admin/marco.pms.api
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Added the permission check in note create API

Browse Source
This commit is contained in:
ashutosh.nehete 2025-09-30 12:34:58 +05:30
parent 0df13975a7
commit 1e1fe6692d
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Marco.Pms.Services/Service/DirectoryService.cs
View File

@ -956,10 +956,14 @@ namespace Marco.Pms.Services.Service
try try
{ {
var contact = _mapper.Map<Contact>(createContact); var contact = _mapper.Map<Contact>(createContact);
if (string.IsNullOrWhiteSpace(createContact.Name)) if (string.IsNullOrWhiteSpace(createContact.Description))
{ {
contact.Description = string.Empty; contact.Description = string.Empty;
} }
if (string.IsNullOrWhiteSpace(createContact.Designation))
{
contact.Designation = string.Empty;
}
contact.CreatedAt = DateTime.UtcNow; contact.CreatedAt = DateTime.UtcNow;
contact.CreatedById = loggedInEmployeeId; contact.CreatedById = loggedInEmployeeId;
contact.TenantId = tenantId; contact.TenantId = tenantId;
@ -2031,9 +2035,11 @@ namespace Marco.Pms.Services.Service
try try
{ {
var bucketIds = await _context.ContactBucketMappings.Where(cb => cb.ContactId == noteDto.ContactId).Select(cb => cb.BucketId).ToListAsync(); var (hasAdminPermission, hasManagerPermission, hasUserPermission) = await CheckPermissionsAsync(loggedInEmployee.Id);
var hasContactAccess = await _context.EmployeeBucketMappings.AnyAsync(eb => bucketIds.Contains(eb.BucketId) && eb.EmployeeId == loggedInEmployee.Id);
if (!hasContactAccess) var bucketIds = await _context.ContactBucketMappings.AsNoTracking().Where(cb => cb.ContactId == noteDto.ContactId).Select(cb => cb.BucketId).ToListAsync();
var hasContactAccess = await _context.EmployeeBucketMappings.AsNoTracking().AnyAsync(eb => bucketIds.Contains(eb.BucketId) && eb.EmployeeId == loggedInEmployee.Id);
if (!hasAdminPermission && !hasContactAccess)
{ {
_logger.LogWarning("Employee {EmployeeId} does not have permission to delete contact {ContactId}", _logger.LogWarning("Employee {EmployeeId} does not have permission to delete contact {ContactId}",
loggedInEmployee.Id, noteDto.ContactId); loggedInEmployee.Id, noteDto.ContactId);