Merge pull request #197 from dikstub-rssa/fix/anything-moko

Fix/anything moko

internal/lib/auth/tycovar.go

@@ -103,3 +103,11 @@ func (a AuthInfo) IsNurseIntern() bool {
 func (a AuthInfo) HasEmployeePosition() bool {
 	return a.Employee_Position_Code != nil
 }
+
+func (a AuthInfo) IsReg() bool {
+	return a.Employee_Position_Code != nil && *a.Employee_Position_Code == string(ero.EPCReg)
+}
+
+func (a AuthInfo) IsSys() bool {
+	return a.User_ContractPosition_Code == string(ero.CSCSys)
+}

internal/use-case/main-use-case/patient/case.go

@@ -39,12 +39,11 @@ func Create(input e.CreateDto) (*d.Data, error) {
 	pl.SetLogInfo(&event, input, "started", "create")
 	mwRunner := newMiddlewareRunner(&event)
 
-	// check if user has employee position
-	if !input.AuthInfo.HasEmployeePosition() {
+	if !input.AuthInfo.IsReg() && !input.AuthInfo.IsSys() {
 		event.Status = "failed"
 		event.ErrInfo = pl.ErrorInfo{
 			Code:   "auth-forbidden",
-			Detail: "user has no employee position",
+			Detail: "user role is not allowed to create patient, only 'reg' position is allowed",
 			Raw:    errors.New("authentication failed"),
 		}
 		return nil, pl.SetLogError(&event, input)
@@ -256,6 +255,16 @@ func Update(input e.UpdateDto) (*d.Data, error) {
 	pl.SetLogInfo(&event, input, "started", "update")
 	mwRunner := newMiddlewareRunner(&event)
 
+	if !input.AuthInfo.IsReg() && !input.AuthInfo.IsSys() {
+		event.Status = "failed"
+		event.ErrInfo = pl.ErrorInfo{
+			Code:   "auth-forbidden",
+			Detail: "user role is not allowed to create patient, only 'reg' position is allowed",
+			Raw:    errors.New("authentication failed"),
+		}
+		return nil, pl.SetLogError(&event, input)
+	}
+
 	err = dg.I.Transaction(func(tx *gorm.DB) error {
 		pl.SetLogInfo(&event, rdDto, "started", "DBReadDetail")
 		if data, err = ReadDetailData(rdDto, &event, tx); err != nil {