fix สิทธิ์เครื่องราช รายงาน

2024-09-24 15:54:57 +07:00 · 2024-09-24 15:54:57 +07:00 · f1ab73fd39
commit f1ab73fd39
parent 1496c1a438
2 changed files with 48 additions and 6 deletions
--- a/BMA.EHR.Insignia/Controllers/InsigniaManageController.cs
+++ b/BMA.EHR.Insignia/Controllers/InsigniaManageController.cs
@ -11,6 +11,7 @@ using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.EntityFrameworkCore.Storage.ValueConversion.Internal;
 using Newtonsoft.Json;
+using Newtonsoft.Json.Linq;
 using OfficeOpenXml.Export.ToDataTable;
 using Swashbuckle.AspNetCore.Annotations;

@ -30,13 +31,15 @@ namespace BMA.EHR.Insignia.Service.Controllers
        private readonly InsigniaPeriodsRepository _repository;
        private readonly NotificationRepository _repositoryNoti;
        private readonly UserProfileRepository _userProfileRepository;
+        private readonly PermissionRepository _permission;

        public InsigniaManageController(ApplicationDBContext context,
                                   MinIOService documentService,
                                   InsigniaPeriodsRepository repository,
                                   NotificationRepository repositoryNoti,
                                   IHttpContextAccessor httpContextAccessor,
-                                   UserProfileRepository userProfileRepository)
+                                   UserProfileRepository userProfileRepository,
+                                   PermissionRepository permission)
        {
            _context = context;
            _documentService = documentService;
@ -44,6 +47,7 @@ namespace BMA.EHR.Insignia.Service.Controllers
            _repositoryNoti = repositoryNoti;
            _httpContextAccessor = httpContextAccessor;
            _userProfileRepository = userProfileRepository;
+            _permission = permission;
        }

        #region " Properties "
@ -424,7 +428,12 @@ namespace BMA.EHR.Insignia.Service.Controllers
        [HttpPost("borrow")]
        public async Task<ActionResult<ResponseObject>> PostBorrowInsignia([FromBody] InsigniaBorrowRequest req)
        {
-
+            var getPermission = await _permission.GetPermissionAPIAsync("CREATE", "SYS_INSIGNIA_BORROW");
+            var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+            if (jsonData["status"]?.ToString() != "200")
+            {
+                return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+            }
            var insigniaNoteProfile = await _context.InsigniaNoteProfiles.AsQueryable()
                            .Include(x => x.RequestInsignia)
                            .Include(x => x.InsigniaNote)
@ -503,7 +512,12 @@ namespace BMA.EHR.Insignia.Service.Controllers
        [HttpPut("return/{insigniaManageProfileId:length(36)}")]
        public async Task<ActionResult<ResponseObject>> PutReturnInsignia([FromBody] InsigniaReturnRequest req, Guid insigniaManageProfileId)
        {
-
+            var getPermission = await _permission.GetPermissionAPIAsync("UPDATE", "SYS_INSIGNIA_BORROW");
+            var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+            if (jsonData["status"]?.ToString() != "200")
+            {
+                return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+            }
            var uppdated = await _context.InsigniaManageProfiles.AsQueryable()
                            //.Include(x => x.BorrowOrganization)
                            .FirstOrDefaultAsync(x => x.Id == insigniaManageProfileId);
@ -548,6 +562,12 @@ namespace BMA.EHR.Insignia.Service.Controllers
        [HttpGet("borrow/{year}/{insigniaTypeId:length(36)}")]
        public async Task<ActionResult<ResponseObject>> ListBorrowReturnInsignia(int year, Guid insigniaTypeId)
        {
+            var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_INSIGNIA_BORROW");
+            var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+            if (jsonData["status"]?.ToString() != "200")
+            {
+                return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+            }
            var insigniaType = await _context.InsigniaTypes
                                    .FirstOrDefaultAsync(x => x.Id == insigniaTypeId);
            if (insigniaType == null)
--- a/BMA.EHR.Report.Service/Controllers/InsigniaReportController.cs
+++ b/BMA.EHR.Report.Service/Controllers/InsigniaReportController.cs
@ -3,9 +3,12 @@ using BMA.EHR.Domain.Common;
 using BMA.EHR.Domain.Extensions;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
+using Newtonsoft.Json.Linq;
+using Newtonsoft.Json;
 using Swashbuckle.AspNetCore.Annotations;
 using Telerik.Reporting;
 using Telerik.Reporting.Processing;
+using BMA.EHR.Application.Repositories;

 namespace BMA.EHR.Report.Service.Controllers
 {
@ -23,19 +26,20 @@ namespace BMA.EHR.Report.Service.Controllers
        private readonly IConfiguration _configuration;
        private readonly InsigniaReportRepository _repository;
        private readonly GenericReportGenerator _reportGenerator;
-
+        private readonly PermissionRepository _permission;

        #endregion

        #region " Constuctor and Destructor "

-        public InsigniaReportController(IWebHostEnvironment hostingEnvironment, IConfiguration configuration, InsigniaReportRepository repository, GenericReportGenerator reportGenerator)
+        public InsigniaReportController(IWebHostEnvironment hostingEnvironment, IConfiguration configuration, InsigniaReportRepository repository, GenericReportGenerator reportGenerator, PermissionRepository permission)
        {

            _hostingEnvironment = hostingEnvironment;
            _configuration = configuration;
            _repository = repository;
            _reportGenerator = reportGenerator;
+            _permission = permission;
        }

        #endregion
@ -384,7 +388,12 @@ namespace BMA.EHR.Report.Service.Controllers
        {
            try
            {
-
+                var getPermission = await _permission.GetPermissionAPIAsync("GET", "SYS_INSIGNIA_REPORT");
+                var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+                if (jsonData["status"]?.ToString() != "200")
+                {
+                    return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+                }
                var mimeType = "";
                switch (exportType.Trim().ToLower())
                {
@ -421,6 +430,12 @@ namespace BMA.EHR.Report.Service.Controllers
        {
            try
            {
+                var getPermission = await _permission.GetPermissionAPIAsync("GET", "SYS_INSIGNIA_REPORT");
+                var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+                if (jsonData["status"]?.ToString() != "200")
+                {
+                    return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+                }
                var data = await _repository.GetSummaryCoinReport(id);
                var SummaryTotal = await _repository.GetSummaryTotalCoinReport(id);
                var YearInsignalPeriod = await _repository.GetYearInsigniaPeriod(id);
@ -493,6 +508,13 @@ namespace BMA.EHR.Report.Service.Controllers
        {
            try
            {
+                var getPermission = await _permission.GetPermissionAPIAsync("GET", "SYS_INSIGNIA_REPORT");
+                var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+                if (jsonData["status"]?.ToString() != "200")
+                {
+                    return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+                }
+
                //Guid ids = Guid.Parse(id);  
                var data = await _repository.GetCoinReport(id);
                var YearInsignalPeriod = await _repository.GetYearInsigniaPeriod(id);