diff --git a/BMA.EHR.Insignia/Controllers/InsigniaManageController.cs b/BMA.EHR.Insignia/Controllers/InsigniaManageController.cs index 9218d370..0559099f 100644 --- a/BMA.EHR.Insignia/Controllers/InsigniaManageController.cs +++ b/BMA.EHR.Insignia/Controllers/InsigniaManageController.cs @@ -11,6 +11,7 @@ using Microsoft.AspNetCore.Mvc; using Microsoft.EntityFrameworkCore; using Microsoft.EntityFrameworkCore.Storage.ValueConversion.Internal; using Newtonsoft.Json; +using Newtonsoft.Json.Linq; using OfficeOpenXml.Export.ToDataTable; using Swashbuckle.AspNetCore.Annotations; @@ -30,13 +31,15 @@ namespace BMA.EHR.Insignia.Service.Controllers private readonly InsigniaPeriodsRepository _repository; private readonly NotificationRepository _repositoryNoti; private readonly UserProfileRepository _userProfileRepository; + private readonly PermissionRepository _permission; public InsigniaManageController(ApplicationDBContext context, MinIOService documentService, InsigniaPeriodsRepository repository, NotificationRepository repositoryNoti, IHttpContextAccessor httpContextAccessor, - UserProfileRepository userProfileRepository) + UserProfileRepository userProfileRepository, + PermissionRepository permission) { _context = context; _documentService = documentService; @@ -44,6 +47,7 @@ namespace BMA.EHR.Insignia.Service.Controllers _repositoryNoti = repositoryNoti; _httpContextAccessor = httpContextAccessor; _userProfileRepository = userProfileRepository; + _permission = permission; } #region " Properties " @@ -424,7 +428,12 @@ namespace BMA.EHR.Insignia.Service.Controllers [HttpPost("borrow")] public async Task> PostBorrowInsignia([FromBody] InsigniaBorrowRequest req) { - + var getPermission = await _permission.GetPermissionAPIAsync("CREATE", "SYS_INSIGNIA_BORROW"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var insigniaNoteProfile = await _context.InsigniaNoteProfiles.AsQueryable() .Include(x => x.RequestInsignia) .Include(x => x.InsigniaNote) @@ -503,7 +512,12 @@ namespace BMA.EHR.Insignia.Service.Controllers [HttpPut("return/{insigniaManageProfileId:length(36)}")] public async Task> PutReturnInsignia([FromBody] InsigniaReturnRequest req, Guid insigniaManageProfileId) { - + var getPermission = await _permission.GetPermissionAPIAsync("UPDATE", "SYS_INSIGNIA_BORROW"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var uppdated = await _context.InsigniaManageProfiles.AsQueryable() //.Include(x => x.BorrowOrganization) .FirstOrDefaultAsync(x => x.Id == insigniaManageProfileId); @@ -548,6 +562,12 @@ namespace BMA.EHR.Insignia.Service.Controllers [HttpGet("borrow/{year}/{insigniaTypeId:length(36)}")] public async Task> ListBorrowReturnInsignia(int year, Guid insigniaTypeId) { + var getPermission = await _permission.GetPermissionAPIAsync("LIST", "SYS_INSIGNIA_BORROW"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var insigniaType = await _context.InsigniaTypes .FirstOrDefaultAsync(x => x.Id == insigniaTypeId); if (insigniaType == null) diff --git a/BMA.EHR.Report.Service/Controllers/InsigniaReportController.cs b/BMA.EHR.Report.Service/Controllers/InsigniaReportController.cs index 52fdaec3..54526364 100644 --- a/BMA.EHR.Report.Service/Controllers/InsigniaReportController.cs +++ b/BMA.EHR.Report.Service/Controllers/InsigniaReportController.cs @@ -3,9 +3,12 @@ using BMA.EHR.Domain.Common; using BMA.EHR.Domain.Extensions; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; +using Newtonsoft.Json.Linq; +using Newtonsoft.Json; using Swashbuckle.AspNetCore.Annotations; using Telerik.Reporting; using Telerik.Reporting.Processing; +using BMA.EHR.Application.Repositories; namespace BMA.EHR.Report.Service.Controllers { @@ -23,19 +26,20 @@ namespace BMA.EHR.Report.Service.Controllers private readonly IConfiguration _configuration; private readonly InsigniaReportRepository _repository; private readonly GenericReportGenerator _reportGenerator; - + private readonly PermissionRepository _permission; #endregion #region " Constuctor and Destructor " - public InsigniaReportController(IWebHostEnvironment hostingEnvironment, IConfiguration configuration, InsigniaReportRepository repository, GenericReportGenerator reportGenerator) + public InsigniaReportController(IWebHostEnvironment hostingEnvironment, IConfiguration configuration, InsigniaReportRepository repository, GenericReportGenerator reportGenerator, PermissionRepository permission) { _hostingEnvironment = hostingEnvironment; _configuration = configuration; _repository = repository; _reportGenerator = reportGenerator; + _permission = permission; } #endregion @@ -384,7 +388,12 @@ namespace BMA.EHR.Report.Service.Controllers { try { - + var getPermission = await _permission.GetPermissionAPIAsync("GET", "SYS_INSIGNIA_REPORT"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var mimeType = ""; switch (exportType.Trim().ToLower()) { @@ -421,6 +430,12 @@ namespace BMA.EHR.Report.Service.Controllers { try { + var getPermission = await _permission.GetPermissionAPIAsync("GET", "SYS_INSIGNIA_REPORT"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } var data = await _repository.GetSummaryCoinReport(id); var SummaryTotal = await _repository.GetSummaryTotalCoinReport(id); var YearInsignalPeriod = await _repository.GetYearInsigniaPeriod(id); @@ -493,6 +508,13 @@ namespace BMA.EHR.Report.Service.Controllers { try { + var getPermission = await _permission.GetPermissionAPIAsync("GET", "SYS_INSIGNIA_REPORT"); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } + //Guid ids = Guid.Parse(id); var data = await _repository.GetCoinReport(id); var YearInsignalPeriod = await _repository.GetYearInsigniaPeriod(id);