From 1939a63d9a9ed8314f9bf94a2a59ac615f34275b Mon Sep 17 00:00:00 2001
From: "ashutosh.nehete" <ashutosh.nehete@marcoaiot.com>
Date: Fri, 10 Oct 2025 17:05:43 +0530
Subject: [PATCH] Assigning the appilcation role to root employee of the any
 organization

---
 .../Controllers/OrganizationController.cs     | 130 +++++++++++++-----
 1 file changed, 95 insertions(+), 35 deletions(-)

diff --git a/Marco.Pms.Services/Controllers/OrganizationController.cs b/Marco.Pms.Services/Controllers/OrganizationController.cs
index c90a883..5b00634 100644
--- a/Marco.Pms.Services/Controllers/OrganizationController.cs
+++ b/Marco.Pms.Services/Controllers/OrganizationController.cs
@@ -9,6 +9,7 @@ using Marco.Pms.Model.ViewModels.Activities;
 using Marco.Pms.Model.ViewModels.Master;
 using Marco.Pms.Model.ViewModels.Organization;
 using Marco.Pms.Model.ViewModels.Projects;
+using Marco.Pms.Services.Helpers;
 using Marco.Pms.Services.Service;
 using MarcoBMS.Services.Helpers;
 using MarcoBMS.Services.Service;
@@ -30,6 +31,7 @@ namespace Marco.Pms.Services.Controllers
         private readonly UserHelper _userHelper;
         private readonly Guid tenantId;
         private readonly IMapper _mapper;
+        private readonly Guid loggedOrganizationId;
         private readonly ILoggingService _logger;
 
         private static readonly Guid PMCProvider = Guid.Parse("b1877a3b-8832-47b1-bbe3-dc7e98672f49");
@@ -47,6 +49,7 @@ namespace Marco.Pms.Services.Controllers
             _userHelper = userHelper ?? throw new ArgumentNullException(nameof(userHelper));
             _logger = logger ?? throw new ArgumentNullException(nameof(logger));
             _mapper = mapper ?? throw new ArgumentNullException(nameof(mapper));
+            loggedOrganizationId = _userHelper.GetCurrentOrganizationId();
             tenantId = userHelper.GetTenantId();
         }
         #region =================================================================== Get Functions ===================================================================
@@ -669,6 +672,8 @@ namespace Marco.Pms.Services.Controllers
                     Service = _mapper.Map<ServiceMasterVM>(s)
                 }).ToList();
 
+                await AssignApplicationRoleToOrganization(organization.Id, project.TenantId);
+
                 return Ok(ApiResponse<object>.SuccessResponse(response, "Organization successfully assigned to the project", 200));
             }
             catch (DbUpdateException dbEx)
@@ -745,6 +750,8 @@ namespace Marco.Pms.Services.Controllers
                 // Prepare response view model
                 var response = _mapper.Map<BasicOrganizationVm>(organization);
 
+                await AssignApplicationRoleToOrganization(organization.Id, tenantId);
+
                 return Ok(ApiResponse<object>.SuccessResponse(response, "Organization has been assigned to tenant", 200));
             }
             catch (DbUpdateException dbEx)
@@ -938,45 +945,98 @@ namespace Marco.Pms.Services.Controllers
         #endregion
 
         #region =================================================================== Helper Functions ===================================================================
-        //private ServicesProviderFilter? TryDeserializeServicesProviderFilter(string? filter)
-        //{
-        //    if (string.IsNullOrWhiteSpace(filter))
-        //    {
-        //        return null;
-        //    }
 
-        //    var options = new JsonSerializerOptions { PropertyNameCaseInsensitive = true };
-        //    ServicesProviderFilter? documentFilter = null;
+        private async Task AssignApplicationRoleToOrganization(Guid organizationId, Guid tenantId)
+        {
+            if (loggedOrganizationId == organizationId)
+            {
+                return;
+            }
+            await using var _context = await _dbContextFactory.CreateDbContextAsync();
+            using var scope = _serviceScope.CreateScope();
 
-        //    try
-        //    {
-        //        // First, try to deserialize directly. This is the expected case (e.g., from a web client).
-        //        documentFilter = JsonSerializer.Deserialize<ServicesProviderFilter>(filter, options);
-        //    }
-        //    catch (JsonException ex)
-        //    {
-        //        _logger.LogError(ex, "[{MethodName}] Failed to directly deserialize filter. Attempting to unescape and re-parse. Filter: {Filter}", nameof(TryDeserializeServicesProviderFilter), filter);
+            var rootEmployee = await _context.Employees
+                .Include(e => e.ApplicationUser)
+                .FirstOrDefaultAsync(e => e.ApplicationUser != null && e.ApplicationUser.IsRootUser.HasValue && e.ApplicationUser.IsRootUser.Value && e.OrganizationId == organizationId && e.IsPrimary);
+            if (rootEmployee == null)
+            {
+                return;
+            }
+            string serviceProviderRoleName = "Service Provider Role";
 
-        //        // If direct deserialization fails, it might be an escaped string (common with tools like Postman or some mobile clients).
-        //        try
-        //        {
-        //            // Unescape the string first, then deserialize the result.
-        //            string unescapedJsonString = JsonSerializer.Deserialize<string>(filter, options) ?? "";
-        //            if (!string.IsNullOrWhiteSpace(unescapedJsonString))
-        //            {
-        //                documentFilter = JsonSerializer.Deserialize<ServicesProviderFilter>(unescapedJsonString, options);
-        //            }
-        //        }
-        //        catch (JsonException ex1)
-        //        {
-        //            // If both attempts fail, log the final error and return null.
-        //            _logger.LogError(ex1, "[{MethodName}] All attempts to deserialize the filter failed. Filter will be ignored. Filter: {Filter}", nameof(TryDeserializeServicesProviderFilter), filter);
-        //            return null;
-        //        }
-        //    }
-        //    return documentFilter;
-        //}
+            var serviceProviderRole = await _context.ApplicationRoles.FirstOrDefaultAsync(ar => ar.Role == serviceProviderRoleName && ar.TenantId == tenantId);
+            if (serviceProviderRole == null)
+            {
+                serviceProviderRole = new Model.Roles.ApplicationRole
+                {
+                    Id = Guid.NewGuid(),
+                    Role = serviceProviderRoleName,
+                    Description = serviceProviderRoleName,
+                    IsSystem = true,
+                    TenantId = tenantId
+                };
+                _context.ApplicationRoles.Add(serviceProviderRole);
 
+                var rolePermissionMappigs = new List<RolePermissionMappings> {
+                        new RolePermissionMappings
+                        {
+                            ApplicationRoleId = serviceProviderRole.Id,
+                            FeaturePermissionId = PermissionsMaster.ViewProject
+                        },
+                        new RolePermissionMappings
+                        {
+                            ApplicationRoleId = serviceProviderRole.Id,
+                            FeaturePermissionId = PermissionsMaster.ViewProjectInfra
+                        },
+                        new RolePermissionMappings
+                        {
+                            ApplicationRoleId = serviceProviderRole.Id,
+                            FeaturePermissionId = PermissionsMaster.ViewTask
+                        },
+                        new RolePermissionMappings
+                        {
+                            ApplicationRoleId = serviceProviderRole.Id,
+                            FeaturePermissionId = PermissionsMaster.ViewAllEmployees
+                        },
+                        new RolePermissionMappings
+                        {
+                            ApplicationRoleId = serviceProviderRole.Id,
+                            FeaturePermissionId = PermissionsMaster.TeamAttendance
+                        },
+                        new RolePermissionMappings
+                        {
+                            ApplicationRoleId = serviceProviderRole.Id,
+                            FeaturePermissionId = PermissionsMaster.AssignRoles
+                        },
+                        new RolePermissionMappings
+                        {
+                            ApplicationRoleId = serviceProviderRole.Id,
+                            FeaturePermissionId = PermissionsMaster.ManageProjectInfra
+                        },
+                        new RolePermissionMappings
+                        {
+                            ApplicationRoleId = serviceProviderRole.Id,
+                            FeaturePermissionId = PermissionsMaster.AssignAndReportProgress
+                        },
+                        new RolePermissionMappings
+                        {
+                            ApplicationRoleId = serviceProviderRole.Id,
+                            FeaturePermissionId = PermissionsMaster.AddAndEditTask
+                        }
+                    };
+                _context.RolePermissionMappings.AddRange(rolePermissionMappigs);
+            }
+            _context.EmployeeRoleMappings.Add(new EmployeeRoleMapping
+            {
+                EmployeeId = rootEmployee.Id,
+                RoleId = serviceProviderRole.Id,
+                IsEnabled = true,
+                TenantId = tenantId
+            });
+
+            var _cache = scope.ServiceProvider.GetRequiredService<CacheUpdateHelper>();
+            await _cache.ClearAllPermissionIdsByEmployeeID(rootEmployee.Id, tenantId);
+        }
         #endregion
     }
 }