permission สรรหา

Controllers/CandidateController.cs

@@ -5,6 +5,8 @@ using BMA.EHR.Recurit.Exam.Service.Response;
 using BMA.EHR.Recurit.Exam.Service.Services;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
+using Newtonsoft.Json.Linq;
+using Newtonsoft.Json;
 using Swashbuckle.AspNetCore.Annotations;
 
 namespace BMA.EHR.Recurit.Exam.Service.Controllers
@@ -21,15 +23,19 @@ namespace BMA.EHR.Recurit.Exam.Service.Controllers
 
         private readonly CandidateService _candidateService;
         private readonly MinIOService _minioService;
+        private readonly PermissionRepository _permission;
+
         #endregion
 
         #region " Constructor and Destructor "
 
         public CandidateController(CandidateService candidateService,
-                                 MinIOService minioService)
+                                 MinIOService minioService,
+                                 PermissionRepository permission)
         {
             _candidateService = candidateService;
             _minioService = minioService;
+            _permission = permission;
         }
 
         #endregion
@@ -788,6 +794,15 @@ namespace BMA.EHR.Recurit.Exam.Service.Controllers
         {
             try
             {
+                var action = "CREATE";
+                var system = "SYS_EXAM_SELECT";
+                var getPermission = await _permission.GetPermissionAPIAsync(action, system);
+                var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+                if (jsonData["status"]?.ToString() != "200")
+                {
+                    return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+                }
+                var attrPrivilege = jsonData["result"]?.ToString();
                 var _item = new RequestApprove();
 
                 if (item.CandidateId != null)