permission วินัย

This commit is contained in:
Bright 2024-08-22 17:48:48 +07:00
parent aea156e22f
commit a0008b6254
8 changed files with 335 additions and 8 deletions

View file

@ -11,6 +11,7 @@ using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Newtonsoft.Json;
using Newtonsoft.Json.Linq;
using Swashbuckle.AspNetCore.Annotations;
using System.Net.Http.Headers;
using System.Security.Claims;
@ -31,13 +32,15 @@ namespace BMA.EHR.DisciplineComplaint_Appeal.Service.Controllers
private readonly IHttpContextAccessor _httpContextAccessor;
private readonly NotificationRepository _repositoryNoti;
private readonly IConfiguration _configuration;
private readonly PermissionRepository _permission;
public DisciplineComplaint_AppealController(DisciplineDbContext context,
NotificationRepository repositoryNoti,
ApplicationDBContext contextMain,
MinIODisciplineService documentService,
IHttpContextAccessor httpContextAccessor,
IConfiguration configuration)
IConfiguration configuration,
PermissionRepository permission)
{
// _repository = repository;
_context = context;
@ -46,6 +49,7 @@ namespace BMA.EHR.DisciplineComplaint_Appeal.Service.Controllers
_documentService = documentService;
_httpContextAccessor = httpContextAccessor;
_configuration = configuration;
_permission = permission;
}
#region " Properties "
@ -150,6 +154,12 @@ namespace BMA.EHR.DisciplineComplaint_Appeal.Service.Controllers
[HttpGet("{id:guid}")]
public async Task<ActionResult<ResponseObject>> GetByDiscipline(Guid id)
{
var getPermission = await _permission.GetPermissionAPIAsync("GET", "SYS_DISCIPLINE_APPEAL");
var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
if (jsonData["status"]?.ToString() != "200")
{
return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
}
var _data = await _context.DisciplineComplaint_Appeals
.Include(x => x.DisciplineComplaint_Appeal_Docs)
.Include(x => x.DisciplineComplaint_Appeal_Historys)
@ -459,6 +469,12 @@ namespace BMA.EHR.DisciplineComplaint_Appeal.Service.Controllers
[HttpDelete("file/{id:guid}/{docId:guid}")]
public async Task<ActionResult<ResponseObject>> DeleteFileComplaintAppeals(Guid id, Guid docId)
{
var getPermission = await _permission.GetPermissionAPIAsync("DELETE", "SYS_DISCIPLINE_APPEAL");
var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
if (jsonData["status"]?.ToString() != "200")
{
return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
}
var data = await _context.DisciplineComplaint_Appeals
.Include(x => x.DisciplineComplaint_Appeal_Docs)
.ThenInclude(x => x.Document)
@ -499,6 +515,12 @@ namespace BMA.EHR.DisciplineComplaint_Appeal.Service.Controllers
[HttpGet("admin")]
public async Task<ActionResult<ResponseObject>> GetDisciplineAdmin(string status = "ALL", string type = "ALL", int year = 0, int page = 1, int pageSize = 25, string keyword = "")
{
var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_DISCIPLINE_APPEAL");
var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
if (jsonData["status"]?.ToString() != "200")
{
return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
}
var data_search = (from x in _context.DisciplineComplaint_Appeals
where (x.Title == null ? false : x.Title.Contains(keyword)) ||
(x.Description == null ? false : x.Description.Contains(keyword)) ||
@ -547,6 +569,12 @@ namespace BMA.EHR.DisciplineComplaint_Appeal.Service.Controllers
[HttpPut("{id:guid}")]
public async Task<ActionResult<ResponseObject>> UpdateDiscipline(Guid id, [FromBody] DisciplineComplaint_AppealUpdateRequest req)
{
var getPermission = await _permission.GetPermissionAPIAsync("UPDATE", "SYS_DISCIPLINE_APPEAL");
var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
if (jsonData["status"]?.ToString() != "200")
{
return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
}
var data = await _context.DisciplineComplaint_Appeals
.Where(x => x.Id == id)
.FirstOrDefaultAsync();