feat (patient): add patient employee checker

internal/lib/auth/tycovar.go

@@ -103,3 +103,7 @@ func (a AuthInfo) IsNurseIntern() bool {
 func (a AuthInfo) HasEmployeePosition() bool {
 	return a.Employee_Position_Code != nil
 }
+
+func (a AuthInfo) IsReg() bool {
+	return a.Employee_Position_Code != nil && *a.Employee_Position_Code == string(ero.EPCReg)
+}

internal/use-case/main-use-case/patient/case.go

@@ -50,6 +50,16 @@ func Create(input e.CreateDto) (*d.Data, error) {
 		return nil, pl.SetLogError(&event, input)
 	}
 
+	if !input.AuthInfo.IsReg() {
+		event.Status = "failed"
+		event.ErrInfo = pl.ErrorInfo{
+			Code:   "auth-forbidden",
+			Detail: "user role is not allowed to create patient, only 'reg' position is allowed",
+			Raw:    errors.New("authentication failed"),
+		}
+		return nil, pl.SetLogError(&event, input)
+	}
+
 	input.RegisteredBy_User_Name = &input.AuthInfo.User_Name
 
 	err := dg.I.Transaction(func(tx *gorm.DB) error {
@@ -256,6 +266,16 @@ func Update(input e.UpdateDto) (*d.Data, error) {
 	pl.SetLogInfo(&event, input, "started", "update")
 	mwRunner := newMiddlewareRunner(&event)
 
+	if !input.AuthInfo.IsReg() {
+		event.Status = "failed"
+		event.ErrInfo = pl.ErrorInfo{
+			Code:   "auth-forbidden",
+			Detail: "user role is not allowed to create patient, only 'reg' position is allowed",
+			Raw:    errors.New("authentication failed"),
+		}
+		return nil, pl.SetLogError(&event, input)
+	}
+
 	err = dg.I.Transaction(func(tx *gorm.DB) error {
 		pl.SetLogInfo(&event, rdDto, "started", "DBReadDetail")
 		if data, err = ReadDetailData(rdDto, &event, tx); err != nil {