From dd5466de21129fb7e2650d19955669d7f63d2be2 Mon Sep 17 00:00:00 2001
From: Bright <harid_pr61@live.rmutl.ac.th>
Date: Tue, 20 Aug 2024 11:04:07 +0700
Subject: [PATCH] =?UTF-8?q?permission=20=E0=B8=AA=E0=B8=A3=E0=B8=A3?=
 =?UTF-8?q?=E0=B8=AB=E0=B8=B2?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Controllers/CMSCandidateController.cs | 61 ++++++++++++++++++++++-
 Controllers/CandidateController.cs    | 17 ++++++-
 Controllers/DisableController.cs      | 44 ++++++++++++++++-
 Controllers/PeriodExamController.cs   | 33 ++++++++++++-
 Program.cs                            |  1 +
 Repositories/PermissionRepository.cs  | 69 +++++++++++++++++++++++++++
 6 files changed, 220 insertions(+), 5 deletions(-)
 create mode 100644 Repositories/PermissionRepository.cs

diff --git a/Controllers/CMSCandidateController.cs b/Controllers/CMSCandidateController.cs
index c9e4d73..1aeb749 100644
--- a/Controllers/CMSCandidateController.cs
+++ b/Controllers/CMSCandidateController.cs
@@ -3,9 +3,12 @@ using BMA.EHR.Recurit.Exam.Service.Models;
 using BMA.EHR.Recurit.Exam.Service.Request;
 using BMA.EHR.Recurit.Exam.Service.Response;
 using BMA.EHR.Recurit.Exam.Service.Services;
+using BMA.EHR.Recurit.Exam.Service.Request;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Swashbuckle.AspNetCore.Annotations;
+using Newtonsoft.Json.Linq;
+using Newtonsoft.Json;
 
 namespace BMA.EHR.Recurit.Exam.Service.Controllers
 {
@@ -20,14 +23,16 @@ namespace BMA.EHR.Recurit.Exam.Service.Controllers
         #region " Fields "
 
         private readonly CMSCandidateService _cmsCandidateService;
+        private readonly PermissionRepository _permission;
 
         #endregion
 
         #region " Constructor and Destructor "
 
-        public CMSCandidateController(CMSCandidateService cmsCandidateService)
+        public CMSCandidateController(CMSCandidateService cmsCandidateService, PermissionRepository permission)
         {
             _cmsCandidateService = cmsCandidateService;
+            _permission = permission;
         }
 
         #endregion
@@ -75,6 +80,15 @@ namespace BMA.EHR.Recurit.Exam.Service.Controllers
         {
             try
             {
+                var action = "CREATE";
+                var system = "SYS_EXAM_WEBSITE";
+                var getPermission = await _permission.GetPermissionAPIAsync(action, system);
+                var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+                if (jsonData["status"]?.ToString() != "200")
+                {
+                    return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+                }
+                var attrPrivilege = jsonData["result"]?.ToString();
                 await _cmsCandidateService.UpdateDetailAsync(detail);
 
                 return Success();
@@ -101,6 +115,15 @@ namespace BMA.EHR.Recurit.Exam.Service.Controllers
         {
             try
             {
+                var action = "CREATE";
+                var system = "SYS_EXAM_WEBSITE";
+                var getPermission = await _permission.GetPermissionAPIAsync(action, system);
+                var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+                if (jsonData["status"]?.ToString() != "200")
+                {
+                    return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+                }
+                var attrPrivilege = jsonData["result"]?.ToString();
                 await _cmsCandidateService.UpdateAboutAsync(about);
 
                 return Success();
@@ -127,6 +150,15 @@ namespace BMA.EHR.Recurit.Exam.Service.Controllers
         {
             try
             {
+                var action = "CREATE";
+                var system = "SYS_EXAM_WEBSITE";
+                var getPermission = await _permission.GetPermissionAPIAsync(action, system);
+                var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+                if (jsonData["status"]?.ToString() != "200")
+                {
+                    return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+                }
+                var attrPrivilege = jsonData["result"]?.ToString();
                 if (Request.Form.Files == null || Request.Form.Files.Count == 0)
                 {
                     return Error(GlobalMessages.NoFileToUpload);
@@ -159,6 +191,15 @@ namespace BMA.EHR.Recurit.Exam.Service.Controllers
         {
             try
             {
+                var action = "CREATE";
+                var system = "SYS_EXAM_WEBSITE";
+                var getPermission = await _permission.GetPermissionAPIAsync(action, system);
+                var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+                if (jsonData["status"]?.ToString() != "200")
+                {
+                    return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+                }
+                var attrPrivilege = jsonData["result"]?.ToString();
                 if (Request.Form.Files == null || Request.Form.Files.Count == 0)
                 {
                     return Error(GlobalMessages.NoFileToUpload);
@@ -191,6 +232,15 @@ namespace BMA.EHR.Recurit.Exam.Service.Controllers
         {
             try
             {
+                var action = "CREATE";
+                var system = "SYS_EXAM_WEBSITE";
+                var getPermission = await _permission.GetPermissionAPIAsync(action, system);
+                var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+                if (jsonData["status"]?.ToString() != "200")
+                {
+                    return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+                }
+                var attrPrivilege = jsonData["result"]?.ToString();
                 await _cmsCandidateService.UpdateAgencyAsync(agency);
 
                 return Success();
@@ -217,6 +267,15 @@ namespace BMA.EHR.Recurit.Exam.Service.Controllers
         {
             try
             {
+                var action = "CREATE";
+                var system = "SYS_EXAM_WEBSITE";
+                var getPermission = await _permission.GetPermissionAPIAsync(action, system);
+                var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+                if (jsonData["status"]?.ToString() != "200")
+                {
+                    return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+                }
+                var attrPrivilege = jsonData["result"]?.ToString();
                 await _cmsCandidateService.UpdateGovernmentAsync(government);
 
                 return Success();
diff --git a/Controllers/CandidateController.cs b/Controllers/CandidateController.cs
index fff1227..b98defe 100644
--- a/Controllers/CandidateController.cs
+++ b/Controllers/CandidateController.cs
@@ -5,6 +5,8 @@ using BMA.EHR.Recurit.Exam.Service.Response;
 using BMA.EHR.Recurit.Exam.Service.Services;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
+using Newtonsoft.Json.Linq;
+using Newtonsoft.Json;
 using Swashbuckle.AspNetCore.Annotations;
 
 namespace BMA.EHR.Recurit.Exam.Service.Controllers
@@ -21,15 +23,19 @@ namespace BMA.EHR.Recurit.Exam.Service.Controllers
 
         private readonly CandidateService _candidateService;
         private readonly MinIOService _minioService;
+        private readonly PermissionRepository _permission;
+
         #endregion
 
         #region " Constructor and Destructor "
 
         public CandidateController(CandidateService candidateService,
-                                 MinIOService minioService)
+                                 MinIOService minioService,
+                                 PermissionRepository permission)
         {
             _candidateService = candidateService;
             _minioService = minioService;
+            _permission = permission;
         }
 
         #endregion
@@ -788,6 +794,15 @@ namespace BMA.EHR.Recurit.Exam.Service.Controllers
         {
             try
             {
+                var action = "CREATE";
+                var system = "SYS_EXAM_SELECT";
+                var getPermission = await _permission.GetPermissionAPIAsync(action, system);
+                var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+                if (jsonData["status"]?.ToString() != "200")
+                {
+                    return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+                }
+                var attrPrivilege = jsonData["result"]?.ToString();
                 var _item = new RequestApprove();
 
                 if (item.CandidateId != null)
diff --git a/Controllers/DisableController.cs b/Controllers/DisableController.cs
index b1c3fc2..be7821c 100644
--- a/Controllers/DisableController.cs
+++ b/Controllers/DisableController.cs
@@ -24,6 +24,8 @@ using System.Net;
 using System.Net.WebSockets;
 using System.Security.Claims;
 using System.Text;
+using Newtonsoft.Json.Linq;
+using Newtonsoft.Json;
 
 namespace BMA.EHR.Recurit.Exam.Service.Controllers
 {
@@ -43,7 +45,7 @@ namespace BMA.EHR.Recurit.Exam.Service.Controllers
         private readonly IWebHostEnvironment _webHostEnvironment;
         private readonly DisableService _disableService;
         private readonly PeriodExamService _periodExamService;
-
+        private readonly PermissionRepository _permission;
         private readonly IHttpContextAccessor _httpContextAccessor;
         private readonly ILogger<DisableController> _logger;
 
@@ -58,7 +60,8 @@ namespace BMA.EHR.Recurit.Exam.Service.Controllers
                                  DisableService disableService,
                                  PeriodExamService periodExamService,
                                  IHttpContextAccessor httpContextAccessor,
-                                 ILogger<DisableController> logger)
+                                 ILogger<DisableController> logger,
+                                 PermissionRepository permission)
         {
             _context = context;
             _contextMetadata = contextMetadata;
@@ -68,6 +71,7 @@ namespace BMA.EHR.Recurit.Exam.Service.Controllers
             _periodExamService = periodExamService;
             _httpContextAccessor = httpContextAccessor;
             _logger = logger;
+            _permission = permission;
         }
 
         #endregion
@@ -556,6 +560,15 @@ namespace BMA.EHR.Recurit.Exam.Service.Controllers
         {
             try
             {
+                var action = "UPDATE";
+                var system = "SYS_EXAM_SELECT";
+                var getPermission = await _permission.GetPermissionAPIAsync(action, system);
+                var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+                if (jsonData["status"]?.ToString() != "200")
+                {
+                    return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+                }
+                var attrPrivilege = jsonData["result"]?.ToString();
                 var data = await _context.PeriodExams.AsQueryable()
                                     .Where(x => x.CheckDisability == true)
                                     .FirstOrDefaultAsync(x => x.Id == id);
@@ -611,6 +624,15 @@ namespace BMA.EHR.Recurit.Exam.Service.Controllers
         {
             try
             {
+                var action = "DELETE";
+                var system = "SYS_EXAM_SELECT";
+                var getPermission = await _permission.GetPermissionAPIAsync(action, system);
+                var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+                if (jsonData["status"]?.ToString() != "200")
+                {
+                    return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+                }
+                var attrPrivilege = jsonData["result"]?.ToString();
                 var data = await _context.PeriodExams.AsQueryable()
                                 .Where(x => x.CheckDisability == true)
                                 .Include(x => x.ImportFile)
@@ -1097,6 +1119,15 @@ namespace BMA.EHR.Recurit.Exam.Service.Controllers
         [ProducesResponseType(StatusCodes.Status500InternalServerError)]
         public async Task<ActionResult<ResponseObject>> ImportCandidateFileByIdAsync(Guid id)
         {
+            var action = "CREATE";
+            var system = "SYS_EXAM_SELECT";
+            var getPermission = await _permission.GetPermissionAPIAsync(action, system);
+            var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+            if (jsonData["status"]?.ToString() != "200")
+            {
+                return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+            }
+            var attrPrivilege = jsonData["result"]?.ToString();
             var tmpDir = Path.Combine(_webHostEnvironment.ContentRootPath, "tmp");
             if (!Directory.Exists(tmpDir))
                 Directory.CreateDirectory(tmpDir);
@@ -1341,6 +1372,15 @@ namespace BMA.EHR.Recurit.Exam.Service.Controllers
         [HttpPost("score/{id:length(36)}"), DisableRequestSizeLimit]
         public async Task<ActionResult<ResponseObject>> ImportScoreFileAsync(Guid id)
         {
+            var action = "CREATE";
+            var system = "SYS_EXAM_SELECT";
+            var getPermission = await _permission.GetPermissionAPIAsync(action, system);
+            var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+            if (jsonData["status"]?.ToString() != "200")
+            {
+                return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+            }
+            var attrPrivilege = jsonData["result"]?.ToString();
             var tmpDir = Path.Combine(_webHostEnvironment.ContentRootPath, "tmp");
             if (!Directory.Exists(tmpDir))
                 Directory.CreateDirectory(tmpDir);
diff --git a/Controllers/PeriodExamController.cs b/Controllers/PeriodExamController.cs
index f1184f9..1ca8029 100644
--- a/Controllers/PeriodExamController.cs
+++ b/Controllers/PeriodExamController.cs
@@ -5,6 +5,8 @@ using BMA.EHR.Recurit.Exam.Service.Response;
 using BMA.EHR.Recurit.Exam.Service.Services;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
+using Newtonsoft.Json.Linq;
+using Newtonsoft.Json;
 using Swashbuckle.AspNetCore.Annotations;
 
 namespace BMA.EHR.Recurit.Exam.Service.Controllers
@@ -22,15 +24,17 @@ namespace BMA.EHR.Recurit.Exam.Service.Controllers
 
         private readonly PeriodExamService _periodExamService;
         private readonly MinIOService _minioService;
+        private readonly PermissionRepository _permission;
 
         #endregion
 
         #region " Constructor and Destructor "
 
-        public PeriodExamController(PeriodExamService periodExamService, MinIOService minioService)
+        public PeriodExamController(PeriodExamService periodExamService, MinIOService minioService, PermissionRepository permission)
         {
             _periodExamService = periodExamService;
             _minioService = minioService;
+            _permission = permission;
         }
 
         #endregion
@@ -156,6 +160,15 @@ namespace BMA.EHR.Recurit.Exam.Service.Controllers
         {
             try
             {
+                var action = "CREATE";
+                var system = "SYS_EXAM_SELECT";
+                var getPermission = await _permission.GetPermissionAPIAsync(action, system);
+                var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+                if (jsonData["status"]?.ToString() != "200")
+                {
+                    return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+                }
+                var attrPrivilege = jsonData["result"]?.ToString();
                 var items = await _periodExamService.CreateAsync(item);
 
                 return Success(items);
@@ -183,6 +196,15 @@ namespace BMA.EHR.Recurit.Exam.Service.Controllers
         {
             try
             {
+                var action = "UPDATE";
+                var system = "SYS_EXAM_SELECT";
+                var getPermission = await _permission.GetPermissionAPIAsync(action, system);
+                var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+                if (jsonData["status"]?.ToString() != "200")
+                {
+                    return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+                }
+                var attrPrivilege = jsonData["result"]?.ToString();
                 await _periodExamService.UpdateAsync(examId, item);
 
                 return Success();
@@ -249,6 +271,15 @@ namespace BMA.EHR.Recurit.Exam.Service.Controllers
         {
             try
             {
+                var action = "DELETE";
+                var system = "SYS_EXAM_SELECT";
+                var getPermission = await _permission.GetPermissionAPIAsync(action, system);
+                var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+                if (jsonData["status"]?.ToString() != "200")
+                {
+                    return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+                }
+                var attrPrivilege = jsonData["result"]?.ToString();
                 await _periodExamService.DeleteAsync(examId);
 
                 return Success();
diff --git a/Program.cs b/Program.cs
index 4301c4b..a40111e 100644
--- a/Program.cs
+++ b/Program.cs
@@ -87,6 +87,7 @@ builder.Services.AddTransient<PeriodExamService>();
 builder.Services.AddTransient<MinIOService>();
 builder.Services.AddTransient<MailService>();
 builder.Services.AddTransient<CMSCandidateService>();
+builder.Services.AddTransient<PermissionRepository>();
 
 // Add services to the container.
 builder.Services.AddControllers(options =>
diff --git a/Repositories/PermissionRepository.cs b/Repositories/PermissionRepository.cs
new file mode 100644
index 0000000..afc84af
--- /dev/null
+++ b/Repositories/PermissionRepository.cs
@@ -0,0 +1,69 @@
+using System.Security.Claims;
+using BMA.EHR.Domain.Models.Placement;
+using BMA.EHR.Recurit.Exam.Service.Extensions;
+using BMA.EHR.Recurit.Exam.Service.Core;
+using BMA.EHR.Recurit.Exam.Service.Data;
+using BMA.EHR.Recurit.Exam.Service.Models;
+using BMA.EHR.Recurit.Exam.Service.Request;
+using BMA.EHR.Recurit.Exam.Service.Response;
+using BMA.EHR.Recurit.Exam.Service.Responses.Document;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.EntityFrameworkCore;
+using System.Configuration;
+using System.Net.Http.Headers;
+
+namespace BMA.EHR.Recurit.Exam.Service.Services
+{
+    public class PermissionRepository
+    {
+        #region " Fields "
+
+        private readonly IHttpContextAccessor _httpContextAccessor;
+        private readonly IConfiguration _configuration;
+
+        #endregion
+
+        #region " Constructor and Destructor "
+
+        public PermissionRepository(IHttpContextAccessor httpContextAccessor,
+                                 IConfiguration configuration)
+        {
+            _httpContextAccessor = httpContextAccessor;
+            _configuration = configuration;
+        }
+
+        #endregion
+
+        #region " Properties "
+
+        protected string? AccessToken => _httpContextAccessor?.HttpContext?.Request.Headers["Authorization"];
+
+        #endregion
+
+        #region " Methods "
+
+        public async Task<dynamic> GetPermissionAPIAsync(string action, string system)
+        {
+            try
+            {
+                var apiPath = $"{_configuration["API"]}/org/permission/dotnet/{action}/{system}";
+
+                using (var client = new HttpClient())
+                {
+                    client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", AccessToken.Replace("Bearer ", ""));
+                    client.DefaultRequestHeaders.Add("api_key", _configuration["API_KEY"]);
+                    var req = await client.GetAsync(apiPath);
+                    var res = await req.Content.ReadAsStringAsync();
+                    return res;
+                }
+            }
+            catch
+            {
+                throw;
+            }
+        }
+
+        #endregion
+
+    }
+}