admin/marco.pms.api
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

only checking if the user have permission of project or not only

Browse Source
This commit is contained in:
ashutosh.nehete 2025-07-16 14:49:34 +05:30
parent 08e8e8d75f
commit 2889620c1c
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Marco.Pms.Services/Controllers/DashboardController.cs
View File

@ -199,7 +199,8 @@ namespace Marco.Pms.Services.Controllers
if (projectId.HasValue) if (projectId.HasValue)
{ {
// Security Check: Ensure the requested project is in the user's accessible list. // Security Check: Ensure the requested project is in the user's accessible list.
if (!accessibleActiveProjectIds.Contains(projectId.Value)) var hasPermission = await _permissionServices.HasProjectPermission(loggedInEmployee, projectId.Value.ToString());
if (!hasPermission)
{ {
_logger.LogWarning("Access DENIED for user {UserId} on project {ProjectId} (not active or not accessible).", loggedInEmployee.Id, projectId.Value); _logger.LogWarning("Access DENIED for user {UserId} on project {ProjectId} (not active or not accessible).", loggedInEmployee.Id, projectId.Value);
return StatusCode(403, ApiResponse<object>.ErrorResponse("Access Denied.", "You do not have permission to view this project, or it is not active.", 403)); return StatusCode(403, ApiResponse<object>.ErrorResponse("Access Denied.", "You do not have permission to view this project, or it is not active.", 403));