From c6fee999ebca48535a41274ae32792bd2460ed4b Mon Sep 17 00:00:00 2001
From: kittapath <>
Date: Mon, 23 Jun 2025 18:43:09 +0700
Subject: [PATCH] =?UTF-8?q?=E0=B9=81=E0=B8=81=E0=B9=89=E0=B9=84=E0=B8=82?=
 =?UTF-8?q?=E0=B8=AA=E0=B8=B4=E0=B8=97=E0=B8=98=E0=B8=B4=E0=B9=8C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../Controllers/PlacementReceiveController.cs |  7 +++---
 .../Controllers/RetirementOutController.cs    | 24 +++++++++++++++----
 2 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/BMA.EHR.Placement.Service/Controllers/PlacementReceiveController.cs b/BMA.EHR.Placement.Service/Controllers/PlacementReceiveController.cs
index 67eeff36..30a74581 100644
--- a/BMA.EHR.Placement.Service/Controllers/PlacementReceiveController.cs
+++ b/BMA.EHR.Placement.Service/Controllers/PlacementReceiveController.cs
@@ -188,6 +188,7 @@ namespace BMA.EHR.Placement.Service.Controllers
                                 p.posLevelOldId,
                                 p.posLevelNameOld,
                                 p.CreatedAt,
+                                p.CreatedUserId,
                                 p.profileId,
                                 p.rootDnaId,
                                 p.child1DnaId,
@@ -206,17 +207,17 @@ namespace BMA.EHR.Placement.Service.Controllers
             if (role == "OWNER" || role == "CHILD")
             {
                 placementReceives = placementReceives
-                    .Where(x => node == 4 ? x.child4DnaId == nodeId : (node == 3 ? x.child3DnaId == nodeId : (node == 2 ? x.child2DnaId == nodeId : (node == 1 ? x.child1DnaId == nodeId : (node == 0 ? x.rootDnaId == nodeId : (node == null ? true : true)))))).ToList();
+                    .Where(x => (node == 4 ? x.child4DnaId == nodeId : (node == 3 ? x.child3DnaId == nodeId : (node == 2 ? x.child2DnaId == nodeId : (node == 1 ? x.child1DnaId == nodeId : (node == 0 ? x.rootDnaId == nodeId : (node == null ? true : true)))))) || (x.CreatedUserId == UserId)).ToList();
             }
             else if (role == "ROOT")
             {
                 placementReceives = placementReceives
-                    .Where(x => x.rootDnaId == nodeId).ToList();
+                    .Where(x => (x.rootDnaId == nodeId) || (x.CreatedUserId == UserId)).ToList();
             }
             else if (role == "NORMAL")
             {
                 placementReceives = placementReceives
-                    .Where(x => node == 0 ? x.child1DnaId == null : (node == 1 ? x.child2DnaId == null : (node == 2 ? x.child3DnaId == null : (node == 3 ? x.child4DnaId == null : true)))).ToList();
+                    .Where(x => (node == 0 ? x.child1DnaId == null : (node == 1 ? x.child2DnaId == null : (node == 2 ? x.child3DnaId == null : (node == 3 ? x.child4DnaId == null : true)))) || (x.CreatedUserId == UserId)).ToList();
             }
             return Success(placementReceives);
         }
diff --git a/BMA.EHR.Retirement.Service/Controllers/RetirementOutController.cs b/BMA.EHR.Retirement.Service/Controllers/RetirementOutController.cs
index 9e4609e2..be2799c1 100644
--- a/BMA.EHR.Retirement.Service/Controllers/RetirementOutController.cs
+++ b/BMA.EHR.Retirement.Service/Controllers/RetirementOutController.cs
@@ -77,13 +77,27 @@ namespace BMA.EHR.Retirement.Service.Controllers
         [HttpGet("{type}")]
         public async Task<ActionResult<ResponseObject>> GetListByAdmin(string type, string? status = "WAITTING")
         {
-            var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_DISMISS");
-            var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
-            if (jsonData["status"]?.ToString() != "200")
+            string role = "";
+            if (type.Trim().ToUpper() == "OFFICER")
             {
-                return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+                var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_DISMISS");
+                var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+                if (jsonData["status"]?.ToString() != "200")
+                {
+                    return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+                }
+                role = jsonData["result"]?.ToString();
+            }
+            else
+            {
+                var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_DISMISS_EMP");
+                var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+                if (jsonData["status"]?.ToString() != "200")
+                {
+                    return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+                }
+                role = jsonData["result"]?.ToString();
             }
-            string role = jsonData["result"]?.ToString();
             var nodeId = string.Empty;
             var profileAdmin = new GetUserOCAllDto();
             profileAdmin = await _userProfileRepository.GetUserOCAll(Guid.Parse(UserId!), AccessToken);