diff --git a/Controllers/RecruitController.cs b/Controllers/RecruitController.cs index 65933b2..262ba71 100644 --- a/Controllers/RecruitController.cs +++ b/Controllers/RecruitController.cs @@ -12,6 +12,8 @@ using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Microsoft.EntityFrameworkCore; using MySqlConnector; +using Newtonsoft.Json; +using Newtonsoft.Json.Linq; using OfficeOpenXml; using Org.BouncyCastle.Ocsp; using Sentry; @@ -39,7 +41,7 @@ namespace BMA.EHR.Recruit.Service.Controllers private readonly MinIOService _minioService; private readonly IWebHostEnvironment _webHostEnvironment; private readonly RecruitService _recruitService; - + private readonly PermissionRepository _permission; private readonly IHttpContextAccessor _httpContextAccessor; private readonly ILogger _logger; @@ -53,7 +55,8 @@ namespace BMA.EHR.Recruit.Service.Controllers IWebHostEnvironment webHostEnvironment, RecruitService recruitService, IHttpContextAccessor httpContextAccessor, - ILogger logger) + ILogger logger, + PermissionRepository permission) { _context = context; _contextMetadata = contextMetadata; @@ -62,6 +65,7 @@ namespace BMA.EHR.Recruit.Service.Controllers _recruitService = recruitService; _httpContextAccessor = httpContextAccessor; _logger = logger; + _permission = permission; } #endregion @@ -440,6 +444,15 @@ namespace BMA.EHR.Recruit.Service.Controllers { try { + var action = "CREATE"; + var system = "SYS_EXAM_SELECT"; + var getPermission = await _permission.GetPermissionAPIAsync(action, system); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } + var attrPrivilege = jsonData["result"]?.ToString(); if (req == null) return Error(GlobalMessages.InvalidRequestParam, (int)HttpStatusCode.BadRequest); @@ -494,6 +507,15 @@ namespace BMA.EHR.Recruit.Service.Controllers { try { + var action = "UPDATE"; + var system = "SYS_EXAM_SELECT"; + var getPermission = await _permission.GetPermissionAPIAsync(action, system); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } + var attrPrivilege = jsonData["result"]?.ToString(); var data = await _context.RecruitImports.AsQueryable().FirstOrDefaultAsync(x => x.Id == id); if (data == null) @@ -894,6 +916,15 @@ namespace BMA.EHR.Recruit.Service.Controllers { try { + var action = "DELETE"; + var system = "SYS_EXAM_SELECT"; + var getPermission = await _permission.GetPermissionAPIAsync(action, system); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } + var attrPrivilege = jsonData["result"]?.ToString(); var data = await _context.RecruitImports.AsQueryable() .Include(x => x.ImportHostories) .Include(x => x.ImportFile) @@ -989,6 +1020,15 @@ namespace BMA.EHR.Recruit.Service.Controllers [ProducesResponseType(StatusCodes.Status500InternalServerError)] public async Task> ImportCandidateFileByIdAsync(Guid id) { + var action = "CREATE"; + var system = "SYS_EXAM_SELECT"; + var getPermission = await _permission.GetPermissionAPIAsync(action, system); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } + var attrPrivilege = jsonData["result"]?.ToString(); var tmpDir = Path.Combine(_webHostEnvironment.ContentRootPath, "tmp"); if (!Directory.Exists(tmpDir)) Directory.CreateDirectory(tmpDir); @@ -1196,6 +1236,15 @@ namespace BMA.EHR.Recruit.Service.Controllers [HttpPost("score/{id:length(36)}"), DisableRequestSizeLimit] public async Task> ImportScoreFileAsync(Guid id) { + var action = "CREATE"; + var system = "SYS_EXAM_SELECT"; + var getPermission = await _permission.GetPermissionAPIAsync(action, system); + var jsonData = JsonConvert.DeserializeObject(getPermission); + if (jsonData["status"]?.ToString() != "200") + { + return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden); + } + var attrPrivilege = jsonData["result"]?.ToString(); var tmpDir = Path.Combine(_webHostEnvironment.ContentRootPath, "tmp"); if (!Directory.Exists(tmpDir)) Directory.CreateDirectory(tmpDir); diff --git a/Program.cs b/Program.cs index f094714..fe66d99 100644 --- a/Program.cs +++ b/Program.cs @@ -64,6 +64,7 @@ builder.Services.AddAuthorization(); // Register Services builder.Services.AddTransient(); builder.Services.AddTransient(); +builder.Services.AddTransient(); // use serilog ConfigureLogs(); diff --git a/Repositories/PermissionRepository.cs b/Repositories/PermissionRepository.cs new file mode 100644 index 0000000..3420f68 --- /dev/null +++ b/Repositories/PermissionRepository.cs @@ -0,0 +1,62 @@ +using System; +using System.Collections.Generic; +using System.Linq; +using System.Threading.Tasks; +using Microsoft.EntityFrameworkCore; +using BMA.EHR.Recruit.Service.Data; +using BMA.EHR.Recruit.Service.Models.Recruits; +using BMA.EHR.Recruit.Service.Core; +using BMA.EHR.MetaData.Service.Models; +using BMA.EHR.Domain.Models.Placement; +using BMA.EHR.Recurit.Service.Data; +using System.Security.Claims; +using System.Net.Http.Headers; +using Newtonsoft.Json; + +namespace BMA.EHR.Recruit.Service.Services +{ + public class PermissionRepository + { + private readonly IHttpContextAccessor _httpContextAccessor; + private readonly IConfiguration _configuration; + + public PermissionRepository(IHttpContextAccessor httpContextAccessor, + IConfiguration configuration) + { + _httpContextAccessor = httpContextAccessor; + _configuration = configuration; + } + + #region " Properties " + + private string? AccessToken => _httpContextAccessor?.HttpContext?.Request.Headers["Authorization"]; + + #endregion + + #region " Methods " + + public async Task GetPermissionAPIAsync(string action, string system) + { + try + { + var apiPath = $"{_configuration["API"]}/org/permission/dotnet/{action}/{system}"; + + using (var client = new HttpClient()) + { + client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", AccessToken.Replace("Bearer ", "")); + client.DefaultRequestHeaders.Add("api_key", _configuration["API_KEY"]); + var req = await client.GetAsync(apiPath); + var res = await req.Content.ReadAsStringAsync(); + return res; + } + } + catch + { + throw; + } + } + + #endregion + + } +} \ No newline at end of file