admin/marco.pms.api
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Merge branch 'main' of https://git.marcoaiot.com/admin/marco.pms.api into Ashutosh_Subscription_Plan

Browse Source
This commit is contained in:
ashutosh.nehete 2025-09-18 12:01:57 +05:30
commit 2039d84918
6 changed files with 183 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Marco.Pms.Services/Controllers/EmployeeController.cs
View File

@ -148,12 +148,13 @@ namespace MarcoBMS.Services.Controllers
.Distinct() .Distinct()
.ToListAsync(); .ToListAsync();
result = await _context.Employees var employees = await _context.Employees
.Include(fp => fp.JobRole) .Include(fp => fp.JobRole)
.Where(e => employeeIds.Contains(e.Id) && e.IsActive && e.TenantId == tenantId) .Where(e => employeeIds.Contains(e.Id) && e.JobRole != null && e.IsActive && e.TenantId == tenantId)
.Select(e => e.ToEmployeeVMFromEmployee()) .Distinct()
.Distinct() .ToListAsync();
.ToListAsync();
result = employees.Select(e => e.ToEmployeeVMFromEmployee()).ToList();
_logger.LogInfo("Employee list fetched using limited access (active only)."); _logger.LogInfo("Employee list fetched using limited access (active only).");
} }

7
Marco.Pms.Services/Controllers/ProjectController.cs
View File

@ -470,6 +470,13 @@ namespace MarcoBMS.Services.Controllers
var response = await _projectServices.GetAssignedProjectLevelPermissionAsync(employeeId, projectId, tenantId, loggedInEmployee); var response = await _projectServices.GetAssignedProjectLevelPermissionAsync(employeeId, projectId, tenantId, loggedInEmployee);
return StatusCode(response.StatusCode, response); return StatusCode(response.StatusCode, response);
} }
[HttpGet("get/all/project-level-permission/{projectId}")]
public async Task<IActionResult> GetAllPermissionFroProject(Guid projectId)
{
Employee loggedInEmployee = await _userHelper.GetCurrentEmployeeAsync();
var response = await _projectServices.GetAllPermissionFroProjectAsync(projectId, loggedInEmployee, tenantId);
return StatusCode(response.StatusCode, response);
}
[HttpGet("get/proejct-level/modules")] [HttpGet("get/proejct-level/modules")]
public async Task<IActionResult> AssignProjectLevelModules() public async Task<IActionResult> AssignProjectLevelModules()
{ {

6
Marco.Pms.Services/Helpers/EmployeeHelper.cs
View File

@ -85,12 +85,12 @@ namespace MarcoBMS.Services.Helpers
.Distinct() .Distinct()
.ToListAsync(); .ToListAsync();
result = await _context.Employees var employees = await _context.Employees
.Include(fp => fp.JobRole) .Include(fp => fp.JobRole)
.Where(e => employeeIds.Contains(e.Id) && e.IsActive && e.TenantId == tenantId) .Where(e => employeeIds.Contains(e.Id) && e.JobRole != null && e.IsActive && e.TenantId == tenantId)
.Select(e => e.ToEmployeeVMFromEmployee())
.Distinct() .Distinct()
.ToListAsync(); .ToListAsync();
result = employees.Select(e => e.ToEmployeeVMFromEmployee()).ToList();
} }
else if (ShowInActive) else if (ShowInActive)

1
Marco.Pms.Services/Service/PermissionServices.cs
View File

@ -88,7 +88,6 @@ namespace Marco.Pms.Services.Service
{ {
Guid.Parse("53176ebf-c75d-42e5-839f-4508ffac3def"), Guid.Parse("53176ebf-c75d-42e5-839f-4508ffac3def"),
Guid.Parse("9d4b5489-2079-40b9-bd77-6e1bf90bc19f"), Guid.Parse("9d4b5489-2079-40b9-bd77-6e1bf90bc19f"),
Guid.Parse("81ab8a87-8ccd-4015-a917-0627cee6a100"),
Guid.Parse("52c9cf54-1eb2-44d2-81bb-524cf29c0a94"), Guid.Parse("52c9cf54-1eb2-44d2-81bb-524cf29c0a94"),
Guid.Parse("a8cf4331-8f04-4961-8360-a3f7c3cc7462") Guid.Parse("a8cf4331-8f04-4961-8360-a3f7c3cc7462")
}; };

219
Marco.Pms.Services/Service/ProjectServices.cs
View File

@ -16,6 +16,7 @@ using Marco.Pms.Model.ViewModels.Master;
using Marco.Pms.Model.ViewModels.Projects; using Marco.Pms.Model.ViewModels.Projects;
using Marco.Pms.Services.Helpers; using Marco.Pms.Services.Helpers;
using Marco.Pms.Services.Service.ServiceInterfaces; using Marco.Pms.Services.Service.ServiceInterfaces;
using MarcoBMS.Services.Helpers;
using MarcoBMS.Services.Service; using MarcoBMS.Services.Service;
using Microsoft.CodeAnalysis; using Microsoft.CodeAnalysis;
using Microsoft.EntityFrameworkCore; using Microsoft.EntityFrameworkCore;
@ -28,26 +29,23 @@ namespace Marco.Pms.Services.Service
private readonly IDbContextFactory<ApplicationDbContext> _dbContextFactory; private readonly IDbContextFactory<ApplicationDbContext> _dbContextFactory;
private readonly ApplicationDbContext _context; // Keeping this for direct scoped context use where appropriate private readonly ApplicationDbContext _context; // Keeping this for direct scoped context use where appropriate
private readonly ILoggingService _logger; private readonly ILoggingService _logger;
private readonly PermissionServices _permission;
private readonly CacheUpdateHelper _cache; private readonly CacheUpdateHelper _cache;
private readonly IMapper _mapper; private readonly IMapper _mapper;
private readonly GeneralHelper _generalHelper; private readonly IServiceScopeFactory _serviceScopeFactory;
public ProjectServices( public ProjectServices(
IDbContextFactory<ApplicationDbContext> dbContextFactory, IDbContextFactory<ApplicationDbContext> dbContextFactory,
ApplicationDbContext context, ApplicationDbContext context,
ILoggingService logger, ILoggingService logger,
PermissionServices permission, IServiceScopeFactory serviceScopeFactory,
CacheUpdateHelper cache, CacheUpdateHelper cache,
IMapper mapper, IMapper mapper)
GeneralHelper generalHelper)
{ {
_dbContextFactory = dbContextFactory ?? throw new ArgumentNullException(nameof(dbContextFactory)); _dbContextFactory = dbContextFactory ?? throw new ArgumentNullException(nameof(dbContextFactory));
_serviceScopeFactory = serviceScopeFactory ?? throw new ArgumentNullException(nameof(serviceScopeFactory));
_context = context ?? throw new ArgumentNullException(nameof(context)); _context = context ?? throw new ArgumentNullException(nameof(context));
_logger = logger ?? throw new ArgumentNullException(nameof(logger)); _logger = logger ?? throw new ArgumentNullException(nameof(logger));
_permission = permission ?? throw new ArgumentNullException(nameof(permission));
_cache = cache ?? throw new ArgumentNullException(nameof(cache)); _cache = cache ?? throw new ArgumentNullException(nameof(cache));
_mapper = mapper ?? throw new ArgumentNullException(nameof(mapper)); _mapper = mapper ?? throw new ArgumentNullException(nameof(mapper));
_generalHelper = generalHelper ?? throw new ArgumentNullException(nameof(generalHelper));
} }
#region =================================================================== Project Get APIs =================================================================== #region =================================================================== Project Get APIs ===================================================================
@ -87,7 +85,6 @@ namespace Marco.Pms.Services.Service
return ApiResponse<object>.ErrorResponse("An internal server error occurred. Please try again later.", null, 500); return ApiResponse<object>.ErrorResponse("An internal server error occurred. Please try again later.", null, 500);
} }
} }
public async Task<ApiResponse<object>> GetAllProjectsAsync(Guid tenantId, Employee loggedInEmployee) public async Task<ApiResponse<object>> GetAllProjectsAsync(Guid tenantId, Employee loggedInEmployee)
{ {
try try
@ -146,11 +143,12 @@ namespace Marco.Pms.Services.Service
return ApiResponse<object>.ErrorResponse("An internal server error occurred. Please try again later.", null, 500); return ApiResponse<object>.ErrorResponse("An internal server error occurred. Please try again later.", null, 500);
} }
} }
public async Task<ApiResponse<object>> GetProjectAsync(Guid id, Guid tenantId, Employee loggedInEmployee) public async Task<ApiResponse<object>> GetProjectAsync(Guid id, Guid tenantId, Employee loggedInEmployee)
{ {
try try
{ {
using var scope = _serviceScopeFactory.CreateScope();
var _permission = scope.ServiceProvider.GetRequiredService<PermissionServices>();
// --- Step 1: Run independent operations in PARALLEL --- // --- Step 1: Run independent operations in PARALLEL ---
// We can check permissions and fetch data at the same time to reduce latency. // We can check permissions and fetch data at the same time to reduce latency.
var permissionTask = _permission.HasProjectPermission(loggedInEmployee, id); var permissionTask = _permission.HasProjectPermission(loggedInEmployee, id);
@ -190,13 +188,15 @@ namespace Marco.Pms.Services.Service
return ApiResponse<object>.ErrorResponse("An internal server error occurred.", null, 500); return ApiResponse<object>.ErrorResponse("An internal server error occurred.", null, 500);
} }
} }
public async Task<ApiResponse<object>> GetProjectDetailsAsync(Guid id, Guid tenantId, Employee loggedInEmployee) public async Task<ApiResponse<object>> GetProjectDetailsAsync(Guid id, Guid tenantId, Employee loggedInEmployee)
{ {
try try
{ {
_logger.LogInfo("Details requested by EmployeeId: {EmployeeId} for ProjectId: {ProjectId}", loggedInEmployee.Id, id); _logger.LogInfo("Details requested by EmployeeId: {EmployeeId} for ProjectId: {ProjectId}", loggedInEmployee.Id, id);
using var scope = _serviceScopeFactory.CreateScope();
var _permission = scope.ServiceProvider.GetRequiredService<PermissionServices>();
// Step 1: Check global view project permission // Step 1: Check global view project permission
var hasViewProjectPermission = await _permission.HasPermission(PermissionsMaster.ViewProject, loggedInEmployee.Id, id); var hasViewProjectPermission = await _permission.HasPermission(PermissionsMaster.ViewProject, loggedInEmployee.Id, id);
if (!hasViewProjectPermission) if (!hasViewProjectPermission)
@ -252,7 +252,6 @@ namespace Marco.Pms.Services.Service
return ApiResponse<object>.ErrorResponse("An internal server error occurred. Please try again later.", null, 500); return ApiResponse<object>.ErrorResponse("An internal server error occurred. Please try again later.", null, 500);
} }
} }
public async Task<ApiResponse<object>> GetProjectDetailsOldAsync(Guid id, Guid tenantId, Employee loggedInEmployee) public async Task<ApiResponse<object>> GetProjectDetailsOldAsync(Guid id, Guid tenantId, Employee loggedInEmployee)
{ {
var project = await _context.Projects var project = await _context.Projects
@ -401,6 +400,8 @@ namespace Marco.Pms.Services.Service
{ {
try try
{ {
using var scope = _serviceScopeFactory.CreateScope();
var _permission = scope.ServiceProvider.GetRequiredService<PermissionServices>();
// --- Step 1: Fetch the Existing Entity from the Database --- // --- Step 1: Fetch the Existing Entity from the Database ---
// This is crucial to avoid the data loss bug. We only want to modify an existing record. // This is crucial to avoid the data loss bug. We only want to modify an existing record.
var existingProject = await _context.Projects var existingProject = await _context.Projects
@ -489,6 +490,9 @@ namespace Marco.Pms.Services.Service
try try
{ {
using var scope = _serviceScopeFactory.CreateScope();
var _permission = scope.ServiceProvider.GetRequiredService<PermissionServices>();
// --- CRITICAL: Security Check --- // --- CRITICAL: Security Check ---
// Before fetching data, you MUST verify the user has permission to see it. // Before fetching data, you MUST verify the user has permission to see it.
// This is a placeholder for your actual permission logic. // This is a placeholder for your actual permission logic.
@ -559,6 +563,9 @@ namespace Marco.Pms.Services.Service
try try
{ {
using var scope = _serviceScopeFactory.CreateScope();
var _permission = scope.ServiceProvider.GetRequiredService<PermissionServices>();
// --- Step 2: Security and Existence Checks --- // --- Step 2: Security and Existence Checks ---
// Before fetching data, you MUST verify the user has permission to see it. // Before fetching data, you MUST verify the user has permission to see it.
// This is a placeholder for your actual permission logic. // This is a placeholder for your actual permission logic.
@ -627,6 +634,9 @@ namespace Marco.Pms.Services.Service
_logger.LogInfo("Starting to manage {AllocationCount} allocations for user {UserId}.", allocationsDto.Count, loggedInEmployee.Id); _logger.LogInfo("Starting to manage {AllocationCount} allocations for user {UserId}.", allocationsDto.Count, loggedInEmployee.Id);
using var scope = _serviceScopeFactory.CreateScope();
var _permission = scope.ServiceProvider.GetRequiredService<PermissionServices>();
// --- (Placeholder) Security Check --- // --- (Placeholder) Security Check ---
// In a real application, you would check if the loggedInEmployee has permission // In a real application, you would check if the loggedInEmployee has permission
// to manage allocations for ALL projects involved in this batch. // to manage allocations for ALL projects involved in this batch.
@ -735,6 +745,9 @@ namespace Marco.Pms.Services.Service
try try
{ {
using var scope = _serviceScopeFactory.CreateScope();
var _permission = scope.ServiceProvider.GetRequiredService<PermissionServices>();
// --- Step 2: Clarified Security Check --- // --- Step 2: Clarified Security Check ---
// The permission should be about viewing another employee's assignments, not a generic "Manage Team". // The permission should be about viewing another employee's assignments, not a generic "Manage Team".
// This is a placeholder for your actual, more specific permission logic. // This is a placeholder for your actual, more specific permission logic.
@ -808,6 +821,9 @@ namespace Marco.Pms.Services.Service
_logger.LogInfo("Starting to manage {AllocationCount} project assignments for Employee {EmployeeId}.", allocationsDto.Count, employeeId); _logger.LogInfo("Starting to manage {AllocationCount} project assignments for Employee {EmployeeId}.", allocationsDto.Count, employeeId);
using var scope = _serviceScopeFactory.CreateScope();
var _permission = scope.ServiceProvider.GetRequiredService<PermissionServices>();
// --- (Placeholder) Security Check --- // --- (Placeholder) Security Check ---
// You MUST verify that the loggedInEmployee has permission to modify the assignments for the target employeeId. // You MUST verify that the loggedInEmployee has permission to modify the assignments for the target employeeId.
var hasPermission = await _permission.HasPermission(PermissionsMaster.ManageTeam, loggedInEmployee.Id); var hasPermission = await _permission.HasPermission(PermissionsMaster.ManageTeam, loggedInEmployee.Id);
@ -977,18 +993,37 @@ namespace Marco.Pms.Services.Service
try try
{ {
using var scope = _serviceScopeFactory.CreateScope();
var _permission = scope.ServiceProvider.GetRequiredService<PermissionServices>();
var _generalHelper = scope.ServiceProvider.GetRequiredService<GeneralHelper>();
// --- Step 1: Run independent permission checks in PARALLEL --- // --- Step 1: Run independent permission checks in PARALLEL ---
var projectPermissionTask = _permission.HasProjectPermission(loggedInEmployee, projectId); var projectPermissionTask = _permission.HasProjectPermission(loggedInEmployee, projectId);
var viewInfraPermissionTask = _permission.HasPermission(PermissionsMaster.ViewProjectInfra, loggedInEmployee.Id, projectId); var viewInfraPermissionTask = Task.Run(async () =>
{
using var newScope = _serviceScopeFactory.CreateScope();
var permission = newScope.ServiceProvider.GetRequiredService<PermissionServices>();
return await permission.HasPermission(PermissionsMaster.ViewProjectInfra, loggedInEmployee.Id, projectId);
});
var manageInfraPermissionTask = Task.Run(async () =>
{
using var newScope = _serviceScopeFactory.CreateScope();
var permission = newScope.ServiceProvider.GetRequiredService<PermissionServices>();
return await permission.HasPermission(PermissionsMaster.ManageProjectInfra, loggedInEmployee.Id, projectId);
});
await Task.WhenAll(projectPermissionTask, viewInfraPermissionTask); await Task.WhenAll(projectPermissionTask, viewInfraPermissionTask, manageInfraPermissionTask);
if (!await projectPermissionTask) var hasProjectPermission = projectPermissionTask.Result;
var hasViewInfraPermission = viewInfraPermissionTask.Result;
var hasManageInfraPermission = manageInfraPermissionTask.Result;
if (!hasProjectPermission)
{ {
_logger.LogWarning("Project access denied for EmployeeId: {EmployeeId} on ProjectId: {ProjectId}", loggedInEmployee.Id, projectId); _logger.LogWarning("Project access denied for EmployeeId: {EmployeeId} on ProjectId: {ProjectId}", loggedInEmployee.Id, projectId);
return ApiResponse<object>.ErrorResponse("Access denied", "You don't have access to this project", 403); return ApiResponse<object>.ErrorResponse("Access denied", "You don't have access to this project", 403);
} }
if (!await viewInfraPermissionTask) if (!hasViewInfraPermission && !hasManageInfraPermission)
{ {
_logger.LogWarning("ViewInfra permission denied for EmployeeId: {EmployeeId}", loggedInEmployee.Id); _logger.LogWarning("ViewInfra permission denied for EmployeeId: {EmployeeId}", loggedInEmployee.Id);
return ApiResponse<object>.ErrorResponse("Access denied", "You don't have access to view this project's infrastructure", 403); return ApiResponse<object>.ErrorResponse("Access denied", "You don't have access to view this project's infrastructure", 403);
@ -1033,6 +1068,9 @@ namespace Marco.Pms.Services.Service
try try
{ {
using var scope = _serviceScopeFactory.CreateScope();
var _permission = scope.ServiceProvider.GetRequiredService<PermissionServices>();
var _generalHelper = scope.ServiceProvider.GetRequiredService<GeneralHelper>();
// --- Step 1: Cache-First Strategy --- // --- Step 1: Cache-First Strategy ---
var cachedWorkItems = await _cache.GetWorkItemDetailsByWorkArea(workAreaId); var cachedWorkItems = await _cache.GetWorkItemDetailsByWorkArea(workAreaId);
if (cachedWorkItems != null) if (cachedWorkItems != null)
@ -1268,6 +1306,9 @@ namespace Marco.Pms.Services.Service
{ {
_logger.LogInfo("CreateProjectTask called with {Count} items by user {UserId}", workItemDtos?.Count ?? 0, loggedInEmployee.Id); _logger.LogInfo("CreateProjectTask called with {Count} items by user {UserId}", workItemDtos?.Count ?? 0, loggedInEmployee.Id);
using var scope = _serviceScopeFactory.CreateScope();
var _permission = scope.ServiceProvider.GetRequiredService<PermissionServices>();
// --- Step 1: Input Validation --- // --- Step 1: Input Validation ---
if (workItemDtos == null || !workItemDtos.Any()) if (workItemDtos == null || !workItemDtos.Any())
{ {
@ -1382,7 +1423,6 @@ namespace Marco.Pms.Services.Service
return ApiResponse<List<WorkItemVM>>.SuccessResponse(responseList, message, 200); return ApiResponse<List<WorkItemVM>>.SuccessResponse(responseList, message, 200);
} }
public async Task<ServiceResponse> DeleteProjectTaskAsync(Guid id, Guid tenantId, Employee loggedInEmployee) public async Task<ServiceResponse> DeleteProjectTaskAsync(Guid id, Guid tenantId, Employee loggedInEmployee)
{ {
// 1. Fetch the task and its parent data in a single query. // 1. Fetch the task and its parent data in a single query.
@ -1483,6 +1523,9 @@ namespace Marco.Pms.Services.Service
_logger.LogInfo("ManageProjectLevelPermissionAsync started for EmployeeId: {EmployeeId}, ProjectId: {ProjectId}, TenantId: {TenantId}", _logger.LogInfo("ManageProjectLevelPermissionAsync started for EmployeeId: {EmployeeId}, ProjectId: {ProjectId}, TenantId: {TenantId}",
model.EmployeeId, model.ProjectId, tenantId); model.EmployeeId, model.ProjectId, tenantId);
using var scope = _serviceScopeFactory.CreateScope();
var _permission = scope.ServiceProvider.GetRequiredService<PermissionServices>();
var hasTeamPermission = await _permission.HasPermission(PermissionsMaster.ManageTeam, loggedInEmployee.Id, model.ProjectId); var hasTeamPermission = await _permission.HasPermission(PermissionsMaster.ManageTeam, loggedInEmployee.Id, model.ProjectId);
if (!hasTeamPermission) if (!hasTeamPermission)
{ {
@ -1621,31 +1664,30 @@ namespace Marco.Pms.Services.Service
employeeId, projectId, tenantId, loggedInEmployee.Id); employeeId, projectId, tenantId, loggedInEmployee.Id);
// Query the database for relevant project-level permission mappings // Query the database for relevant project-level permission mappings
var permissionMappings = await _context.ProjectLevelPermissionMappings var employeeTask = Task.Run(async () =>
.Include(p => p.Employee)
.ThenInclude(e => e!.JobRole)
.Include(p => p.Project)
.Include(p => p.Permission)
.ThenInclude(fp => fp!.Feature)
.AsNoTracking()
.Where(p => p.EmployeeId == employeeId
&& p.ProjectId == projectId
&& p.TenantId == tenantId)
.ToListAsync();
if (permissionMappings == null || !permissionMappings.Any())
{ {
_logger.LogWarning("No project-level permissions found for EmployeeId: {EmployeeId}, ProjectId: {ProjectId}, TenantId: {TenantId}", await using var context = await _dbContextFactory.CreateDbContextAsync();
employeeId, projectId, tenantId); return await context.Employees.FirstOrDefaultAsync(e => e.Id == employeeId);
return ApiResponse<object>.ErrorResponse("Project-Level Permissions not found", "Project-Level Permissions not found in database", 404); });
} var projectTask = Task.Run(async () =>
{
await using var context = await _dbContextFactory.CreateDbContextAsync();
return await context.Projects.FirstOrDefaultAsync(p => p.Id == projectId && p.TenantId == tenantId);
});
var permissionIdsTask = Task.Run(async () =>
{
return await GetPermissionIdsByProject(projectId, employeeId, tenantId);
});
// Map the employee, project, and permissions. await Task.WhenAll(employeeTask, projectTask, permissionIdsTask);
var employee = _mapper.Map<BasicEmployeeVM>(permissionMappings.First().Employee);
var project = _mapper.Map<BasicProjectVM>(permissionMappings.First().Project); var employee = employeeTask.Result;
var permissions = permissionMappings var project = projectTask.Result;
.Select(p => _mapper.Map<FeaturePermissionVM>(p.Permission)) var permissionIds = permissionIdsTask.Result;
.ToList();
var permissions = await _context.FeaturePermissions
.Include(fp => fp.Feature)
.Where(fp => permissionIds.Contains(fp.Id)).ToListAsync();
if (employee == null) if (employee == null)
{ {
@ -1658,12 +1700,26 @@ namespace Marco.Pms.Services.Service
return ApiResponse<object>.ErrorResponse("Project not found", "Project not found in database", 404); return ApiResponse<object>.ErrorResponse("Project not found", "Project not found in database", 404);
} }
if (permissions == null || !permissions.Any())
{
_logger.LogWarning("No project-level permissions found for EmployeeId: {EmployeeId}, ProjectId: {ProjectId}, TenantId: {TenantId}",
employeeId, projectId, tenantId);
return ApiResponse<object>.ErrorResponse("Project-Level Permissions not found", "Project-Level Permissions not found in database", 404);
}
// Map the employee, project, and permissions.
var employeeVm = _mapper.Map<BasicEmployeeVM>(employee);
var projectVm = _mapper.Map<BasicProjectVM>(project);
var permissionVms = permissions
.Select(p => _mapper.Map<FeaturePermissionVM>(p))
.ToList();
// Prepare the result object. // Prepare the result object.
var result = new var result = new
{ {
Employee = employee, Employee = employeeVm,
Project = project, Project = projectVm,
Permissions = permissions Permissions = permissionVms
}; };
_logger.LogInfo("Project-level permissions fetched successfully for EmployeeId: {EmployeeId}, ProjectId: {ProjectId}, TenantId: {TenantId}", _logger.LogInfo("Project-level permissions fetched successfully for EmployeeId: {EmployeeId}, ProjectId: {ProjectId}, TenantId: {TenantId}",
@ -1688,7 +1744,6 @@ namespace Marco.Pms.Services.Service
{ {
Guid.Parse("53176ebf-c75d-42e5-839f-4508ffac3def"), Guid.Parse("53176ebf-c75d-42e5-839f-4508ffac3def"),
Guid.Parse("9d4b5489-2079-40b9-bd77-6e1bf90bc19f"), Guid.Parse("9d4b5489-2079-40b9-bd77-6e1bf90bc19f"),
Guid.Parse("81ab8a87-8ccd-4015-a917-0627cee6a100"),
Guid.Parse("52c9cf54-1eb2-44d2-81bb-524cf29c0a94"), Guid.Parse("52c9cf54-1eb2-44d2-81bb-524cf29c0a94"),
Guid.Parse("a8cf4331-8f04-4961-8360-a3f7c3cc7462") Guid.Parse("a8cf4331-8f04-4961-8360-a3f7c3cc7462")
}; };
@ -1768,6 +1823,11 @@ namespace Marco.Pms.Services.Service
return ApiResponse<object>.ErrorResponse("An error occurred while retrieving employees with project-level permissions.", 500); return ApiResponse<object>.ErrorResponse("An error occurred while retrieving employees with project-level permissions.", 500);
} }
} }
public async Task<ApiResponse<object>> GetAllPermissionFroProjectAsync(Guid projectId, Employee loggedInEmployee, Guid tenantId)
{
var featurePermissionIds = await GetPermissionIdsByProject(projectId, loggedInEmployee.Id, tenantId);
return ApiResponse<object>.SuccessResponse(featurePermissionIds, "Successfully featched the permission ids", 200);
}
#endregion #endregion
#region =================================================================== Helper Functions =================================================================== #region =================================================================== Helper Functions ===================================================================
@ -1777,13 +1837,11 @@ namespace Marco.Pms.Services.Service
List<Project> alloc = await _context.Projects.Where(c => c.TenantId == tanentId).ToListAsync(); List<Project> alloc = await _context.Projects.Where(c => c.TenantId == tanentId).ToListAsync();
return alloc; return alloc;
} }
public async Task<List<ProjectAllocation>> GetProjectByEmployeeID(Guid employeeId) public async Task<List<ProjectAllocation>> GetProjectByEmployeeID(Guid employeeId)
{ {
List<ProjectAllocation> alloc = await _context.ProjectAllocations.Where(c => c.EmployeeId == employeeId && c.IsActive == true).Include(c => c.Project).ToListAsync(); List<ProjectAllocation> alloc = await _context.ProjectAllocations.Where(c => c.EmployeeId == employeeId && c.IsActive == true).Include(c => c.Project).ToListAsync();
return alloc; return alloc;
} }
public async Task<List<ProjectAllocation>> GetTeamByProject(Guid TenantId, Guid ProjectId, bool IncludeInactive) public async Task<List<ProjectAllocation>> GetTeamByProject(Guid TenantId, Guid ProjectId, bool IncludeInactive)
{ {
if (IncludeInactive) if (IncludeInactive)
@ -1800,9 +1858,11 @@ namespace Marco.Pms.Services.Service
return employees; return employees;
} }
} }
public async Task<List<Guid>> GetMyProjects(Guid tenantId, Employee LoggedInEmployee) public async Task<List<Guid>> GetMyProjects(Guid tenantId, Employee LoggedInEmployee)
{ {
using var scope = _serviceScopeFactory.CreateScope();
var _permission = scope.ServiceProvider.GetRequiredService<PermissionServices>();
var projectIds = await _cache.GetProjects(LoggedInEmployee.Id); var projectIds = await _cache.GetProjects(LoggedInEmployee.Id);
if (projectIds == null) if (projectIds == null)
@ -1826,9 +1886,11 @@ namespace Marco.Pms.Services.Service
} }
return projectIds; return projectIds;
} }
public async Task<List<Guid>> GetMyProjectIdsAsync(Guid tenantId, Employee loggedInEmployee) public async Task<List<Guid>> GetMyProjectIdsAsync(Guid tenantId, Employee loggedInEmployee)
{ {
using var scope = _serviceScopeFactory.CreateScope();
var _permission = scope.ServiceProvider.GetRequiredService<PermissionServices>();
// 1. Attempt to retrieve the list of project IDs from the cache first. // 1. Attempt to retrieve the list of project IDs from the cache first.
// This is the "happy path" and should be as fast as possible. // This is the "happy path" and should be as fast as possible.
List<Guid>? projectIds = await _cache.GetProjects(loggedInEmployee.Id); List<Guid>? projectIds = await _cache.GetProjects(loggedInEmployee.Id);
@ -1875,7 +1937,6 @@ namespace Marco.Pms.Services.Service
return newProjectIds; return newProjectIds;
} }
/// <summary> /// <summary>
/// Retrieves a list of ProjectInfoVMs by their IDs, using an efficient partial cache-hit strategy. /// Retrieves a list of ProjectInfoVMs by their IDs, using an efficient partial cache-hit strategy.
/// It fetches what it can from the cache (as ProjectMongoDB), gets the rest from the /// It fetches what it can from the cache (as ProjectMongoDB), gets the rest from the
@ -1926,7 +1987,6 @@ namespace Marco.Pms.Services.Service
return finalViewModels; return finalViewModels;
} }
private async Task<ProjectDetailsVM> GetProjectViewModel(Guid? id, Project project) private async Task<ProjectDetailsVM> GetProjectViewModel(Guid? id, Project project)
{ {
ProjectDetailsVM vm = new ProjectDetailsVM(); ProjectDetailsVM vm = new ProjectDetailsVM();
@ -2076,7 +2136,6 @@ namespace Marco.Pms.Services.Service
// Map from the database entity to the response ViewModel. // Map from the database entity to the response ViewModel.
return dbProject; return dbProject;
} }
private async Task UpdateCacheInBackground(Project project) private async Task UpdateCacheInBackground(Project project)
{ {
try try
@ -2094,7 +2153,6 @@ namespace Marco.Pms.Services.Service
_logger.LogError(ex, "Background cache update failed for project {ProjectId} ", project.Id); _logger.LogError(ex, "Background cache update failed for project {ProjectId} ", project.Id);
} }
} }
private async Task UpdateCacheAndNotify(Dictionary<Guid, (double Planned, double Completed)> workDelta, List<WorkItem> affectedItems) private async Task UpdateCacheAndNotify(Dictionary<Guid, (double Planned, double Completed)> workDelta, List<WorkItem> affectedItems)
{ {
try try
@ -2116,7 +2174,6 @@ namespace Marco.Pms.Services.Service
_logger.LogError(ex, "An error occurred during background cache update/notification."); _logger.LogError(ex, "An error occurred during background cache update/notification.");
} }
} }
private void ProcessBuilding(BuildingDto dto, Guid tenantId, InfraVM responseData, List<string> messages, ISet<Guid> projectIds, List<Task> cacheTasks) private void ProcessBuilding(BuildingDto dto, Guid tenantId, InfraVM responseData, List<string> messages, ISet<Guid> projectIds, List<Task> cacheTasks)
{ {
Building building = _mapper.Map<Building>(dto); Building building = _mapper.Map<Building>(dto);
@ -2139,7 +2196,6 @@ namespace Marco.Pms.Services.Service
responseData.building = building; responseData.building = building;
projectIds.Add(building.ProjectId); projectIds.Add(building.ProjectId);
} }
private void ProcessFloor(FloorDto dto, Guid tenantId, InfraVM responseData, List<string> messages, ISet<Guid> projectIds, List<Task> cacheTasks, IDictionary<Guid, Building> buildings) private void ProcessFloor(FloorDto dto, Guid tenantId, InfraVM responseData, List<string> messages, ISet<Guid> projectIds, List<Task> cacheTasks, IDictionary<Guid, Building> buildings)
{ {
Floor floor = _mapper.Map<Floor>(dto); Floor floor = _mapper.Map<Floor>(dto);
@ -2165,7 +2221,6 @@ namespace Marco.Pms.Services.Service
responseData.floor = floor; responseData.floor = floor;
if (parentBuilding != null) projectIds.Add(parentBuilding.ProjectId); if (parentBuilding != null) projectIds.Add(parentBuilding.ProjectId);
} }
private void ProcessWorkArea(WorkAreaDto dto, Guid tenantId, InfraVM responseData, List<string> messages, ISet<Guid> projectIds, List<Task> cacheTasks, IDictionary<Guid, Floor> floors) private void ProcessWorkArea(WorkAreaDto dto, Guid tenantId, InfraVM responseData, List<string> messages, ISet<Guid> projectIds, List<Task> cacheTasks, IDictionary<Guid, Floor> floors)
{ {
WorkArea workArea = _mapper.Map<WorkArea>(dto); WorkArea workArea = _mapper.Map<WorkArea>(dto);
@ -2192,6 +2247,62 @@ namespace Marco.Pms.Services.Service
responseData.workArea = workArea; responseData.workArea = workArea;
if (parentBuilding != null) projectIds.Add(parentBuilding.ProjectId); if (parentBuilding != null) projectIds.Add(parentBuilding.ProjectId);
} }
private async Task<List<Guid>> GetPermissionIdsByProject(Guid projectId, Guid EmployeeId, Guid tenantId)
{
await using var context = await _dbContextFactory.CreateDbContextAsync();
using var scope = _serviceScopeFactory.CreateScope();
var _rolesHelper = scope.ServiceProvider.GetRequiredService<RolesHelper>();
// 1. Try fetching permissions from cache (fast-path lookup).
var featurePermissionIds = await _cache.GetPermissions(EmployeeId);
// If not found in cache, fallback to database (slower).
if (featurePermissionIds == null)
{
var featurePermissions = await _rolesHelper.GetFeaturePermissionByEmployeeId(EmployeeId);
featurePermissionIds = featurePermissions.Select(fp => fp.Id).ToList();
}
// 2. Handle project-level permission overrides if a project is specified.
if (projectId != Guid.Empty)
{
// Fetch permissions explicitly assigned to this employee in the project.
var projectLevelPermissionIds = await context.ProjectLevelPermissionMappings
.Where(pl => pl.ProjectId == projectId && pl.EmployeeId == EmployeeId && pl.TenantId == tenantId)
.Select(pl => pl.PermissionId)
.ToListAsync();
if (projectLevelPermissionIds?.Any() ?? false)
{
// Define modules where project-level overrides apply.
var projectLevelModuleIds = new HashSet<Guid>
{
Guid.Parse("53176ebf-c75d-42e5-839f-4508ffac3def"),
Guid.Parse("9d4b5489-2079-40b9-bd77-6e1bf90bc19f"),
Guid.Parse("52c9cf54-1eb2-44d2-81bb-524cf29c0a94"),
Guid.Parse("a8cf4331-8f04-4961-8360-a3f7c3cc7462")
};
// Get all feature permissions under those modules where the user didn't have explicit project-level grants.
var allOverriddenPermissions = await context.FeaturePermissions
.Where(fp => projectLevelModuleIds.Contains(fp.FeatureId) &&
!projectLevelPermissionIds.Contains(fp.Id))
.Select(fp => fp.Id)
.ToListAsync();
// Apply overrides:
// - Remove global permissions overridden by project-level rules.
// - Add explicit project-level permissions.
featurePermissionIds = featurePermissionIds
.Except(allOverriddenPermissions) // Remove overridden
.Concat(projectLevelPermissionIds) // Add project-level
.Distinct() // Ensure no duplicates
.ToList();
}
}
return featurePermissionIds;
}
#endregion #endregion
} }

1
Marco.Pms.Services/Service/ServiceInterfaces/IProjectServices.cs
View File

@ -40,6 +40,7 @@ namespace Marco.Pms.Services.Service.ServiceInterfaces
Task<ApiResponse<object>> GetAssignedProjectLevelPermissionAsync(Guid employeeId, Guid projectId, Guid tenantId, Employee loggedInEmployee); Task<ApiResponse<object>> GetAssignedProjectLevelPermissionAsync(Guid employeeId, Guid projectId, Guid tenantId, Employee loggedInEmployee);
Task<ApiResponse<object>> AssignProjectLevelModulesAsync(Guid tenantId, Employee loggedInEmployee); Task<ApiResponse<object>> AssignProjectLevelModulesAsync(Guid tenantId, Employee loggedInEmployee);
Task<ApiResponse<object>> GetEmployeeToWhomProjectLevelAssignedAsync(Guid projectId, Guid tenantId, Employee loggedInEmployee); Task<ApiResponse<object>> GetEmployeeToWhomProjectLevelAssignedAsync(Guid projectId, Guid tenantId, Employee loggedInEmployee);
Task<ApiResponse<object>> GetAllPermissionFroProjectAsync(Guid projectId, Employee loggedInEmployee, Guid tenantId);
} }
} }