munawwirul_jamal/simrsx-be
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix (encounter): missmatch position checking

Browse Source
This commit is contained in:
dpurbosakti
2025-11-14 10:37:21 +07:00
parent d4c3b0e31c
commit 07e3c3b707
2 changed files with 40 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/lib/auth/tycovar.go
+4
View File
@@ -92,3 +92,7 @@ func (a AuthInfo) IsNurseIntern() bool {
}
return *a.Intern_Position_Code == string(ero.IPCNurse)
}
func (a AuthInfo) HasEmployeePosition() bool {
return a.Employee_Position_Code != nil
}
internal/use-case/main-use-case/encounter/case.go
+36 -3
View File
@@ -78,8 +78,19 @@ func Create(input e.CreateDto) (*d.Data, error) {
}
}
// check if user has employee position
if !input.AuthInfo.HasEmployeePosition() {
event.Status = "failed"
event.ErrInfo = pl.ErrorInfo{
Code: "auth-forbidden",
Detail: "user has no employee position",
Raw: errors.New("authentication failed"),
}
return nil, pl.SetLogError(&event, input)
}
// check only user with registration position is allowed to create encounter
if input.AuthInfo.User_ContractPosition_Code != string(erg.EPCReg) {
if input.AuthInfo.Employee_Position_Code != nil && *input.AuthInfo.Employee_Position_Code != string(erg.EPCReg) {
event.Status = "failed"
event.ErrInfo = pl.ErrorInfo{
Code: "auth-forbidden",
@@ -328,8 +339,19 @@ func Delete(input e.DeleteDto) (*d.Data, error) {
// Start log
pl.SetLogInfo(&event, input, "started", "delete")
// check if user has employee position
if !input.AuthInfo.HasEmployeePosition() {
event.Status = "failed"
event.ErrInfo = pl.ErrorInfo{
Code: "auth-forbidden",
Detail: "user has no employee position",
Raw: errors.New("authentication failed"),
}
return nil, pl.SetLogError(&event, input)
}
// check only user with registration position is allowed to create encounter
if input.AuthInfo.User_ContractPosition_Code != string(erg.EPCReg) {
if input.AuthInfo.Employee_Position_Code != nil && *input.AuthInfo.Employee_Position_Code != string(erg.EPCReg) {
event.Status = "failed"
event.ErrInfo = pl.ErrorInfo{
Code: "auth-forbidden",
@@ -517,7 +539,18 @@ func UpdateStatusCode(input e.UpdateStatusDto) (*d.Data, error) {
string(erg.EPCDoc),
}
if !pu.Contains(roleAllowedToCancel, input.AuthInfo.User_ContractPosition_Code) {
// check if user has employee position
if !input.AuthInfo.HasEmployeePosition() {
event.Status = "failed"
event.ErrInfo = pl.ErrorInfo{
Code: "auth-forbidden",
Detail: "user has no employee position",
Raw: errors.New("authentication failed"),
}
return pl.SetLogError(&event, input)
}
if input.AuthInfo.Employee_Position_Code != nil && !pu.Contains(roleAllowedToCancel, *input.AuthInfo.Employee_Position_Code) {
event.Status = "failed"
event.ErrInfo = pl.ErrorInfo{
Code: "auth-forbidden",