diff --git a/internal/domain/main-entities/mcu-order/dto.go b/internal/domain/main-entities/mcu-order/dto.go index 4dcabce4..0f76b576 100644 --- a/internal/domain/main-entities/mcu-order/dto.go +++ b/internal/domain/main-entities/mcu-order/dto.go @@ -4,9 +4,12 @@ import ( ecore "simrs-vx/internal/domain/base-entities/core" ed "simrs-vx/internal/domain/main-entities/doctor" ee "simrs-vx/internal/domain/main-entities/encounter" + "time" + ercl "simrs-vx/internal/domain/references/clinical" erc "simrs-vx/internal/domain/references/common" - "time" + + pa "simrs-vx/pkg/auth-helper" ) type CreateDto struct { @@ -18,6 +21,8 @@ type CreateDto struct { Number uint8 `json:"number"` Temperature float64 `json:"temperature"` McuUrgencyLevel_Code ercl.McuUrgencyLevelCode `json:"mcuUrgencyLevel_code""` + + pa.AuthInfo } type ReadListDto struct { diff --git a/internal/domain/main-entities/mcu-order/entity.go b/internal/domain/main-entities/mcu-order/entity.go index 96721caf..1c72a2ba 100644 --- a/internal/domain/main-entities/mcu-order/entity.go +++ b/internal/domain/main-entities/mcu-order/entity.go @@ -27,3 +27,7 @@ type McuOrder struct { func (d McuOrder) IsCompleted() bool { return d.Status_Code == erc.DSCDone } + +func (d McuOrder) IsSameDoctor(doctor_id *uint) bool { + return d.Doctor_Id == doctor_id +} diff --git a/internal/interface/main-handler/main-handler.go b/internal/interface/main-handler/main-handler.go index 5adb40cd..87325400 100644 --- a/internal/interface/main-handler/main-handler.go +++ b/internal/interface/main-handler/main-handler.go @@ -124,7 +124,7 @@ func SetRoutes() http.Handler { hc.RegCrud(r, "/v1/prescription-item", prescriptionitem.O) hc.RegCrud(r, "/v1/device-order-item", deviceorderitem.O) hc.RegCrud(r, "/v1/material-order-item", materialorderitem.O) - hk.GroupRoutes("/v1/mcu-order", r, hk.MapHandlerFunc{ + hk.GroupRoutes("/v1/mcu-order", r, auth.GuardMW, hk.MapHandlerFunc{ "GET /": mcuorder.O.GetList, "GET /{id}": mcuorder.O.GetDetail, "POST /": mcuorder.O.Create, diff --git a/internal/interface/main-handler/mcu-order/handler.go b/internal/interface/main-handler/mcu-order/handler.go index 44a635a5..bcd07a05 100644 --- a/internal/interface/main-handler/mcu-order/handler.go +++ b/internal/interface/main-handler/mcu-order/handler.go @@ -10,6 +10,10 @@ import ( e "simrs-vx/internal/domain/main-entities/mcu-order" u "simrs-vx/internal/use-case/main-use-case/mcu-order" + + pa "simrs-vx/pkg/auth-helper" + + d "github.com/karincake/dodol" ) type myBase struct{} @@ -21,6 +25,11 @@ func (obj myBase) Create(w http.ResponseWriter, r *http.Request) { if res := rw.ValidateStructByIOR(w, r.Body, &dto); !res { return } + authInfo, err := pa.GetAuthInfo(r) + if err != nil { + rw.WriteJSON(w, http.StatusUnauthorized, d.IS{"message": err.Error()}, nil) + } + dto.AuthInfo = *authInfo res, err := u.Create(dto) rw.DataResponse(w, res, err) } @@ -53,6 +62,11 @@ func (obj myBase) Update(w http.ResponseWriter, r *http.Request) { if res := rw.ValidateStructByIOR(w, r.Body, &dto); !res { return } + authInfo, err := pa.GetAuthInfo(r) + if err != nil { + rw.WriteJSON(w, http.StatusUnauthorized, d.IS{"message": err.Error()}, nil) + } + dto.AuthInfo = *authInfo dto.Id = uint(id) res, err := u.Update(dto) rw.DataResponse(w, res, err) diff --git a/internal/use-case/main-use-case/mcu-order/case.go b/internal/use-case/main-use-case/mcu-order/case.go index 158a4995..77176cd9 100644 --- a/internal/use-case/main-use-case/mcu-order/case.go +++ b/internal/use-case/main-use-case/mcu-order/case.go @@ -6,6 +6,7 @@ import ( e "simrs-vx/internal/domain/main-entities/mcu-order" + ud "simrs-vx/internal/use-case/main-use-case/doctor" ue "simrs-vx/internal/use-case/main-use-case/encounter" erc "simrs-vx/internal/domain/references/common" @@ -45,6 +46,22 @@ func Create(input e.CreateDto) (*d.Data, error) { return errors.New("encounter is already done") } + if !input.AuthInfo.IsDoctor() { + event.Status = "failed" + event.ErrInfo = pl.ErrorInfo{ + Code: "auth-forbidden", + Detail: "user position is not allowed", + Raw: errors.New("authentication failed"), + } + return pl.SetLogError(&event, input) + } + + doctor_id, err := ud.GetIdByUserId(&input.AuthInfo.User_Id, &event, tx) + if err != nil { + return err + } + input.Doctor_Id = doctor_id + if resData, err := CreateData(input, &event, tx); err != nil { return err } else { @@ -197,6 +214,10 @@ func Update(input e.UpdateDto) (*d.Data, error) { return err } + if data.IsCompleted() { + return errors.New("data already completed") + } + mwRunner := newMiddlewareRunner(&event, tx) mwRunner.setMwType(pu.MWTPre) // Run pre-middleware @@ -204,6 +225,33 @@ func Update(input e.UpdateDto) (*d.Data, error) { return err } + if !input.AuthInfo.IsDoctor() { + event.Status = "failed" + event.ErrInfo = pl.ErrorInfo{ + Code: "auth-forbidden", + Detail: "user position is not allowed", + Raw: errors.New("authentication failed"), + } + return pl.SetLogError(&event, input) + } + + doctor_id, err := ud.GetIdByUserId(&input.AuthInfo.User_Id, &event, tx) + if err != nil { + return err + } + + if !data.IsSameDoctor(doctor_id) { + event.Status = "failed" + event.ErrInfo = pl.ErrorInfo{ + Code: "auth-forbidden", + Detail: "doctor is not the same as the data", + Raw: errors.New("authentication failed"), + } + return pl.SetLogError(&event, input) + } + + input.Doctor_Id = doctor_id + if err := UpdateData(input, data, &event, tx); err != nil { return err } diff --git a/internal/use-case/main-use-case/mcu-order/helper.go b/internal/use-case/main-use-case/mcu-order/helper.go index 65c95bff..b5c9bdf1 100644 --- a/internal/use-case/main-use-case/mcu-order/helper.go +++ b/internal/use-case/main-use-case/mcu-order/helper.go @@ -25,4 +25,5 @@ func setData[T *e.CreateDto | *e.UpdateDto](input T, data *e.McuOrder) { data.Number = inputSrc.Number data.Temperature = inputSrc.Temperature data.McuUrgencyLevel_Code = inputSrc.McuUrgencyLevel_Code + data.Doctor_Id = inputSrc.Doctor_Id }