Showing the submit but only to creator or manager if rejected

2025-11-06 13:00:57 +05:30 · 2025-11-06 13:00:57 +05:30 · 1e7363ea2f
commit 1e7363ea2f
parent eb9fc5c72a
1 changed files with 39 additions and 5 deletions
--- a/Marco.Pms.Services/Service/ExpensesService.cs
+++ b/Marco.Pms.Services/Service/ExpensesService.cs
@ -341,7 +341,12 @@ namespace Marco.Pms.Services.Service
                        }
                        return ApiResponse<object>.ErrorResponse("Expense Not Found", "Expense Not Found", 404);
                    }
-                    expenseDetails = await GetAllExpnesRelatedTablesForSingle(expense, expense.TenantId);
+
+                    using var scope = _serviceScopeFactory.CreateScope();
+                    var permissionService = scope.ServiceProvider.GetRequiredService<PermissionServices>();
+                    var hasManagePermission = await permissionService.HasPermission(PermissionsMaster.ExpenseManage, loggedInEmployee.Id);
+
+                    expenseDetails = await GetAllExpnesRelatedTablesForSingle(expense, hasManagePermission, loggedInEmployee.Id, expense.TenantId);
                }
                var vm = _mapper.Map<ExpenseDetailsVM>(expenseDetails);

@ -1412,13 +1417,21 @@ namespace Marco.Pms.Services.Service
                    return await permissionService.HasPermission(PermissionsMaster.ExpenseProcess, loggedInEmployee.Id);
                });

-                await Task.WhenAll(hasViewSelfPermissionTask, hasViewAllPermissionTask, hasReviewPermissionTask, hasApprovePermissionTask, hasProcessPermissionTask);
+                var hasManagePermissionTask = Task.Run(async () =>
+                {
+                    using var scope = _serviceScopeFactory.CreateScope();
+                    var permissionService = scope.ServiceProvider.GetRequiredService<PermissionServices>();
+                    return await permissionService.HasPermission(PermissionsMaster.ExpenseManage, loggedInEmployee.Id);
+                });
+
+                await Task.WhenAll(hasViewSelfPermissionTask, hasViewAllPermissionTask, hasReviewPermissionTask, hasApprovePermissionTask, hasProcessPermissionTask, hasManagePermissionTask);

                bool hasViewSelfPermission = hasViewSelfPermissionTask.Result;
                bool hasViewAllPermission = hasViewAllPermissionTask.Result;
                bool hasReviewPermission = hasReviewPermissionTask.Result;
                bool hasApprovePermission = hasApprovePermissionTask.Result;
                bool hasProcessPermission = hasProcessPermissionTask.Result;
+                bool hasManagePermission = hasProcessPermissionTask.Result;

                // Deny access if user has no relevant permissions
                if (!hasViewSelfPermission && !hasViewAllPermission && !hasReviewPermission && !hasApprovePermission && !hasProcessPermission)
@ -1557,7 +1570,18 @@ namespace Marco.Pms.Services.Service
                //if (paymentRequest.RecurringPayment != null)
                //    response.RecurringPaymentUID = $"{paymentRequest.RecurringPayment.UIDPrefix}/{paymentRequest.RecurringPayment.UIDPostfix:D5}";
                response.Attachments = attachmentVMs;
-                response.NextStatus = nextStatuses;
+
+                // Assign nextStatuses only if:
+                // 1. The payment request was rejected by approver/reviewer AND the current user is the creator, OR
+                // 2. The payment request is in any other status (not rejected)
+                var isRejected = paymentRequest.ExpenseStatusId == RejectedByApprover
+                                 || paymentRequest.ExpenseStatusId == RejectedByReviewer;
+
+                if ((!isRejected) || (isRejected && (loggedInEmployee.Id == paymentRequest.CreatedById || hasManagePermission)))
+                {
+                    response.NextStatus = nextStatuses;
+                }
+
                response.UpdateLogs = updateLogs.Select(ul =>
                {
                    var statusVm = status.FirstOrDefault(es => es.Id == ul.StatusId);
@ -3238,7 +3262,7 @@ namespace Marco.Pms.Services.Service
                }
            };
        }
-        private async Task<ExpenseDetailsMongoDB> GetAllExpnesRelatedTablesForSingle(Expenses model, Guid tenantId)
+        private async Task<ExpenseDetailsMongoDB> GetAllExpnesRelatedTablesForSingle(Expenses model, bool hasManagePermission, Guid loggedInEmployeeId, Guid tenantId)
        {
            var statusMappingTask = Task.Run(async () =>
            {
@ -3308,7 +3332,17 @@ namespace Marco.Pms.Services.Service
            if (statusMapping != null)
            {
                response.Status = _mapper.Map<ExpensesStatusMasterMongoDB>(statusMapping.Status);
-                response.NextStatus = _mapper.Map<List<ExpensesStatusMasterMongoDB>>(statusMapping.NextStatus);
+
+                // Assign nextStatuses only if:
+                // 1. The expense was rejected by approver/reviewer AND the current user is the creator, OR
+                // 2. The expense is in any other status (not rejected)
+                var isRejected = model.StatusId == RejectedByApprover
+                                 || model.StatusId == RejectedByReviewer;
+
+                if ((!isRejected) || (isRejected && (loggedInEmployeeId == model.CreatedById || hasManagePermission)))
+                {
+                    response.NextStatus = _mapper.Map<List<ExpensesStatusMasterMongoDB>>(statusMapping.NextStatus);
+                }
            }
            if (response.Status == null)
            {