package com.nebula.erp.sales.utility; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.http.*; import org.springframework.stereotype.Component; import org.springframework.web.client.RestTemplate; import java.util.List; import java.util.Map; import java.util.stream.Collectors; @Component public class PermissionHelper { @Autowired private RestTemplate restTemplate; @Value("${user.permission}") private String permissionApiUrl; @Autowired private JwtRequestUtils jwtRequestUtils; public boolean hasPermission(String requiredPermission) { String userId = jwtRequestUtils.getUserId(); String permissionUrl = permissionApiUrl + userId; HttpHeaders authHeader = jwtRequestUtils.getAuthorizationHeaders(); HttpEntity entity = new HttpEntity<>(authHeader); ResponseEntity permissionApiResponse = restTemplate.exchange(permissionUrl, HttpMethod.GET, entity, Map.class); if (permissionApiResponse.getStatusCode() == HttpStatus.OK) { Map responseBody = permissionApiResponse.getBody(); List> rolesList = (List>) responseBody.get("data"); // Exclude permission check if user role is EHRNAdmin boolean hasEHRNAdmin = rolesList.stream() .anyMatch(role -> "EHRNAdmin".equals(role.get("roleName"))); if(hasEHRNAdmin){ return true; } // Extract and flatten all permissions List userPermissions = rolesList.stream() .filter(role -> role.containsKey("permissions")) // Ensure role contains permissions .flatMap(role -> ((List) role.get("permissions")).stream()) // Extract permissions .distinct() // Remove duplicates .collect(Collectors.toList()); return userPermissions.contains(requiredPermission); } return false; } }