Added isSystem flage in Employee and ApplicationRole table and added functionality not to suspend employee if isSystem=true and not to update or delete application role if isSystem=true

Marco.Pms.DataAccess/Migrations/20250508055854_Added_IsSystem_Flag.cs

@@ -0,0 +1,40 @@
+using Microsoft.EntityFrameworkCore.Migrations;
+
+#nullable disable
+
+namespace Marco.Pms.DataAccess.Migrations
+{
+    /// <inheritdoc />
+    public partial class Added_IsSystem_Flag : Migration
+    {
+        /// <inheritdoc />
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.AddColumn<bool>(
+                name: "IsSystem",
+                table: "Employees",
+                type: "tinyint(1)",
+                nullable: false,
+                defaultValue: false);
+
+            migrationBuilder.AddColumn<bool>(
+                name: "IsSystem",
+                table: "ApplicationRoles",
+                type: "tinyint(1)",
+                nullable: false,
+                defaultValue: false);
+        }
+
+        /// <inheritdoc />
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropColumn(
+                name: "IsSystem",
+                table: "Employees");
+
+            migrationBuilder.DropColumn(
+                name: "IsSystem",
+                table: "ApplicationRoles");
+        }
+    }
+}

Marco.Pms.DataAccess/Migrations/ApplicationDbContextModelSnapshot.cs

@@ -342,6 +342,9 @@ namespace Marco.Pms.DataAccess.Migrations
                     b.Property<bool>("IsActive")
                         .HasColumnType("tinyint(1)");
 
+                    b.Property<bool>("IsSystem")
+                        .HasColumnType("tinyint(1)");
+
                     b.Property<Guid?>("JobRoleId")
                         .HasColumnType("char(36)");
 
@@ -468,6 +471,9 @@ namespace Marco.Pms.DataAccess.Migrations
                     b.Property<string>("Description")
                         .HasColumnType("longtext");
 
+                    b.Property<bool>("IsSystem")
+                        .HasColumnType("tinyint(1)");
+
                     b.Property<string>("Role")
                         .HasColumnType("longtext");
 

Marco.Pms.Model/Employees/Employee.cs

@@ -39,6 +39,8 @@ namespace Marco.Pms.Model.Employees
 
         public bool IsActive { get; set; } = true;
 
+        public bool IsSystem { get; set; } = false;
+
         public Guid RoleId { get; set; }
         //[ForeignKey(nameof(RoleId))]
         //public EmployeeRole EmployeeRole { get; set; }

Marco.Pms.Model/Entitlements/ApplicationRole.cs

@@ -5,6 +5,7 @@
         public Guid Id { get; set; }
         public string? Role { get; set; }
         public string? Description { get; set; }
+        public bool IsSystem { get; set; } = false;
 
         public Guid TenantId { get; set; }
 

Marco.Pms.Model/Mapper/ApplicationRoleMapper.cs

@@ -12,6 +12,7 @@ namespace Marco.Pms.Model.Mapper
             {
                 Id = model.Id,
                 Role = model.Role,
+                IsSystem = model.IsSystem,
                 Description = model.Description,
                 //FeaturePermission = model.FeaturePermissions
             };

Marco.Pms.Model/Mapper/EmployeeMapper.cs

@@ -29,6 +29,7 @@ namespace Marco.Pms.Model.Mapper
                 PhoneNumber = model.PhoneNumber,
                 Photo = model.Photo,
                 IsActive = model.IsActive,
+                IsSystem = model.IsSystem,
                 JoiningDate = model.JoiningDate
             };
         }

Marco.Pms.Model/ViewModels/ApplicationRolesVM.cs

@@ -5,6 +5,7 @@
         public Guid Id { get; set; }
         public string? Role { get; set; }
         public string? Description { get; set; }
+        public bool IsSystem { get; set; }
         public ICollection<FeaturePermissionVM>? FeaturePermission { get; set; }
     }
 }

Marco.Pms.Model/ViewModels/Employee/EmployeeVM.cs

@@ -28,6 +28,7 @@
         public string? ApplicationUserId { get; set; }
 
         public Guid? JobRoleId { get; set; }
+        public bool IsSystem { get; set; }
         public string? JobRole { get; set; }
 
     }

Marco.Pms.Services/Controllers/EmployeeController.cs

@@ -85,50 +85,7 @@ namespace MarcoBMS.Services.Controllers
             }
         }
 
-        [HttpPost]
-        [Route("roles")]
-        public async Task<IActionResult> ManageRoles([FromBody] List<EmployeeRoleDot> employeeRoleDots)
-        {
-            if (!ModelState.IsValid)
-            {
-                var errors = ModelState.Values
-                    .SelectMany(v => v.Errors)
-                    .Select(e => e.ErrorMessage)
-                    .ToList();
-                return BadRequest(ApiResponse<object>.ErrorResponse("Invalid data", errors, 400));
-            }
 
-            Guid TenantId = GetTenantId();
-            try
-            {
-                foreach (EmployeeRoleDot role in employeeRoleDots)
-                {
-                    EmployeeRoleMapping mapping = role.ToEmployeeRoleMappingFromEmployeeRoleDot(TenantId);
-
-                    var existingItem = await _context.EmployeeRoleMappings.AsNoTracking().SingleOrDefaultAsync(c => c.Id == mapping.Id);
-
-                    if (existingItem == null)
-                    {
-
-                        if (role.IsEnabled == true)
-                        {
-                            _context.EmployeeRoleMappings.Add(mapping);
-                        }
-                    }
-                    else if (role.IsEnabled == false)
-                    {
-                        _context.EmployeeRoleMappings.Remove(existingItem);
-                    }
-
-                }
-                await _context.SaveChangesAsync();
-            }
-            catch (Exception ex)
-            {
-                return BadRequest(ApiResponse<object>.ErrorResponse(ex.Message, ex, 400));
-            }
-            return Ok(ApiResponse<object>.SuccessResponse("success", "Roles modified.", 200));
-        }
 
         [HttpGet]
         [Route("list/{projectid?}")]
@@ -323,8 +280,16 @@ namespace MarcoBMS.Services.Controllers
         public async Task<IActionResult> SuspendEmployee(Guid id)
         {
             Guid tenantId = _userHelper.GetTenantId();
-            Employee? employee = await _context.Employees.FirstOrDefaultAsync(e => e.Id == id && e.TenantId == tenantId);
+            var LoggedEmployee = await _userHelper.GetCurrentEmployeeAsync();
+            Employee? employee = await _context.Employees.FirstOrDefaultAsync(e => e.Id == id && e.IsActive && e.TenantId == tenantId);
             if (employee != null)
+            {
+                if (employee.IsSystem)
+                {
+                    _logger.LogWarning("Employee with ID {LoggedEmployeeId} tries to suspend system-defined employee with ID {EmployeeId}", LoggedEmployee.Id, employee.Id);
+                    return BadRequest(ApiResponse<object>.ErrorResponse("System-defined employees cannot be suspended.", "System-defined employees cannot be suspended.", 400));
+                }
+                else
                 {
                     var assignedToTasks = await _context.TaskMembers.Where(t => t.EmployeeId == employee.Id).ToListAsync();
                     if (assignedToTasks.Count != 0)
@@ -384,6 +349,7 @@ namespace MarcoBMS.Services.Controllers
                     await _context.SaveChangesAsync();
                     _logger.LogInfo("Employee with ID {EmployeId} Deleted successfully", employee.Id);
                 }
+            }
             else
             {
                 _logger.LogError("Employee with ID {EmploueeId} not found in database", id);

Marco.Pms.Services/Controllers/RolesController.cs

@@ -1,11 +1,13 @@
 using System.Data;
 using Marco.Pms.DataAccess.Data;
+using Marco.Pms.Model.Dtos.Employees;
 using Marco.Pms.Model.Dtos.Roles;
 using Marco.Pms.Model.Entitlements;
 using Marco.Pms.Model.Mapper;
 using Marco.Pms.Model.Utilities;
 using Marco.Pms.Model.ViewModels;
 using MarcoBMS.Services.Helpers;
+using MarcoBMS.Services.Service;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
@@ -21,16 +23,16 @@ namespace MarcoBMS.Services.Controllers
         private readonly ApplicationDbContext _context;
         private readonly RolesHelper _rolesHelper;
         private readonly UserHelper _userHelper;
-
-
         private readonly UserManager<ApplicationUser> _userManager;
+        private readonly ILoggingService _logger;
 
-        public RolesController(UserManager<ApplicationUser> userManager, ApplicationDbContext context, RolesHelper rolesHelper, UserHelper userHelper)
+        public RolesController(UserManager<ApplicationUser> userManager, ApplicationDbContext context, RolesHelper rolesHelper, UserHelper userHelper, ILoggingService logger)
         {
             _context = context;
             _userManager = userManager;
             _rolesHelper = rolesHelper;
             _userHelper = userHelper;
+            _logger = logger;
         }
 
         private Guid GetTenantId()
@@ -137,6 +139,7 @@ namespace MarcoBMS.Services.Controllers
                 {
                     Id = item.Id,
                     Role = item.Role,
+                    IsSystem = item.IsSystem,
                     Description = item.Description,
                     FeaturePermission = []
                 };
@@ -225,17 +228,21 @@ namespace MarcoBMS.Services.Controllers
             try
             {
                 Guid TenantId = GetTenantId();
-
+                var LoggedEmployee = await _userHelper.GetCurrentEmployeeAsync();
+                var existingRole = await _context.ApplicationRoles.AsNoTracking().FirstOrDefaultAsync(r => r.Id == id);
+                if (existingRole != null && existingRole.IsSystem)
+                {
+                    _logger.LogWarning("Employee with ID {LoggedEmployeeId} tries to update System-defined application roles {AppcationRoleId}", LoggedEmployee.Id, existingRole.Id);
+                    return BadRequest(ApiResponse<object>.ErrorResponse("System-defined roles cannot be updated", "System-defined roles cannot be updated", 400));
+                }
                 ApplicationRole role = updateRoleDto.ToApplicationRoleFromUpdateDto(TenantId);
 
                 if (role.TenantId != TenantId)
                     return Unauthorized(ApiResponse<object>.ErrorResponse("You don't have any authority to update role", "You don't have any authority to update role", 401));
-
+                if (existingRole != null)
-                var projectModel = _context.ApplicationRoles.Update(role);
-
-                if (projectModel == null)
                 {
-                    return NotFound(ApiResponse<object>.ErrorResponse("Project not found", "Project not found", 404));
+                    _context.ApplicationRoles.Update(role);
+                    await _context.SaveChangesAsync();
                 }
 
                 bool modified = false;
@@ -265,7 +272,13 @@ namespace MarcoBMS.Services.Controllers
             }
             catch (Exception ex)
             {
-                return BadRequest(ApiResponse<object>.ErrorResponse(ex.Message, ex, 400));
+                var response = new
+                {
+                    message = ex.Message,
+                    detail = ex.StackTrace,
+                    statusCode = StatusCodes.Status500InternalServerError
+                };
+                return BadRequest(ApiResponse<object>.ErrorResponse(ex.Message, response, 400));
             }
         }
 
@@ -303,11 +316,67 @@ namespace MarcoBMS.Services.Controllers
             {
                 Id = role.Id,
                 Role = role.Role,
+                IsSystem = role.IsSystem,
                 FeaturePermission = featurePermissions
             };
 
             return Ok(ApiResponse<object>.SuccessResponse(vm, "Roles Perimssions fetched successfully.", 200));
 
         }
+
+
+
+        [HttpPost]
+        [Route("assign-roles")]
+        public async Task<IActionResult> ManageRoles([FromBody] List<EmployeeRoleDot> employeeRoleDots)
+        {
+            if (!ModelState.IsValid)
+            {
+                var errors = ModelState.Values
+                    .SelectMany(v => v.Errors)
+                    .Select(e => e.ErrorMessage)
+                    .ToList();
+                return BadRequest(ApiResponse<object>.ErrorResponse("Invalid data", errors, 400));
+            }
+            var employeesIds = employeeRoleDots.Select(e => e.EmployeeId).Distinct().ToList();
+            var LoggedEmployee = await _userHelper.GetCurrentEmployeeAsync();
+            var employees = await _context.Employees.Where(e => employeesIds.Contains(e.Id)).ToListAsync();
+
+            Guid TenantId = GetTenantId();
+            try
+            {
+                foreach (EmployeeRoleDot role in employeeRoleDots)
+                {
+                    var employee = employees.Find(e => e.Id == role.EmployeeId && e.IsSystem);
+                    if (employee != null)
+                    {
+                        _logger.LogWarning("Employee with ID {LoggedEmployeeId} tries to assign or remove the application role to System-defined employee with ID {EmployeeId}", LoggedEmployee.Id, employee.Id);
+                        return BadRequest(ApiResponse<object>.ErrorResponse("System-defined employee cannot have application roles assigned or removed.", "System-defined employee cannot have application roles assigned or removed.", 400));
+                    }
+                    EmployeeRoleMapping mapping = role.ToEmployeeRoleMappingFromEmployeeRoleDot(TenantId);
+
+                    var existingItem = await _context.EmployeeRoleMappings.AsNoTracking().SingleOrDefaultAsync(c => c.Id == mapping.Id);
+
+                    if (existingItem == null)
+                    {
+                        if (role.IsEnabled == true)
+                        {
+                            _context.EmployeeRoleMappings.Add(mapping);
+                        }
+                    }
+                    else if (role.IsEnabled == false)
+                    {
+                        _context.EmployeeRoleMappings.Remove(existingItem);
+                    }
+
+                }
+                await _context.SaveChangesAsync();
+            }
+            catch (Exception ex)
+            {
+                return BadRequest(ApiResponse<object>.ErrorResponse(ex.Message, ex, 400));
+            }
+            return Ok(ApiResponse<object>.SuccessResponse("success", "Roles modified.", 200));
+        }
     }
 }

Marco.Pms.Services/Service/StartupDataSeeder.cs

@@ -63,6 +63,7 @@ namespace Marco.Pms.Services.Service
             {
                 Role = "Super User",
                 Description = "Super User",
+                IsSystem = true,
                 TenantId = Guid.Parse("b3466e83-7e11-464c-b93a-daf047838b26")
             };
             if (!await dbContext.ApplicationRoles.Where(a => a.Role == "Super User").AnyAsync())
@@ -93,6 +94,7 @@ namespace Marco.Pms.Services.Service
                 PhoneNumber = "9876543210",
                 Photo = null, // GetFileDetails(model.Photo).Result.FileData,
                 JobRoleId = jobRole != null ? jobRole.Id : Guid.Empty,
+                IsSystem = true,
                 JoiningDate = Convert.ToDateTime("2000-04-20 10:11:17.588000"),
             };
             if ((!await dbContext.Employees.Where(e => e.FirstName == "Admin").AnyAsync()) && (jobRole != null ? jobRole.Id : Guid.Empty) != Guid.Empty)