permission สรรหา

2024-08-20 11:28:47 +07:00 · 2024-08-20 11:28:47 +07:00 · 1b9bc7dc97
commit 1b9bc7dc97
parent 6f60af960f
3 changed files with 114 additions and 2 deletions
--- a/Controllers/RecruitController.cs
+++ b/Controllers/RecruitController.cs
@ -12,6 +12,8 @@ using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
 using MySqlConnector;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Linq;
 using OfficeOpenXml;
 using Org.BouncyCastle.Ocsp;
 using Sentry;
@ -39,7 +41,7 @@ namespace BMA.EHR.Recruit.Service.Controllers
        private readonly MinIOService _minioService;
        private readonly IWebHostEnvironment _webHostEnvironment;
        private readonly RecruitService _recruitService;
-
+        private readonly PermissionRepository _permission;
        private readonly IHttpContextAccessor _httpContextAccessor;
        private readonly ILogger<RecruitController> _logger;

@ -53,7 +55,8 @@ namespace BMA.EHR.Recruit.Service.Controllers
                                 IWebHostEnvironment webHostEnvironment,
                                 RecruitService recruitService,
                                 IHttpContextAccessor httpContextAccessor,
-                                 ILogger<RecruitController> logger)
+                                 ILogger<RecruitController> logger,
+                                 PermissionRepository permission)
        {
            _context = context;
            _contextMetadata = contextMetadata;
@ -62,6 +65,7 @@ namespace BMA.EHR.Recruit.Service.Controllers
            _recruitService = recruitService;
            _httpContextAccessor = httpContextAccessor;
            _logger = logger;
+            _permission = permission;
        }

        #endregion
@ -440,6 +444,15 @@ namespace BMA.EHR.Recruit.Service.Controllers
        {
            try
            {
+                var action = "CREATE";
+                var system = "SYS_EXAM_SELECT";
+                var getPermission = await _permission.GetPermissionAPIAsync(action, system);
+                var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+                if (jsonData["status"]?.ToString() != "200")
+                {
+                    return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+                }
+                var attrPrivilege = jsonData["result"]?.ToString();
                if (req == null)
                    return Error(GlobalMessages.InvalidRequestParam, (int)HttpStatusCode.BadRequest);

@ -494,6 +507,15 @@ namespace BMA.EHR.Recruit.Service.Controllers
        {
            try
            {
+                var action = "UPDATE";
+                var system = "SYS_EXAM_SELECT";
+                var getPermission = await _permission.GetPermissionAPIAsync(action, system);
+                var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+                if (jsonData["status"]?.ToString() != "200")
+                {
+                    return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+                }
+                var attrPrivilege = jsonData["result"]?.ToString();
                var data = await _context.RecruitImports.AsQueryable().FirstOrDefaultAsync(x => x.Id == id);

                if (data == null)
@ -894,6 +916,15 @@ namespace BMA.EHR.Recruit.Service.Controllers
        {
            try
            {
+                var action = "DELETE";
+                var system = "SYS_EXAM_SELECT";
+                var getPermission = await _permission.GetPermissionAPIAsync(action, system);
+                var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+                if (jsonData["status"]?.ToString() != "200")
+                {
+                    return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+                }
+                var attrPrivilege = jsonData["result"]?.ToString();
                var data = await _context.RecruitImports.AsQueryable()
                                .Include(x => x.ImportHostories)
                                .Include(x => x.ImportFile)
@ -989,6 +1020,15 @@ namespace BMA.EHR.Recruit.Service.Controllers
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
        public async Task<ActionResult<ResponseObject>> ImportCandidateFileByIdAsync(Guid id)
        {
+            var action = "CREATE";
+            var system = "SYS_EXAM_SELECT";
+            var getPermission = await _permission.GetPermissionAPIAsync(action, system);
+            var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+            if (jsonData["status"]?.ToString() != "200")
+            {
+                return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+            }
+            var attrPrivilege = jsonData["result"]?.ToString();
            var tmpDir = Path.Combine(_webHostEnvironment.ContentRootPath, "tmp");
            if (!Directory.Exists(tmpDir))
                Directory.CreateDirectory(tmpDir);
@ -1196,6 +1236,15 @@ namespace BMA.EHR.Recruit.Service.Controllers
        [HttpPost("score/{id:length(36)}"), DisableRequestSizeLimit]
        public async Task<ActionResult<ResponseObject>> ImportScoreFileAsync(Guid id)
        {
+            var action = "CREATE";
+            var system = "SYS_EXAM_SELECT";
+            var getPermission = await _permission.GetPermissionAPIAsync(action, system);
+            var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+            if (jsonData["status"]?.ToString() != "200")
+            {
+                return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+            }
+            var attrPrivilege = jsonData["result"]?.ToString();
            var tmpDir = Path.Combine(_webHostEnvironment.ContentRootPath, "tmp");
            if (!Directory.Exists(tmpDir))
                Directory.CreateDirectory(tmpDir);