectors.Where(x => x.Id == id).FirstOrDefaultAsync(); if (data == null) return Error(new Exception(GlobalMessages.DataNotFound), StatusCodes.Status404NotFound); diff --git a/BMA.EHR.Discipline.Service/Controllers/DisciplineDisciplinaryController.cs b/BMA.EHR.Discipline.Service/Controllers/DisciplineDisciplinaryController.cs index 5318e880..a4adf867 100644 --- a/BMA.EHR.Discipline.Service/Controllers/DisciplineDisciplinaryController.cs +++ b/BMA.EHR.Discipline.Service/Controllers/DisciplineDisciplinaryController.cs @@ -11,6 +11,8 @@ using Microsoft.AspNetCore.Mvc; using Microsoft.EntityFrameworkCore; using Swashbuckle.AspNetCore.Annotations; using System.Security.Claims; +using Newtonsoft.Json; +using Newtonsoft.Json.Linq; namespace BMA.EHR.DisciplineDisciplinary.Service.Controllers { @@ -25,15 +27,18 @@ namespace BMA.EHR.DisciplineDisciplinary.Service.Controllers private readonly DisciplineDbContext _context; private readonly MinIODisciplineService _documentService; private readonly IHttpContextAccessor _httpContextAccessor; + private readonly PermissionRepository _permission; public DisciplineDisciplinaryController(DisciplineDbContext context, MinIODisciplineService documentService, - IHttpContextAccessor httpContextAccessor) + IHttpContextAccessor httpContextAccessor, + PermissionRepository permission) { // _repository = repository; _context = context; _documentService = documentService; _httpContextAccessor = httpContextAccessor; + _permission = permission; } #region " Properties " @@ -55,6 +60,12 @@ namespace BMA.EHR.DisciplineDisciplinary.Service.Controllers [HttpGet()] public async Task> GetDisciplineDisciplinary(int page = 1, int pageSize = 25, string keyword = "", string status = "") { + var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_DISCIPLINE_INTERROGATE"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data_search = (from x in _context.DisciplineDisciplinarys where x.Title.Contains(keyword) || // x.DisciplinaryFaultLevel == null ? false : x.DisciplinaryFaultLevel.Contains(keyword) || @@ -399,6 +410,12 @@ namespace BMA.EHR.DisciplineDisciplinary.Service.Controllers [HttpGet("{id:guid}")] public async Task> GetByDisciplineDisciplinary(Guid id) { + var getPermission = await _permission.GetPermissionAPIAsync("GET", "SYS_DISCIPLINE_INTERROGATE"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var _data = await _context.DisciplineDisciplinarys .Select(x => new { @@ -613,6 +630,12 @@ namespace BMA.EHR.DisciplineDisciplinary.Service.Controllers [HttpPut("{id:guid}")] public async Task> UpdateDisciplineDisciplinary([FromBody] DisciplineDisciplinaryRequest req, Guid id) { + var getPermission = await _permission.GetPermissionAPIAsync("UPDATE", "SYS_DISCIPLINE_INTERROGATE"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data = await _context.DisciplineDisciplinarys .Include(x => x.DisciplineDisciplinary_DirectorInvestigates) .ThenInclude(x => x.DisciplineDirector) @@ -769,6 +792,12 @@ namespace BMA.EHR.DisciplineDisciplinary.Service.Controllers [HttpGet("reject/{id:guid}")] public async Task> RejectDisciplineDisciplinary(Guid id) { + var getPermission = await _permission.GetPermissionAPIAsync("GET", "SYS_DISCIPLINE_INTERROGATE"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data = await _context.DisciplineDisciplinarys .Where(x => x.Id == id) .FirstOrDefaultAsync(); @@ -795,6 +824,12 @@ namespace BMA.EHR.DisciplineDisciplinary.Service.Controllers [HttpGet("approve/{id:guid}")] public async Task> ApproveDisciplineDisciplinary(Guid id) { + var getPermission = await _permission.GetPermissionAPIAsync("GET", "SYS_DISCIPLINE_INTERROGATE"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data = await _context.DisciplineDisciplinarys .Where(x => x.Id == id) .FirstOrDefaultAsync(); @@ -819,6 +854,12 @@ namespace BMA.EHR.DisciplineDisciplinary.Service.Controllers [HttpGet("resume/{id:guid}")] public async Task> ResumeDisciplineDisciplinary(Guid id) { + var getPermission = await _permission.GetPermissionAPIAsync("GET", "SYS_DISCIPLINE_INTERROGATE"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data = await _context.DisciplineDisciplinarys .Where(x => x.Id == id) .FirstOrDefaultAsync(); @@ -1529,6 +1570,12 @@ namespace BMA.EHR.DisciplineDisciplinary.Service.Controllers [HttpPut("suspend/{id:length(36)}/{commandTypeId:length(36)}")] public async Task> PostToSuspend([FromBody] DisciplinePersonIdRequest req, Guid id, Guid commandTypeId) { + var getPermission = await _permission.GetPermissionAPIAsync("UPDATE", "SYS_DISCIPLINE_INTERROGATE"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data = await _context.DisciplineDisciplinarys .Include(x => x.DisciplineDisciplinary_ProfileComplaintInvestigates) .Where(x => x.Id == id) @@ -1756,6 +1803,12 @@ namespace BMA.EHR.DisciplineDisciplinary.Service.Controllers // [HttpPut("report/{commandTypeId:length(36)}")] public async Task> PostToReport([FromBody] DisciplineProfileRequest req) { + var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_DISCIPLINE_INTERROGATE"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } foreach (var item in req.Id) { var uppdated = await _context.DisciplineDisciplinary_ProfileComplaintInvestigates diff --git a/BMA.EHR.Discipline.Service/Controllers/DisciplineInvestigateController.cs b/BMA.EHR.Discipline.Service/Controllers/DisciplineInvestigateController.cs index 5c697c93..b3c89003 100644 --- a/BMA.EHR.Discipline.Service/Controllers/DisciplineInvestigateController.cs +++ b/BMA.EHR.Discipline.Service/Controllers/DisciplineInvestigateController.cs @@ -11,6 +11,8 @@ using Microsoft.AspNetCore.Mvc; using Microsoft.EntityFrameworkCore; using Swashbuckle.AspNetCore.Annotations; using System.Security.Claims; +using Newtonsoft.Json; +using Newtonsoft.Json.Linq; namespace BMA.EHR.DisciplineInvestigate.Service.Controllers { @@ -25,15 +27,18 @@ namespace BMA.EHR.DisciplineInvestigate.Service.Controllers private readonly DisciplineDbContext _context; private readonly MinIODisciplineService _documentService; private readonly IHttpContextAccessor _httpContextAccessor; + private readonly PermissionRepository _permission; public DisciplineInvestigateController(DisciplineDbContext context, MinIODisciplineService documentService, - IHttpContextAccessor httpContextAccessor) + IHttpContextAccessor httpContextAccessor, + PermissionRepository permission) { // _repository = repository; _context = context; _documentService = documentService; _httpContextAccessor = httpContextAccessor; + _permission = permission; } #region " Properties " @@ -55,6 +60,12 @@ namespace BMA.EHR.DisciplineInvestigate.Service.Controllers [HttpGet()] public async Task> GetDisciplineInvestigate(int page = 1, int pageSize = 25, string keyword = "", string status = "") { + var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_DISCIPLINE_INVESTIGATE"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data_search = (from x in _context.DisciplineInvestigates where x.Title.Contains(keyword) select x).ToList(); @@ -238,6 +249,12 @@ namespace BMA.EHR.DisciplineInvestigate.Service.Controllers [HttpGet("{id:guid}")] public async Task> GetByDisciplineInvestigate(Guid id) { + var getPermission = await _permission.GetPermissionAPIAsync("GET", "SYS_DISCIPLINE_INVESTIGATE"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var _data = await _context.DisciplineInvestigates .Select(x => new { @@ -388,6 +405,12 @@ namespace BMA.EHR.DisciplineInvestigate.Service.Controllers [HttpPut("{id:guid}")] public async Task> UpdateDisciplineInvestigate([FromBody] DisciplineInvestigateRequest req, Guid id) { + var getPermission = await _permission.GetPermissionAPIAsync("UPDATE", "SYS_DISCIPLINE_INVESTIGATE"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data = await _context.DisciplineInvestigates .Include(x => x.DisciplineInvestigateExtends) .Include(x => x.DisciplineInvestigate_ProfileComplaints) @@ -532,6 +555,12 @@ namespace BMA.EHR.DisciplineInvestigate.Service.Controllers [HttpGet("reject/{id:guid}")] public async Task> RejectDisciplineInvestigate(Guid id) { + var getPermission = await _permission.GetPermissionAPIAsync("GET", "SYS_DISCIPLINE_INVESTIGATE"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data = await _context.DisciplineInvestigates .Where(x => x.Id == id) .FirstOrDefaultAsync(); @@ -558,6 +587,12 @@ namespace BMA.EHR.DisciplineInvestigate.Service.Controllers [HttpPut("approve/{id:guid}")] public async Task> ApproveDisciplineInvestigate([FromBody] DisciplinePersonIdRequest req, Guid id) { + var getPermission = await _permission.GetPermissionAPIAsync("UPDATE", "SYS_DISCIPLINE_INVESTIGATE"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data = await _context.DisciplineInvestigates .Include(x => x.DisciplineInvestigate_DocComplaints) .ThenInclude(x => x.Document) @@ -739,6 +774,12 @@ namespace BMA.EHR.DisciplineInvestigate.Service.Controllers [HttpGet("resume/{id:guid}")] public async Task> ResumeDisciplineInvestigate(Guid id) { + var getPermission = await _permission.GetPermissionAPIAsync("GET", "SYS_DISCIPLINE_INVESTIGATE"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data = await _context.DisciplineInvestigates .Where(x => x.Id == id) .FirstOrDefaultAsync(); @@ -811,6 +852,12 @@ namespace BMA.EHR.DisciplineInvestigate.Service.Controllers [HttpDelete("file/{id:guid}/{docId:guid}")] public async Task> DeleteFileDisciplineInvestigate(Guid id, Guid docId) { + var getPermission = await _permission.GetPermissionAPIAsync("DELETE", "SYS_DISCIPLINE_INVESTIGATE"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data = await _context.DisciplineInvestigates .Include(x => x.DisciplineInvestigate_Docs) .ThenInclude(x => x.Document) @@ -984,6 +1031,12 @@ namespace BMA.EHR.DisciplineInvestigate.Service.Controllers [HttpDelete("relevant/file/{id:guid}/{docId:guid}")] public async Task> DeleteFileDisciplineInvestigateRelevant(Guid id, Guid docId) { + var getPermission = await _permission.GetPermissionAPIAsync("DELETE", "SYS_DISCIPLINE_INVESTIGATE"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data = await _context.DisciplineInvestigates .Include(x => x.DisciplineInvestigateRelevant_Docs) .ThenInclude(x => x.Document) diff --git a/BMA.EHR.Discipline.Service/Controllers/DisciplineResultController.cs b/BMA.EHR.Discipline.Service/Controllers/DisciplineResultController.cs index 9f9e0a2d..6e90ce13 100644 --- a/BMA.EHR.Discipline.Service/Controllers/DisciplineResultController.cs +++ b/BMA.EHR.Discipline.Service/Controllers/DisciplineResultController.cs @@ -14,6 +14,8 @@ using Swashbuckle.AspNetCore.Annotations; using System.Configuration; using System.Net.Http.Headers; using System.Security.Claims; +using Newtonsoft.Json; +using Newtonsoft.Json.Linq; namespace BMA.EHR.DisciplineResult.Service.Controllers { @@ -29,17 +31,20 @@ namespace BMA.EHR.DisciplineResult.Service.Controllers private readonly MinIODisciplineService _documentService; private readonly IHttpContextAccessor _httpContextAccessor; private readonly IConfiguration _configuration; + private readonly PermissionRepository _permission; public DisciplineResultController(DisciplineDbContext context, MinIODisciplineService documentService, IHttpContextAccessor httpContextAccessor, - IConfiguration configuration) + IConfiguration configuration, + PermissionRepository permission) { // _repository = repository; _context = context; _documentService = documentService; _httpContextAccessor = httpContextAccessor; _configuration = configuration; + _permission = permission; } #region " Properties " @@ -62,6 +67,12 @@ namespace BMA.EHR.DisciplineResult.Service.Controllers [HttpGet()] public async Task> GetDisciplineResult(int page = 1, int pageSize = 25, string keyword = "", string status = "") { + var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_DISCIPLINE_RESULT"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } // var data_search = (from x in _context.DisciplineDisciplinarys // where x.Title.Contains(keyword) || // (x.ResultOc == null ? false : x.ResultOc.Contains(keyword)) || @@ -118,6 +129,12 @@ namespace BMA.EHR.DisciplineResult.Service.Controllers [HttpGet("{id:guid}")] public async Task> GetByDisciplineResult(Guid id) { + var getPermission = await _permission.GetPermissionAPIAsync("GET", "SYS_DISCIPLINE_RESULT"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var _data = await _context.DisciplineDisciplinarys .Select(x => new { @@ -220,6 +237,12 @@ namespace BMA.EHR.DisciplineResult.Service.Controllers [HttpPut("{id:guid}")] public async Task> UpdateDisciplineResult([FromBody] DisciplineResultRequest req, Guid id) { + var getPermission = await _permission.GetPermissionAPIAsync("UPDATE", "SYS_DISCIPLINE_RESULT"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data = await _context.DisciplineDisciplinarys.Where(x => x.Id == id).FirstOrDefaultAsync(); if (data == null) return Error(new Exception(GlobalMessages.DataNotFound), (int)StatusCodes.Status404NotFound); @@ -324,6 +347,12 @@ namespace BMA.EHR.DisciplineResult.Service.Controllers [HttpDelete("file/{id:guid}/{docId:guid}")] public async Task> DeleteFileDisciplineDisciplinaryInvestigate(Guid id, Guid docId) { + var getPermission = await _permission.GetPermissionAPIAsync("DELETE", "SYS_DISCIPLINE_RESULT"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data = await _context.DisciplineDisciplinarys .Include(x => x.DisciplineDisciplinary_DocResults) .ThenInclude(x => x.Document) diff --git a/BMA.EHR.Discipline.Service/Controllers/DisciplineSuspendController.cs b/BMA.EHR.Discipline.Service/Controllers/DisciplineSuspendController.cs index 9a26ebae..13d77be1 100644 --- a/BMA.EHR.Discipline.Service/Controllers/DisciplineSuspendController.cs +++ b/BMA.EHR.Discipline.Service/Controllers/DisciplineSuspendController.cs @@ -9,6 +9,8 @@ using BMA.EHR.Infrastructure.Persistence; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Microsoft.EntityFrameworkCore; +using Newtonsoft.Json.Linq; +using Newtonsoft.Json; using Swashbuckle.AspNetCore.Annotations; using System.Security.Claims; @@ -25,15 +27,18 @@ namespace BMA.EHR.DisciplineSuspend.Service.Controllers private readonly DisciplineDbContext _context; private readonly MinIODisciplineService _documentService; private readonly IHttpContextAccessor _httpContextAccessor; + private readonly PermissionRepository _permission; public DisciplineSuspendController(DisciplineDbContext context, MinIODisciplineService documentService, - IHttpContextAccessor httpContextAccessor) + IHttpContextAccessor httpContextAccessor, + PermissionRepository permission) { // _repository = repository; _context = context; _documentService = documentService; _httpContextAccessor = httpContextAccessor; + _permission = permission; } #region " Properties " @@ -55,6 +60,12 @@ namespace BMA.EHR.DisciplineSuspend.Service.Controllers [HttpGet()] public async Task> GetDisciplineSuspend(int page = 1, int pageSize = 25, string keyword = "") { + var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_DISCIPLINE_SUSPENDED"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data_search = (from x in _context.DisciplineReport_Profiles.Include(x => x.DisciplineDisciplinary) where (x.CitizenId == null ? false : x.CitizenId.Contains(keyword)) || (x.Prefix == null ? false : x.Prefix.Contains(keyword)) || @@ -130,6 +141,12 @@ namespace BMA.EHR.DisciplineSuspend.Service.Controllers [HttpGet("{id:guid}")] public async Task> GetByDisciplineSuspend(Guid id) { + var getPermission = await _permission.GetPermissionAPIAsync("GET", "SYS_DISCIPLINE_SUSPENDED"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var _data = await _context.DisciplineReport_Profiles .Select(x => new { @@ -193,6 +210,12 @@ namespace BMA.EHR.DisciplineSuspend.Service.Controllers [HttpPut("{id:guid}")] public async Task> UpdateDisciplineSuspend([FromBody] DisciplineSuspendRequest req, Guid id) { + var getPermission = await _permission.GetPermissionAPIAsync("UPDATE", "SYS_DISCIPLINE_SUSPENDED"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data = await _context.DisciplineReport_Profiles.Where(x => x.Id == id).FirstOrDefaultAsync(); if (data == null) return Error(new Exception(GlobalMessages.DataNotFound), (int)StatusCodes.Status404NotFound); @@ -225,6 +248,12 @@ namespace BMA.EHR.DisciplineSuspend.Service.Controllers [HttpPut("report/{commandTypeId:length(36)}")] public async Task> PostToReport([FromBody] DisciplineProfileRequest req, Guid commandTypeId) { + var getPermission = await _permission.GetPermissionAPIAsync("UPDATE", "SYS_DISCIPLINE_SUSPENDED"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } foreach (var item in req.Id) { var uppdated = await _context.DisciplineReport_Profiles