only checking if the user have permission of project or not only

Marco.Pms.Services/Controllers/DashboardController.cs

@@ -199,7 +199,8 @@ namespace Marco.Pms.Services.Controllers
                 if (projectId.HasValue)
                 {
                     // Security Check: Ensure the requested project is in the user's accessible list.
-                    if (!accessibleActiveProjectIds.Contains(projectId.Value))
+                    var hasPermission = await _permissionServices.HasProjectPermission(loggedInEmployee, projectId.Value.ToString());
+                    if (!hasPermission)
                     {
                         _logger.LogWarning("Access DENIED for user {UserId} on project {ProjectId} (not active or not accessible).", loggedInEmployee.Id, projectId.Value);
                         return StatusCode(403, ApiResponse<object>.ErrorResponse("Access Denied.", "You do not have permission to view this project, or it is not active.", 403));