Added all Feature permission in static file and use that static file to check the permission

This commit is contained in:
ashutosh.nehete 2025-07-08 16:07:27 +05:30
parent 5c1dcd89b5
commit 2304912bf8
6 changed files with 34 additions and 30 deletions

View File

@ -5,6 +5,24 @@
public static readonly Guid DirectoryAdmin = Guid.Parse("4286a13b-bb40-4879-8c6d-18e9e393beda"); public static readonly Guid DirectoryAdmin = Guid.Parse("4286a13b-bb40-4879-8c6d-18e9e393beda");
public static readonly Guid DirectoryManager = Guid.Parse("62668630-13ce-4f52-a0f0-db38af2230c5"); public static readonly Guid DirectoryManager = Guid.Parse("62668630-13ce-4f52-a0f0-db38af2230c5");
public static readonly Guid DirectoryUser = Guid.Parse("0f919170-92d4-4337-abd3-49b66fc871bb"); public static readonly Guid DirectoryUser = Guid.Parse("0f919170-92d4-4337-abd3-49b66fc871bb");
public static readonly Guid ViewProject = Guid.Parse("6ea44136-987e-44ba-9e5d-1cf8f5837ebc");
public static readonly Guid ManageProject = Guid.Parse("172fc9b6-755b-4f62-ab26-55c34a330614");
public static readonly Guid ManageTeam = Guid.Parse("b94802ce-0689-4643-9e1d-11c86950c35b");
public static readonly Guid ViewProjectInfra = Guid.Parse("8d7cc6e3-9147-41f7-aaa7-fa507e450bd4");
public static readonly Guid ManageProjectInfra = Guid.Parse("cf2825ad-453b-46aa-91d9-27c124d63373");
public static readonly Guid ViewTask = Guid.Parse("9fcc5f87-25e3-4846-90ac-67a71ab92e3c");
public static readonly Guid AddAndEditTask = Guid.Parse("08752f33-3b29-4816-b76b-ea8a968ed3c5");
public static readonly Guid AssignAndReportProgress = Guid.Parse("6a32379b-8b3f-49a6-8c48-4b7ac1b55dc2");
public static readonly Guid ApproveTask = Guid.Parse("db4e40c5-2ba9-4b6d-b8a6-a16a250ff99c");
public static readonly Guid ViewAllEmployees = Guid.Parse("60611762-7f8a-4fb5-b53f-b1139918796b");
public static readonly Guid ViewTeamMembers = Guid.Parse("b82d2b7e-0d52-45f3-997b-c008ea460e7f");
public static readonly Guid AddAndEditEmployee = Guid.Parse("a97d366a-c2bb-448d-be93-402bd2324566");
public static readonly Guid AssignRoles = Guid.Parse("fbd213e0-0250-46f1-9f5f-4b2a1e6e76a3");
public static readonly Guid TeamAttendance = Guid.Parse("915e6bff-65f6-4e3f-aea8-3fd217d3ea9e");
public static readonly Guid RegularizeAttendance = Guid.Parse("57802c4a-00aa-4a1f-a048-fd2f70dd44b6");
public static readonly Guid SelfAttendance = Guid.Parse("ccb0589f-712b-43de-92ed-5b6088e7dc4e");
public static readonly Guid ViewMasters = Guid.Parse("5ffbafe0-7ab0-48b1-bb50-c1bf76b65f9d");
public static readonly Guid ManageMasters = Guid.Parse("588a8824-f924-4955-82d8-fc51956cf323");
}
}
}
}

View File

@ -38,8 +38,6 @@ namespace MarcoBMS.Services.Controllers
private readonly IHubContext<MarcoHub> _signalR; private readonly IHubContext<MarcoHub> _signalR;
private readonly PermissionServices _permission; private readonly PermissionServices _permission;
private readonly ProjectsHelper _projectsHelper; private readonly ProjectsHelper _projectsHelper;
private readonly Guid ViewAllEmployees;
private readonly Guid ViewTeamMembers;
private readonly Guid tenantId; private readonly Guid tenantId;
@ -56,8 +54,6 @@ namespace MarcoBMS.Services.Controllers
_logger = logger; _logger = logger;
_signalR = signalR; _signalR = signalR;
_permission = permission; _permission = permission;
ViewAllEmployees = Guid.Parse("60611762-7f8a-4fb5-b53f-b1139918796b");
ViewTeamMembers = Guid.Parse("b82d2b7e-0d52-45f3-997b-c008ea460e7f");
_projectsHelper = projectsHelper; _projectsHelper = projectsHelper;
tenantId = _userHelper.GetTenantId(); tenantId = _userHelper.GetTenantId();
} }
@ -126,8 +122,8 @@ namespace MarcoBMS.Services.Controllers
List<Project> projects = await _projectsHelper.GetMyProjects(tenantId, loggedInEmployee); List<Project> projects = await _projectsHelper.GetMyProjects(tenantId, loggedInEmployee);
var projectIds = projects.Select(p => p.Id).ToList(); var projectIds = projects.Select(p => p.Id).ToList();
var hasViewAllEmployeesPermission = await _permission.HasPermission(ViewAllEmployees, loggedInEmployee.Id); var hasViewAllEmployeesPermission = await _permission.HasPermission(PermissionsMaster.ViewAllEmployees, loggedInEmployee.Id);
var hasViewTeamMembersPermission = await _permission.HasPermission(ViewTeamMembers, loggedInEmployee.Id); var hasViewTeamMembersPermission = await _permission.HasPermission(PermissionsMaster.ViewTeamMembers, loggedInEmployee.Id);
List<EmployeeVM> result = new(); List<EmployeeVM> result = new();

View File

@ -31,8 +31,6 @@ namespace MarcoBMS.Services.Controllers
private readonly ILoggingService _logger; private readonly ILoggingService _logger;
private readonly IHubContext<MarcoHub> _signalR; private readonly IHubContext<MarcoHub> _signalR;
private readonly PermissionServices _permissionServices; private readonly PermissionServices _permissionServices;
private readonly Guid Approve_Task;
private readonly Guid Assign_Report_Task;
public TaskController(ApplicationDbContext context, UserHelper userHelper, S3UploadService s3Service, ILoggingService logger, PermissionServices permissionServices, public TaskController(ApplicationDbContext context, UserHelper userHelper, S3UploadService s3Service, ILoggingService logger, PermissionServices permissionServices,
IHubContext<MarcoHub> signalR) IHubContext<MarcoHub> signalR)
@ -43,8 +41,6 @@ namespace MarcoBMS.Services.Controllers
_logger = logger; _logger = logger;
_signalR = signalR; _signalR = signalR;
_permissionServices = permissionServices; _permissionServices = permissionServices;
Approve_Task = Guid.Parse("db4e40c5-2ba9-4b6d-b8a6-a16a250ff99c");
Assign_Report_Task = Guid.Parse("6a32379b-8b3f-49a6-8c48-4b7ac1b55dc2");
} }
private Guid GetTenantId() private Guid GetTenantId()
@ -72,7 +68,7 @@ namespace MarcoBMS.Services.Controllers
var employee = await _userHelper.GetCurrentEmployeeAsync(); var employee = await _userHelper.GetCurrentEmployeeAsync();
// Check for permission to approve tasks // Check for permission to approve tasks
var hasPermission = await _permissionServices.HasPermission(Assign_Report_Task, employee.Id); var hasPermission = await _permissionServices.HasPermission(PermissionsMaster.AssignAndReportProgress, employee.Id);
if (!hasPermission) if (!hasPermission)
{ {
_logger.LogWarning("Employee {EmployeeId} attempted to assign Task without permission", employee.Id); _logger.LogWarning("Employee {EmployeeId} attempted to assign Task without permission", employee.Id);
@ -136,7 +132,7 @@ namespace MarcoBMS.Services.Controllers
var tenantId = GetTenantId(); var tenantId = GetTenantId();
var loggedInEmployee = await _userHelper.GetCurrentEmployeeAsync(); var loggedInEmployee = await _userHelper.GetCurrentEmployeeAsync();
var hasPermission = await _permissionServices.HasPermission(Assign_Report_Task, loggedInEmployee.Id); var hasPermission = await _permissionServices.HasPermission(PermissionsMaster.AssignAndReportProgress, loggedInEmployee.Id);
if (!hasPermission) if (!hasPermission)
{ {
_logger.LogWarning("Unauthorized task report attempt by Employee {EmployeeId} for Task {TaskId}", loggedInEmployee.Id, reportTask.Id); _logger.LogWarning("Unauthorized task report attempt by Employee {EmployeeId} for Task {TaskId}", loggedInEmployee.Id, reportTask.Id);
@ -701,7 +697,7 @@ namespace MarcoBMS.Services.Controllers
} }
// Check for permission to approve tasks // Check for permission to approve tasks
var hasPermission = await _permissionServices.HasPermission(Approve_Task, loggedInEmployee.Id); var hasPermission = await _permissionServices.HasPermission(PermissionsMaster.ApproveTask, loggedInEmployee.Id);
if (!hasPermission) if (!hasPermission)
{ {
_logger.LogWarning("Employee {EmployeeId} attempted to approve Task {TaskId} without permission", loggedInEmployee.Id, approveTask.Id); _logger.LogWarning("Employee {EmployeeId} attempted to approve Task {TaskId} without permission", loggedInEmployee.Id, approveTask.Id);

View File

@ -54,7 +54,8 @@ namespace MarcoBMS.Services.Controllers
string[] projectsId = []; string[] projectsId = [];
/* User with permission manage project can see all projects */ /* User with permission manage project can see all projects */
if (featurePermission != null && featurePermission.Exists(c => c.Id.ToString() == "172fc9b6-755b-4f62-ab26-55c34a330614")) { if (featurePermission != null && featurePermission.Exists(c => c.Id.ToString() == "172fc9b6-755b-4f62-ab26-55c34a330614"))
{
List<Project> projects = await _projectsHelper.GetAllProjectByTanentID(emp.TenantId); List<Project> projects = await _projectsHelper.GetAllProjectByTanentID(emp.TenantId);
projectsId = projects.Select(c => c.Id.ToString()).ToArray(); projectsId = projects.Select(c => c.Id.ToString()).ToArray();
} }

View File

@ -2,6 +2,7 @@
using Marco.Pms.Model.Directory; using Marco.Pms.Model.Directory;
using Marco.Pms.Model.Dtos.Master; using Marco.Pms.Model.Dtos.Master;
using Marco.Pms.Model.Employees; using Marco.Pms.Model.Employees;
using Marco.Pms.Model.Entitlements;
using Marco.Pms.Model.Mapper; using Marco.Pms.Model.Mapper;
using Marco.Pms.Model.Master; using Marco.Pms.Model.Master;
using Marco.Pms.Model.Utilities; using Marco.Pms.Model.Utilities;
@ -19,8 +20,6 @@ namespace Marco.Pms.Services.Helpers
private readonly ILoggingService _logger; private readonly ILoggingService _logger;
private readonly UserHelper _userHelper; private readonly UserHelper _userHelper;
private readonly PermissionServices _permissionService; private readonly PermissionServices _permissionService;
private readonly Guid View_Master;
private readonly Guid Manage_Master;
public MasterHelper(ApplicationDbContext context, ILoggingService logger, UserHelper userHelper, PermissionServices permissionServices) public MasterHelper(ApplicationDbContext context, ILoggingService logger, UserHelper userHelper, PermissionServices permissionServices)
@ -29,8 +28,6 @@ namespace Marco.Pms.Services.Helpers
_logger = logger; _logger = logger;
_userHelper = userHelper; _userHelper = userHelper;
_permissionService = permissionServices; _permissionService = permissionServices;
View_Master = Guid.Parse("5ffbafe0-7ab0-48b1-bb50-c1bf76b65f9d");
Manage_Master = Guid.Parse("588a8824-f924-4955-82d8-fc51956cf323");
} }
// -------------------------------- Contact Category -------------------------------- // -------------------------------- Contact Category --------------------------------
public async Task<ApiResponse<object>> CreateContactCategory(CreateContactCategoryDto contactCategoryDto) public async Task<ApiResponse<object>> CreateContactCategory(CreateContactCategoryDto contactCategoryDto)
@ -267,7 +264,7 @@ namespace Marco.Pms.Services.Helpers
var loggedInEmployee = await _userHelper.GetCurrentEmployeeAsync(); var loggedInEmployee = await _userHelper.GetCurrentEmployeeAsync();
// Step 2: Check permission to view master data // Step 2: Check permission to view master data
bool hasViewPermission = await _permissionService.HasPermission(View_Master, loggedInEmployee.Id); bool hasViewPermission = await _permissionService.HasPermission(PermissionsMaster.ViewMasters, loggedInEmployee.Id);
if (!hasViewPermission) if (!hasViewPermission)
{ {
_logger.LogWarning("Access denied for employeeId: {EmployeeId}", loggedInEmployee.Id); _logger.LogWarning("Access denied for employeeId: {EmployeeId}", loggedInEmployee.Id);
@ -312,7 +309,7 @@ namespace Marco.Pms.Services.Helpers
var loggedInEmployee = await _userHelper.GetCurrentEmployeeAsync(); var loggedInEmployee = await _userHelper.GetCurrentEmployeeAsync();
// Step 2: Check if user has permission to manage master data // Step 2: Check if user has permission to manage master data
var hasManageMasterPermission = await _permissionService.HasPermission(Manage_Master, loggedInEmployee.Id); var hasManageMasterPermission = await _permissionService.HasPermission(PermissionsMaster.ManageMasters, loggedInEmployee.Id);
if (!hasManageMasterPermission) if (!hasManageMasterPermission)
{ {
_logger.LogWarning("Access denied for employeeId: {EmployeeId}", loggedInEmployee.Id); _logger.LogWarning("Access denied for employeeId: {EmployeeId}", loggedInEmployee.Id);
@ -368,7 +365,7 @@ namespace Marco.Pms.Services.Helpers
var loggedInEmployee = await _userHelper.GetCurrentEmployeeAsync(); var loggedInEmployee = await _userHelper.GetCurrentEmployeeAsync();
// Step 3: Check permissions // Step 3: Check permissions
var hasManageMasterPermission = await _permissionService.HasPermission(Manage_Master, loggedInEmployee.Id); var hasManageMasterPermission = await _permissionService.HasPermission(PermissionsMaster.ManageMasters, loggedInEmployee.Id);
if (!hasManageMasterPermission) if (!hasManageMasterPermission)
{ {
_logger.LogWarning("Access denied. EmployeeId: {EmployeeId} does not have Manage Master permission.", loggedInEmployee.Id); _logger.LogWarning("Access denied. EmployeeId: {EmployeeId} does not have Manage Master permission.", loggedInEmployee.Id);
@ -421,7 +418,7 @@ namespace Marco.Pms.Services.Helpers
var loggedInEmployee = await _userHelper.GetCurrentEmployeeAsync(); var loggedInEmployee = await _userHelper.GetCurrentEmployeeAsync();
// Step 2: Check permission to manage master data // Step 2: Check permission to manage master data
var hasManageMasterPermission = await _permissionService.HasPermission(Manage_Master, loggedInEmployee.Id); var hasManageMasterPermission = await _permissionService.HasPermission(PermissionsMaster.ManageMasters, loggedInEmployee.Id);
if (!hasManageMasterPermission) if (!hasManageMasterPermission)
{ {
_logger.LogWarning("Delete denied. EmployeeId: {EmployeeId} lacks Manage_Master permission.", loggedInEmployee.Id); _logger.LogWarning("Delete denied. EmployeeId: {EmployeeId} lacks Manage_Master permission.", loggedInEmployee.Id);

View File

@ -2,11 +2,7 @@
using Marco.Pms.Model.Employees; using Marco.Pms.Model.Employees;
using Marco.Pms.Model.Entitlements; using Marco.Pms.Model.Entitlements;
using Marco.Pms.Model.Projects; using Marco.Pms.Model.Projects;
using Marco.Pms.Model.Utilities;
using Marco.Pms.Model.ViewModels.Projects;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore; using Microsoft.EntityFrameworkCore;
using ModelServices.Helpers;
namespace MarcoBMS.Services.Helpers namespace MarcoBMS.Services.Helpers
{ {