From 7a6d68b313e26ef6822a60cb9fc259fed272b83e Mon Sep 17 00:00:00 2001 From: hang <872297557@qq.com> Date: Wed, 25 May 2022 13:59:42 +0800 Subject: [PATCH] =?UTF-8?q?=E6=9D=83=E9=99=90=E4=BF=AE=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Authorization/AuthorizationPolicySetup.cs | 6 ++++++ IRaCIS.Core.Application/Auth/IRaCISPolicy.cs | 2 ++ IRaCIS.Core.Application/Service/Visit/SubjectService.cs | 6 +++++- 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/IRaCIS.Core.API/_ServiceExtensions/Authorization/AuthorizationPolicySetup.cs b/IRaCIS.Core.API/_ServiceExtensions/Authorization/AuthorizationPolicySetup.cs index 61c883e01..8031d15d7 100644 --- a/IRaCIS.Core.API/_ServiceExtensions/Authorization/AuthorizationPolicySetup.cs +++ b/IRaCIS.Core.API/_ServiceExtensions/Authorization/AuthorizationPolicySetup.cs @@ -35,6 +35,12 @@ namespace IRaCIS.Core.API policyBuilder.RequireClaim("userTypeEnumInt", ((int)UserTypeEnum.ProjectManager).ToString()); }); + + options.AddPolicy(IRaCISPolicy.PM_APM_CRC_QC, policyBuilder => + { + policyBuilder.RequireClaim("userTypeEnumInt", ((int)UserTypeEnum.ProjectManager).ToString(),((int)UserTypeEnum.ClinicalResearchCoordinator).ToString(), ((int)UserTypeEnum.APM).ToString(), ((int)UserTypeEnum.IQC).ToString()); + }); + //options.AddPolicy(IRaCISPolicy.PMAndAPM, policyBuilder => //{ // policyBuilder.RequireClaim("userTypeEnumInt", ((int)UserTypeEnum.ProjectManager).ToString(), ((int)UserTypeEnum.APM).ToString()); diff --git a/IRaCIS.Core.Application/Auth/IRaCISPolicy.cs b/IRaCIS.Core.Application/Auth/IRaCISPolicy.cs index 2950fd570..443f42494 100644 --- a/IRaCIS.Core.Application/Auth/IRaCISPolicy.cs +++ b/IRaCIS.Core.Application/Auth/IRaCISPolicy.cs @@ -22,6 +22,8 @@ namespace IRaCIS.Core.Application.Auth public const string IQC = "IQC"; + public const string PM_APM_CRC_QC = "PM_APM_CRC_QC"; + public const string SPMAndCPM = "SPMAndCPM"; } diff --git a/IRaCIS.Core.Application/Service/Visit/SubjectService.cs b/IRaCIS.Core.Application/Service/Visit/SubjectService.cs index 3cb3110d3..0fa201658 100644 --- a/IRaCIS.Core.Application/Service/Visit/SubjectService.cs +++ b/IRaCIS.Core.Application/Service/Visit/SubjectService.cs @@ -3,7 +3,8 @@ using IRaCIS.Application.Contracts; using IRaCIS.Core.Application.Filter; using IRaCIS.Core.Domain.Share; using Microsoft.AspNetCore.Mvc; - +using Microsoft.AspNetCore.Authorization; +using IRaCIS.Core.Application.Auth; namespace IRaCIS.Application.Services { @@ -27,6 +28,7 @@ namespace IRaCIS.Application.Services [TrialAudit(AuditType.SubjectAudit, AuditOptType.AddOrUpdateSubject)] [TypeFilter(typeof(TrialResourceFilter))] + [Authorize(Policy = IRaCISPolicy.PM_APM_CRC_QC)] public async Task> AddOrUpdateSubject([FromBody] SubjectCommand subjectCommand) { var svlist = new List(); @@ -89,6 +91,7 @@ namespace IRaCIS.Application.Services [HttpPut] [UnitOfWork] + [Authorize(Policy = IRaCISPolicy.PM_APM_CRC_QC)] public async Task UpdateSubjectStatus(SubjectStatusChangeCommand subjectStatusChangeCommand) { await _subjectRepository.UpdateFromDTOAsync(subjectStatusChangeCommand, true); @@ -99,6 +102,7 @@ namespace IRaCIS.Application.Services [HttpDelete("{trialId:guid}/{id:guid}")] [TypeFilter(typeof(TrialResourceFilter))] [UnitOfWork] + [Authorize(Policy = IRaCISPolicy.PM_APM_CRC)] public async Task DeleteSubject(Guid id) {