From 2cc7af845da640d67b82d6803167372792fbb5d5 Mon Sep 17 00:00:00 2001 From: dpurbosakti Date: Mon, 8 Dec 2025 15:15:25 +0700 Subject: [PATCH 1/3] feat (patient): add patient employee checker --- internal/lib/auth/tycovar.go | 4 ++++ .../use-case/main-use-case/patient/case.go | 20 +++++++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/internal/lib/auth/tycovar.go b/internal/lib/auth/tycovar.go index c673eb04..c746b795 100644 --- a/internal/lib/auth/tycovar.go +++ b/internal/lib/auth/tycovar.go @@ -103,3 +103,7 @@ func (a AuthInfo) IsNurseIntern() bool { func (a AuthInfo) HasEmployeePosition() bool { return a.Employee_Position_Code != nil } + +func (a AuthInfo) IsReg() bool { + return a.Employee_Position_Code != nil && *a.Employee_Position_Code == string(ero.EPCReg) +} diff --git a/internal/use-case/main-use-case/patient/case.go b/internal/use-case/main-use-case/patient/case.go index 24aa4394..a53072fe 100644 --- a/internal/use-case/main-use-case/patient/case.go +++ b/internal/use-case/main-use-case/patient/case.go @@ -50,6 +50,16 @@ func Create(input e.CreateDto) (*d.Data, error) { return nil, pl.SetLogError(&event, input) } + if !input.AuthInfo.IsReg() { + event.Status = "failed" + event.ErrInfo = pl.ErrorInfo{ + Code: "auth-forbidden", + Detail: "user role is not allowed to create patient, only 'reg' position is allowed", + Raw: errors.New("authentication failed"), + } + return nil, pl.SetLogError(&event, input) + } + input.RegisteredBy_User_Name = &input.AuthInfo.User_Name err := dg.I.Transaction(func(tx *gorm.DB) error { @@ -256,6 +266,16 @@ func Update(input e.UpdateDto) (*d.Data, error) { pl.SetLogInfo(&event, input, "started", "update") mwRunner := newMiddlewareRunner(&event) + if !input.AuthInfo.IsReg() { + event.Status = "failed" + event.ErrInfo = pl.ErrorInfo{ + Code: "auth-forbidden", + Detail: "user role is not allowed to create patient, only 'reg' position is allowed", + Raw: errors.New("authentication failed"), + } + return nil, pl.SetLogError(&event, input) + } + err = dg.I.Transaction(func(tx *gorm.DB) error { pl.SetLogInfo(&event, rdDto, "started", "DBReadDetail") if data, err = ReadDetailData(rdDto, &event, tx); err != nil { From 9b4b6949df5d35b0aec3a4754ba9cd3760f74696 Mon Sep 17 00:00:00 2001 From: dpurbosakti Date: Mon, 8 Dec 2025 16:02:40 +0700 Subject: [PATCH 2/3] feat (patient): add guard for reg and sys --- internal/lib/auth/tycovar.go | 4 ++++ internal/use-case/main-use-case/patient/case.go | 15 ++------------- 2 files changed, 6 insertions(+), 13 deletions(-) diff --git a/internal/lib/auth/tycovar.go b/internal/lib/auth/tycovar.go index c746b795..a958fa6a 100644 --- a/internal/lib/auth/tycovar.go +++ b/internal/lib/auth/tycovar.go @@ -107,3 +107,7 @@ func (a AuthInfo) HasEmployeePosition() bool { func (a AuthInfo) IsReg() bool { return a.Employee_Position_Code != nil && *a.Employee_Position_Code == string(ero.EPCReg) } + +func (a AuthInfo) IsSys() bool { + return a.User_ContractPosition_Code == string(ero.CSCSys) +} diff --git a/internal/use-case/main-use-case/patient/case.go b/internal/use-case/main-use-case/patient/case.go index a53072fe..f82d114d 100644 --- a/internal/use-case/main-use-case/patient/case.go +++ b/internal/use-case/main-use-case/patient/case.go @@ -39,18 +39,7 @@ func Create(input e.CreateDto) (*d.Data, error) { pl.SetLogInfo(&event, input, "started", "create") mwRunner := newMiddlewareRunner(&event) - // check if user has employee position - if !input.AuthInfo.HasEmployeePosition() { - event.Status = "failed" - event.ErrInfo = pl.ErrorInfo{ - Code: "auth-forbidden", - Detail: "user has no employee position", - Raw: errors.New("authentication failed"), - } - return nil, pl.SetLogError(&event, input) - } - - if !input.AuthInfo.IsReg() { + if !input.AuthInfo.IsReg() || !input.AuthInfo.IsSys() { event.Status = "failed" event.ErrInfo = pl.ErrorInfo{ Code: "auth-forbidden", @@ -266,7 +255,7 @@ func Update(input e.UpdateDto) (*d.Data, error) { pl.SetLogInfo(&event, input, "started", "update") mwRunner := newMiddlewareRunner(&event) - if !input.AuthInfo.IsReg() { + if !input.AuthInfo.IsReg() || !input.AuthInfo.IsSys() { event.Status = "failed" event.ErrInfo = pl.ErrorInfo{ Code: "auth-forbidden", From 569fb22080b4ac3a9f0118041ebe29079972a963 Mon Sep 17 00:00:00 2001 From: dpurbosakti Date: Mon, 8 Dec 2025 16:06:14 +0700 Subject: [PATCH 3/3] fix (patient): fix condition --- internal/use-case/main-use-case/patient/case.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/use-case/main-use-case/patient/case.go b/internal/use-case/main-use-case/patient/case.go index f82d114d..da636263 100644 --- a/internal/use-case/main-use-case/patient/case.go +++ b/internal/use-case/main-use-case/patient/case.go @@ -39,7 +39,7 @@ func Create(input e.CreateDto) (*d.Data, error) { pl.SetLogInfo(&event, input, "started", "create") mwRunner := newMiddlewareRunner(&event) - if !input.AuthInfo.IsReg() || !input.AuthInfo.IsSys() { + if !input.AuthInfo.IsReg() && !input.AuthInfo.IsSys() { event.Status = "failed" event.ErrInfo = pl.ErrorInfo{ Code: "auth-forbidden", @@ -255,7 +255,7 @@ func Update(input e.UpdateDto) (*d.Data, error) { pl.SetLogInfo(&event, input, "started", "update") mwRunner := newMiddlewareRunner(&event) - if !input.AuthInfo.IsReg() || !input.AuthInfo.IsSys() { + if !input.AuthInfo.IsReg() && !input.AuthInfo.IsSys() { event.Status = "failed" event.ErrInfo = pl.ErrorInfo{ Code: "auth-forbidden",