From 28caee40e3452a9a72c53d71a097df89c0fc44c0 Mon Sep 17 00:00:00 2001
From: "ashutosh.nehete" <ashutosh.nehete@marcoaiot.com>
Date: Thu, 4 Sep 2025 12:39:25 +0530
Subject: [PATCH] Adding the overwriting the project-level permissions to
 tenant-level permission

---
 Marco.Pms.Services/Service/ProjectServices.cs | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/Marco.Pms.Services/Service/ProjectServices.cs b/Marco.Pms.Services/Service/ProjectServices.cs
index 958f5d3..ba6c580 100644
--- a/Marco.Pms.Services/Service/ProjectServices.cs
+++ b/Marco.Pms.Services/Service/ProjectServices.cs
@@ -198,7 +198,7 @@ namespace Marco.Pms.Services.Service
                 _logger.LogInfo("Details requested by EmployeeId: {EmployeeId} for ProjectId: {ProjectId}", loggedInEmployee.Id, id);
 
                 // Step 1: Check global view project permission
-                var hasViewProjectPermission = await _permission.HasPermission(PermissionsMaster.ViewProject, loggedInEmployee.Id);
+                var hasViewProjectPermission = await _permission.HasPermission(PermissionsMaster.ViewProject, loggedInEmployee.Id, id);
                 if (!hasViewProjectPermission)
                 {
                     _logger.LogWarning("ViewProjects permission denied for EmployeeId: {EmployeeId}", loggedInEmployee.Id);
@@ -494,7 +494,7 @@ namespace Marco.Pms.Services.Service
                 // This is a placeholder for your actual permission logic.
                 var hasProjectPermission = await _permission.HasProjectPermission(loggedInEmployee, projectId.Value);
                 var hasAllEmployeePermission = await _permission.HasPermission(PermissionsMaster.ViewAllEmployees, loggedInEmployee.Id);
-                var hasviewTeamPermission = await _permission.HasPermission(PermissionsMaster.ViewTeamMembers, loggedInEmployee.Id);
+                var hasviewTeamPermission = await _permission.HasPermission(PermissionsMaster.ViewTeamMembers, loggedInEmployee.Id, projectId);
 
                 if (!(hasProjectPermission && (hasAllEmployeePermission || hasviewTeamPermission)))
                 {
@@ -979,7 +979,7 @@ namespace Marco.Pms.Services.Service
             {
                 // --- Step 1: Run independent permission checks in PARALLEL ---
                 var projectPermissionTask = _permission.HasProjectPermission(loggedInEmployee, projectId);
-                var viewInfraPermissionTask = _permission.HasPermission(PermissionsMaster.ViewProjectInfra, loggedInEmployee.Id);
+                var viewInfraPermissionTask = _permission.HasPermission(PermissionsMaster.ViewProjectInfra, loggedInEmployee.Id, projectId);
 
                 await Task.WhenAll(projectPermissionTask, viewInfraPermissionTask);
 
@@ -1057,7 +1057,7 @@ namespace Marco.Pms.Services.Service
                 }
 
                 var hasProjectAccess = await _permission.HasProjectPermission(loggedInEmployee, projectInfo.ProjectId);
-                var hasGenericViewInfraPermission = await _permission.HasPermission(PermissionsMaster.ViewProjectInfra, loggedInEmployee.Id);
+                var hasGenericViewInfraPermission = await _permission.HasPermission(PermissionsMaster.ViewProjectInfra, loggedInEmployee.Id, projectInfo.ProjectId);
 
                 if (!hasProjectAccess || !hasGenericViewInfraPermission)
                 {
@@ -1294,7 +1294,7 @@ namespace Marco.Pms.Services.Service
             // --- (Placeholder) Security Check ---
             // You MUST verify the user has permission to modify ALL WorkAreas in the batch.
             var projectIdsInBatch = workAreasFromDb.Values.Select(wa => wa.Floor!.Building!.ProjectId).Distinct();
-            var hasPermission = await _permission.HasPermission(PermissionsMaster.ManageProjectInfra, loggedInEmployee.Id);
+            var hasPermission = await _permission.HasPermission(PermissionsMaster.ManageProjectInfra, loggedInEmployee.Id, projectIdsInBatch.FirstOrDefault());
             if (!hasPermission)
             {
                 _logger.LogWarning("Access DENIED for user {UserId} trying to create/update tasks.", loggedInEmployee.Id);
@@ -1731,7 +1731,6 @@ namespace Marco.Pms.Services.Service
                 return ApiResponse<object>.ErrorResponse("Failed to assign project-level modules.", ex.Message);
             }
         }
-
         public async Task<ApiResponse<object>> GetEmployeeToWhomProjectLevelAssignedAsync(Guid projectId, Guid tenantId, Employee loggedInEmployee)
         {
             // Log method entry and parameters for traceability
@@ -1740,7 +1739,7 @@ namespace Marco.Pms.Services.Service
 
             try
             {
-                // ✅ Optimized query: Selecting only employees with necessary joins
+                // Optimized query: Selecting only employees with necessary joins
                 // Instead of fetching entire mapping objects, directly project required employees
                 var assignedEmployees = await _context.ProjectLevelPermissionMappings
                     .Include(pl => pl.Employee)
@@ -1754,7 +1753,7 @@ namespace Marco.Pms.Services.Service
                 _logger.LogInfo("Retrieved {Count} employees with project-level permissions for ProjectId: {ProjectId}, TenantId: {TenantId}",
                     assignedEmployees.Count, projectId, tenantId);
 
-                // ✅ Use AutoMapper to transform DB entities into VMs
+                // Use AutoMapper to transform DB entities into VMs
                 var response = _mapper.Map<List<BasicEmployeeVM>>(assignedEmployees);
 
                 // Return a consistent API response with success message
@@ -1770,8 +1769,6 @@ namespace Marco.Pms.Services.Service
                 return ApiResponse<object>.ErrorResponse("An error occurred while retrieving employees with project-level permissions.", 500);
             }
         }
-
-
         #endregion
 
         #region =================================================================== Helper Functions ===================================================================