แก้ไขสิทธิ์

BMA.EHR.Retirement.Service/Controllers/RetirementOutController.cs

@@ -77,13 +77,27 @@ namespace BMA.EHR.Retirement.Service.Controllers
         [HttpGet("{type}")]
         public async Task<ActionResult<ResponseObject>> GetListByAdmin(string type, string? status = "WAITTING")
         {
-            var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_DISMISS");
-            var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
-            if (jsonData["status"]?.ToString() != "200")
+            string role = "";
+            if (type.Trim().ToUpper() == "OFFICER")
             {
-                return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+                var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_DISMISS");
+                var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+                if (jsonData["status"]?.ToString() != "200")
+                {
+                    return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+                }
+                role = jsonData["result"]?.ToString();
+            }
+            else
+            {
+                var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_DISMISS_EMP");
+                var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+                if (jsonData["status"]?.ToString() != "200")
+                {
+                    return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+                }
+                role = jsonData["result"]?.ToString();
             }
-            string role = jsonData["result"]?.ToString();
             var nodeId = string.Empty;
             var profileAdmin = new GetUserOCAllDto();
             profileAdmin = await _userProfileRepository.GetUserOCAll(Guid.Parse(UserId!), AccessToken);