修改工作量和阅片人权限

IRaCIS.Core.Application/Auth/IRaCISPolicy.cs

@@ -12,7 +12,7 @@ namespace IRaCIS.Core.Application.Auth
     {
         public  const  string PM_APM = "PM_APM";
 
-        public const string PM_APM_CRC = "PM_APMAndCRC";
+        public const string PM_APM_CRC = "PM_APM_CRC";
 
         public const string CRC_IQC = "CRC_IQC";
 
@@ -24,6 +24,8 @@ namespace IRaCIS.Core.Application.Auth
 
         public const string IQC = "IQC";
 
+        public const string PM_APM_SPM_CPM = "PM_APM_SPM_CPM";
+
         public const string PM_APM_CRC_QC = "PM_APM_CRC_QC";
 
         public  const string SPM_CPM = "SPMAndCPM";

IRaCIS.Core.Application/Service/Visit/SubjectVisitService.cs

@@ -27,6 +27,7 @@ namespace IRaCIS.Core.Application.Services
         [HttpPost]
         [TypeFilter(typeof(TrialResourceFilter))]
         [UnitOfWork]
+        [Authorize(Policy = IRaCISPolicy.CRC)]
         public async Task<IResponseOutput<string>> AddOrUpdateSV(SubjectVisitCommand svCommand)
         {
 

IRaCIS.Core.Application/Service/WorkLoad/DoctorWorkloadService.cs

@@ -6,6 +6,8 @@ using IRaCIS.Core.Domain.Share;
 using System.Linq.Expressions;
 using IRaCIS.Core.Application.Filter;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Authorization;
+using IRaCIS.Core.Application.Auth;
 
 namespace IRaCIS.Application.Services
 {
@@ -50,6 +52,7 @@ namespace IRaCIS.Application.Services
         [HttpPost("{trialId}")]
 
         [TypeFilter(typeof(TrialResourceFilter))]
+        [Authorize(Policy = IRaCISPolicy.PM_APM)]
         public async Task<IResponseOutput> UploadReviewerAckSOW(Guid trialId,
             ReviewerAckDTO attachmentViewModel)
         {
@@ -79,6 +82,7 @@ namespace IRaCIS.Application.Services
         [HttpDelete, Route("{trialId}/{doctorId}/{attachmentId}")]
 
         [TypeFilter(typeof(TrialResourceFilter))]
+        [Authorize(Policy = IRaCISPolicy.PM_APM)]
         public async Task<IResponseOutput> DeleteReviewerAckSOW(Guid trialId, Guid doctorId, Guid attachmentId)
         {
             var success1 = await _attachmentRepository.BatchDeleteNoTrackingAsync(a => a.Id == attachmentId);
@@ -96,6 +100,7 @@ namespace IRaCIS.Application.Services
         /// <returns></returns>
         [HttpPost("{trialId}/{doctorId}/{type}")]
         [TypeFilter(typeof(TrialResourceFilter))]
+        [Authorize(Policy = IRaCISPolicy.PM_APM)]
         public async Task<IResponseOutput> UpdateReviewerReadingType(Guid trialId, Guid doctorId, int type)
         {
             var success2 = await _enrollRepository.BatchUpdateNoTrackingAsync(t => t.TrialId == trialId && t.DoctorId == doctorId, u =>
@@ -490,6 +495,7 @@ namespace IRaCIS.Application.Services
         /// <summary>
         /// 添加或更新工作量
         /// </summary>
+        [Authorize(Policy = IRaCISPolicy.PM_APM)]
         public async Task<IResponseOutput> AddOrUpdateWorkload(WorkloadCommand workLoadAddOrUpdateModel,
             Guid userId)
         {

IRaCIS.Core.Application/Service/WorkLoad/EnrollService.cs

@@ -4,6 +4,8 @@ using IRaCIS.Core.Domain.Share;
 using IRaCIS.Core.Application.Filter;
 using Microsoft.AspNetCore.Mvc;
 using IRaCIS.Core.Application.Service.WorkLoad.DTO;
+using Microsoft.AspNetCore.Authorization;
+using IRaCIS.Core.Application.Auth;
 
 namespace IRaCIS.Application.Services
 {
@@ -124,6 +126,7 @@ namespace IRaCIS.Application.Services
 
         [HttpPost("{trialId:guid}")]
         [TypeFilter(typeof(TrialResourceFilter))]
+        [Authorize(Policy = IRaCISPolicy.PM_APM_SPM_CPM)]
         public async Task<IResponseOutput> SelectReviewers(Guid trialId, Guid[] doctorIdArray)
         {
             var trial = await _trialRepository.FirstOrDefaultAsync(t => t.Id == trialId);
@@ -177,6 +180,7 @@ namespace IRaCIS.Application.Services
 
         [HttpPost("{trialId:guid}/{commitState:int}")]
         [TypeFilter(typeof(TrialResourceFilter))]
+        [Authorize(Policy = IRaCISPolicy.PM_APM_SPM_CPM)]
         public async Task<IResponseOutput> SubmitReviewer(Guid trialId, Guid[] doctorIdArray, int commitState)
         {
 
@@ -256,6 +260,7 @@ namespace IRaCIS.Application.Services
 
         [HttpPost("{trialId:guid}/{auditState:int}")]
         [TypeFilter(typeof(TrialResourceFilter))]
+        [Authorize(Policy = IRaCISPolicy.PM_APM_SPM_CPM)]
         public async Task<IResponseOutput> ApproveReviewer(Guid trialId, Guid[] doctorIdArray, int auditState)
         {
 
@@ -341,6 +346,7 @@ namespace IRaCIS.Application.Services
 
         [HttpPost("{trialId:guid}/{confirmState:int}")]
         [TypeFilter(typeof(TrialResourceFilter))]
+        [Authorize(Policy = IRaCISPolicy.PM_APM_SPM_CPM)]
         public async Task<IResponseOutput> ConfirmReviewer(Guid trialId, Guid[] doctorIdArray, int confirmState)
         {
             //var trial = _trialRepository.FirstOrDefault(t => t.Id == trialId);
@@ -413,6 +419,7 @@ namespace IRaCIS.Application.Services
         /// <returns></returns>
         [HttpPost("{trialId:guid}/{doctorId:guid}/{optType:int}")]
         [TypeFilter(typeof(TrialResourceFilter))]
+        [Authorize(Policy = IRaCISPolicy.PM_APM_SPM_CPM)]
         public async Task<IResponseOutput> EnrollBackOrOut(Guid trialId, Guid doctorId, int optType, DateTime? outEnrollTime)
         {
             var intoGroupItem = await _enrollRepository.FirstOrDefaultAsync(t => t.TrialId == trialId && t.DoctorId == doctorId);