From 040e7df32b7b78c4f74b548e05aedf5522f4ca44 Mon Sep 17 00:00:00 2001 From: "ashutosh.nehete" Date: Wed, 1 Oct 2025 10:32:04 +0530 Subject: [PATCH] Removed the permission check from project details API --- .../Dtos/Projects/UpdateProjectDto.cs | 4 +- Marco.Pms.Services/Service/ProjectServices.cs | 45 +++++++++++-------- 2 files changed, 28 insertions(+), 21 deletions(-) diff --git a/Marco.Pms.Model/Dtos/Projects/UpdateProjectDto.cs b/Marco.Pms.Model/Dtos/Projects/UpdateProjectDto.cs index 56c6e9f..a371be0 100644 --- a/Marco.Pms.Model/Dtos/Projects/UpdateProjectDto.cs +++ b/Marco.Pms.Model/Dtos/Projects/UpdateProjectDto.cs @@ -27,7 +27,7 @@ namespace Marco.Pms.Model.Dtos.Project [DisplayName("Project Status")] [Required(ErrorMessage = "Project Status is required!")] public required Guid ProjectStatusId { get; set; } - public required Guid PromoterId { get; set; } - public required Guid PMCId { get; set; } + public Guid? PromoterId { get; set; } + public Guid? PMCId { get; set; } } } diff --git a/Marco.Pms.Services/Service/ProjectServices.cs b/Marco.Pms.Services/Service/ProjectServices.cs index 8e75670..3bc14c4 100644 --- a/Marco.Pms.Services/Service/ProjectServices.cs +++ b/Marco.Pms.Services/Service/ProjectServices.cs @@ -201,21 +201,21 @@ namespace Marco.Pms.Services.Service using var scope = _serviceScopeFactory.CreateScope(); var _permission = scope.ServiceProvider.GetRequiredService(); - // Step 1: Check global view project permission - var hasViewProjectPermission = await _permission.HasPermission(PermissionsMaster.ViewProject, loggedInEmployee.Id, id); - if (!hasViewProjectPermission) - { - _logger.LogWarning("ViewProjects permission denied for EmployeeId: {EmployeeId}", loggedInEmployee.Id); - return ApiResponse.ErrorResponse("Access denied", "You don't have permission to view projects", 403); - } + //// Step 1: Check global view project permission + //var hasViewProjectPermission = await _permission.HasPermission(PermissionsMaster.ViewProject, loggedInEmployee.Id, id); + //if (!hasViewProjectPermission) + //{ + // _logger.LogWarning("ViewProjects permission denied for EmployeeId: {EmployeeId}", loggedInEmployee.Id); + // return ApiResponse.ErrorResponse("Access denied", "You don't have permission to view projects", 403); + //} - // Step 2: Check permission for this specific project - var hasProjectPermission = await _permission.HasProjectPermission(loggedInEmployee, id); - if (!hasProjectPermission) - { - _logger.LogWarning("Project-specific access denied. EmployeeId: {EmployeeId}, ProjectId: {ProjectId}", loggedInEmployee.Id, id); - return ApiResponse.ErrorResponse("Access denied", "You don't have access to this project", 403); - } + //// Step 2: Check permission for this specific project + //var hasProjectPermission = await _permission.HasProjectPermission(loggedInEmployee, id); + //if (!hasProjectPermission) + //{ + // _logger.LogWarning("Project-specific access denied. EmployeeId: {EmployeeId}, ProjectId: {ProjectId}", loggedInEmployee.Id, id); + // return ApiResponse.ErrorResponse("Access denied", "You don't have access to this project", 403); + //} // Step 3: Fetch project with status var projectDetails = await _cache.GetProjectDetails(id); @@ -481,6 +481,7 @@ namespace Marco.Pms.Services.Service // --- Step 1: Fetch the Existing Entity from the Database --- // This is crucial to avoid the data loss bug. We only want to modify an existing record. var existingProject = await _context.Projects + .AsNoTracking() .Where(p => p.Id == id && p.TenantId == tenantId) .SingleOrDefaultAsync(); @@ -501,17 +502,20 @@ namespace Marco.Pms.Services.Service return ApiResponse.ErrorResponse("Access Denied", "You do not have permission to update a project for this tenant.", 403); } + var promoterId = model.PromoterId ?? loggedInEmployee.OrganizationId; + var pmcId = model.PMCId ?? loggedInEmployee.OrganizationId; + // 1bb. Concurrent validation for Promoter and PMC organization existence. // Run database queries in parallel for better performance. var promoterTask = Task.Run(async () => { await using var context = await _dbContextFactory.CreateDbContextAsync(); - return await context.Organizations.FirstOrDefaultAsync(o => o.Id == model.PromoterId); + return await context.Organizations.FirstOrDefaultAsync(o => o.Id == promoterId); }); var pmcTask = Task.Run(async () => { await using var context = await _dbContextFactory.CreateDbContextAsync(); - return await context.Organizations.FirstOrDefaultAsync(o => o.Id == model.PMCId); + return await context.Organizations.FirstOrDefaultAsync(o => o.Id == pmcId); }); await Task.WhenAll(promoterTask, pmcTask); @@ -521,12 +525,12 @@ namespace Marco.Pms.Services.Service if (promoter == null) { - _logger.LogWarning("Promoter check failed. PromoterId={PromoterId} not found.", model.PromoterId); + _logger.LogWarning("Promoter check failed. PromoterId={PromoterId} not found.", promoterId); return ApiResponse.ErrorResponse("Promoter not found", "Promoter not found in database.", 404); } if (pmc == null) { - _logger.LogWarning("PMC check failed. PMCId={PMCId} not found.", model.PMCId); + _logger.LogWarning("PMC check failed. PMCId={PMCId} not found.", pmcId); return ApiResponse.ErrorResponse("PMC not found", "PMC not found in database.", 404); } @@ -543,8 +547,11 @@ namespace Marco.Pms.Services.Service // This only modifies the properties defined in the mapping, preventing data loss. _mapper.Map(model, existingProject); + existingProject.PromoterId = promoterId; + existingProject.PMCId = pmcId; + // Mark the entity as modified (if your mapping doesn't do it automatically). - _context.Entry(existingProject).State = EntityState.Modified; + _context.Projects.Update(existingProject); try {