diff --git a/IRaCIS.Core.API/_ServiceExtensions/Authorization/AuthorizationPolicySetup.cs b/IRaCIS.Core.API/_ServiceExtensions/Authorization/AuthorizationPolicySetup.cs
index f26461f27..58d42d596 100644
--- a/IRaCIS.Core.API/_ServiceExtensions/Authorization/AuthorizationPolicySetup.cs
+++ b/IRaCIS.Core.API/_ServiceExtensions/Authorization/AuthorizationPolicySetup.cs
@@ -24,6 +24,11 @@ namespace IRaCIS.Core.API
});
+ options.AddPolicy("PmAndApmPolicy", policyBuilder =>
+ {
+ policyBuilder.RequireClaim("userTypeEnumInt", ((int)UserTypeEnum.ProjectManager).ToString(), ((int)UserTypeEnum.APM).ToString());
+ });
+
});
diff --git a/IRaCIS.Core.Application/Service/QC/QCOperationService.cs b/IRaCIS.Core.Application/Service/QC/QCOperationService.cs
index 3e9cb5042..932d13e00 100644
--- a/IRaCIS.Core.Application/Service/QC/QCOperationService.cs
+++ b/IRaCIS.Core.Application/Service/QC/QCOperationService.cs
@@ -143,10 +143,6 @@ namespace IRaCIS.Core.Application.Image.QA
///
/// 关闭质疑,什么情况下允许?
///
- ///
- ///
- ///
- ///
///
[HttpPut]
[TypeFilter(typeof(TrialResourceFilter))]
@@ -337,12 +333,13 @@ namespace IRaCIS.Core.Application.Image.QA
///
[HttpPut("{trialId:guid}")]
[TypeFilter(typeof(TrialResourceFilter))]
+ [Authorize(Policy = "PmAndApmPolicy")]
public async Task SetCheckPass(SetCheckPassDt data)
{
- if (_userInfo.UserTypeEnumInt != (int)UserTypeEnum.ProjectManager && _userInfo.UserTypeEnumInt != (int)UserTypeEnum.APM)
- {
- ResponseOutput.NotOk("您不是PM/APM,不允许设置一致性核查通过");
- }
+ //if (_userInfo.UserTypeEnumInt != (int)UserTypeEnum.ProjectManager && _userInfo.UserTypeEnumInt != (int)UserTypeEnum.APM)
+ //{
+ // ResponseOutput.NotOk("您不是PM/APM,不允许设置一致性核查通过");
+ //}
var sv = (await _subjectVisitRepository.FirstOrDefaultAsync(t => t.Id == data.Id)).IfNullThrowException();
@@ -415,12 +412,13 @@ namespace IRaCIS.Core.Application.Image.QA
}
[HttpPut("{trialId:guid}/{subjectVisitId:guid}")]
+ [Authorize(Policy = "PmAndApmPolicy")]
public async Task RejectCheckBack(Guid subjectVisitId)
{
- if (_userInfo.UserTypeEnumInt != (int)UserTypeEnum.ProjectManager && _userInfo.UserTypeEnumInt != (int)UserTypeEnum.APM)
- {
- return ResponseOutput.NotOk(" 只有PM/APM具有操作权限!");
- }
+ //if (_userInfo.UserTypeEnumInt != (int)UserTypeEnum.ProjectManager && _userInfo.UserTypeEnumInt != (int)UserTypeEnum.APM)
+ //{
+ // return ResponseOutput.NotOk(" 只有PM/APM具有操作权限!");
+ //}
var sv = (await _subjectVisitRepository.FirstOrDefaultAsync(t => t.Id == subjectVisitId)).IfNullThrowException();
@@ -446,13 +444,14 @@ namespace IRaCIS.Core.Application.Image.QA
///
[HttpPut("{trialId:guid}/{subjectVisitId:guid}")]
[TypeFilter(typeof(TrialResourceFilter))]
+ [Authorize(Policy = "PmAndApmPolicy")]
[UnitOfWork]
public async Task CheckBack(Guid subjectVisitId)
{
- if (_userInfo.UserTypeEnumInt != (int)UserTypeEnum.ProjectManager && _userInfo.UserTypeEnumInt != (int)UserTypeEnum.APM)
- {
- return ResponseOutput.NotOk("只有PM/APM具有操作权限!");
- }
+ //if (_userInfo.UserTypeEnumInt != (int)UserTypeEnum.ProjectManager && _userInfo.UserTypeEnumInt != (int)UserTypeEnum.APM)
+ //{
+ // return ResponseOutput.NotOk("只有PM/APM具有操作权限!");
+ //}
var sv = (await _subjectVisitRepository.FirstOrDefaultAsync(t => t.Id == subjectVisitId)).IfNullThrowException();
@@ -519,12 +518,13 @@ namespace IRaCIS.Core.Application.Image.QA
///
[HttpPost("{trialId:guid}")]
[TypeFilter(typeof(TrialResourceFilter))]
+ [Authorize(Policy = "PmAndApmPolicy")]
public async Task UploadVisitCheckExcel(IFormFile file, Guid trialId)
{
- if (_userInfo.UserTypeEnumInt != (int)UserTypeEnum.ProjectManager && _userInfo.UserTypeEnumInt != (int)UserTypeEnum.APM)
- {
- return ResponseOutput.NotOk("只有PM/APM具有操作权限!");
- }
+ //if (_userInfo.UserTypeEnumInt != (int)UserTypeEnum.ProjectManager && _userInfo.UserTypeEnumInt != (int)UserTypeEnum.APM)
+ //{
+ // return ResponseOutput.NotOk("只有PM/APM具有操作权限!");
+ //}
var rootPath = Directory.GetParent(_hostEnvironment.ContentRootPath.TrimEnd('\\')).IfNullThrowException().FullName;