Adding the overwriting the project-level permissions to tenant-level permission
This commit is contained in:
parent
4a13386546
commit
28caee40e3
@ -198,7 +198,7 @@ namespace Marco.Pms.Services.Service
|
|||||||
_logger.LogInfo("Details requested by EmployeeId: {EmployeeId} for ProjectId: {ProjectId}", loggedInEmployee.Id, id);
|
_logger.LogInfo("Details requested by EmployeeId: {EmployeeId} for ProjectId: {ProjectId}", loggedInEmployee.Id, id);
|
||||||
|
|
||||||
// Step 1: Check global view project permission
|
// Step 1: Check global view project permission
|
||||||
var hasViewProjectPermission = await _permission.HasPermission(PermissionsMaster.ViewProject, loggedInEmployee.Id);
|
var hasViewProjectPermission = await _permission.HasPermission(PermissionsMaster.ViewProject, loggedInEmployee.Id, id);
|
||||||
if (!hasViewProjectPermission)
|
if (!hasViewProjectPermission)
|
||||||
{
|
{
|
||||||
_logger.LogWarning("ViewProjects permission denied for EmployeeId: {EmployeeId}", loggedInEmployee.Id);
|
_logger.LogWarning("ViewProjects permission denied for EmployeeId: {EmployeeId}", loggedInEmployee.Id);
|
||||||
@ -494,7 +494,7 @@ namespace Marco.Pms.Services.Service
|
|||||||
// This is a placeholder for your actual permission logic.
|
// This is a placeholder for your actual permission logic.
|
||||||
var hasProjectPermission = await _permission.HasProjectPermission(loggedInEmployee, projectId.Value);
|
var hasProjectPermission = await _permission.HasProjectPermission(loggedInEmployee, projectId.Value);
|
||||||
var hasAllEmployeePermission = await _permission.HasPermission(PermissionsMaster.ViewAllEmployees, loggedInEmployee.Id);
|
var hasAllEmployeePermission = await _permission.HasPermission(PermissionsMaster.ViewAllEmployees, loggedInEmployee.Id);
|
||||||
var hasviewTeamPermission = await _permission.HasPermission(PermissionsMaster.ViewTeamMembers, loggedInEmployee.Id);
|
var hasviewTeamPermission = await _permission.HasPermission(PermissionsMaster.ViewTeamMembers, loggedInEmployee.Id, projectId);
|
||||||
|
|
||||||
if (!(hasProjectPermission && (hasAllEmployeePermission || hasviewTeamPermission)))
|
if (!(hasProjectPermission && (hasAllEmployeePermission || hasviewTeamPermission)))
|
||||||
{
|
{
|
||||||
@ -979,7 +979,7 @@ namespace Marco.Pms.Services.Service
|
|||||||
{
|
{
|
||||||
// --- Step 1: Run independent permission checks in PARALLEL ---
|
// --- Step 1: Run independent permission checks in PARALLEL ---
|
||||||
var projectPermissionTask = _permission.HasProjectPermission(loggedInEmployee, projectId);
|
var projectPermissionTask = _permission.HasProjectPermission(loggedInEmployee, projectId);
|
||||||
var viewInfraPermissionTask = _permission.HasPermission(PermissionsMaster.ViewProjectInfra, loggedInEmployee.Id);
|
var viewInfraPermissionTask = _permission.HasPermission(PermissionsMaster.ViewProjectInfra, loggedInEmployee.Id, projectId);
|
||||||
|
|
||||||
await Task.WhenAll(projectPermissionTask, viewInfraPermissionTask);
|
await Task.WhenAll(projectPermissionTask, viewInfraPermissionTask);
|
||||||
|
|
||||||
@ -1057,7 +1057,7 @@ namespace Marco.Pms.Services.Service
|
|||||||
}
|
}
|
||||||
|
|
||||||
var hasProjectAccess = await _permission.HasProjectPermission(loggedInEmployee, projectInfo.ProjectId);
|
var hasProjectAccess = await _permission.HasProjectPermission(loggedInEmployee, projectInfo.ProjectId);
|
||||||
var hasGenericViewInfraPermission = await _permission.HasPermission(PermissionsMaster.ViewProjectInfra, loggedInEmployee.Id);
|
var hasGenericViewInfraPermission = await _permission.HasPermission(PermissionsMaster.ViewProjectInfra, loggedInEmployee.Id, projectInfo.ProjectId);
|
||||||
|
|
||||||
if (!hasProjectAccess || !hasGenericViewInfraPermission)
|
if (!hasProjectAccess || !hasGenericViewInfraPermission)
|
||||||
{
|
{
|
||||||
@ -1294,7 +1294,7 @@ namespace Marco.Pms.Services.Service
|
|||||||
// --- (Placeholder) Security Check ---
|
// --- (Placeholder) Security Check ---
|
||||||
// You MUST verify the user has permission to modify ALL WorkAreas in the batch.
|
// You MUST verify the user has permission to modify ALL WorkAreas in the batch.
|
||||||
var projectIdsInBatch = workAreasFromDb.Values.Select(wa => wa.Floor!.Building!.ProjectId).Distinct();
|
var projectIdsInBatch = workAreasFromDb.Values.Select(wa => wa.Floor!.Building!.ProjectId).Distinct();
|
||||||
var hasPermission = await _permission.HasPermission(PermissionsMaster.ManageProjectInfra, loggedInEmployee.Id);
|
var hasPermission = await _permission.HasPermission(PermissionsMaster.ManageProjectInfra, loggedInEmployee.Id, projectIdsInBatch.FirstOrDefault());
|
||||||
if (!hasPermission)
|
if (!hasPermission)
|
||||||
{
|
{
|
||||||
_logger.LogWarning("Access DENIED for user {UserId} trying to create/update tasks.", loggedInEmployee.Id);
|
_logger.LogWarning("Access DENIED for user {UserId} trying to create/update tasks.", loggedInEmployee.Id);
|
||||||
@ -1731,7 +1731,6 @@ namespace Marco.Pms.Services.Service
|
|||||||
return ApiResponse<object>.ErrorResponse("Failed to assign project-level modules.", ex.Message);
|
return ApiResponse<object>.ErrorResponse("Failed to assign project-level modules.", ex.Message);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public async Task<ApiResponse<object>> GetEmployeeToWhomProjectLevelAssignedAsync(Guid projectId, Guid tenantId, Employee loggedInEmployee)
|
public async Task<ApiResponse<object>> GetEmployeeToWhomProjectLevelAssignedAsync(Guid projectId, Guid tenantId, Employee loggedInEmployee)
|
||||||
{
|
{
|
||||||
// Log method entry and parameters for traceability
|
// Log method entry and parameters for traceability
|
||||||
@ -1740,7 +1739,7 @@ namespace Marco.Pms.Services.Service
|
|||||||
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
// ✅ Optimized query: Selecting only employees with necessary joins
|
// Optimized query: Selecting only employees with necessary joins
|
||||||
// Instead of fetching entire mapping objects, directly project required employees
|
// Instead of fetching entire mapping objects, directly project required employees
|
||||||
var assignedEmployees = await _context.ProjectLevelPermissionMappings
|
var assignedEmployees = await _context.ProjectLevelPermissionMappings
|
||||||
.Include(pl => pl.Employee)
|
.Include(pl => pl.Employee)
|
||||||
@ -1754,7 +1753,7 @@ namespace Marco.Pms.Services.Service
|
|||||||
_logger.LogInfo("Retrieved {Count} employees with project-level permissions for ProjectId: {ProjectId}, TenantId: {TenantId}",
|
_logger.LogInfo("Retrieved {Count} employees with project-level permissions for ProjectId: {ProjectId}, TenantId: {TenantId}",
|
||||||
assignedEmployees.Count, projectId, tenantId);
|
assignedEmployees.Count, projectId, tenantId);
|
||||||
|
|
||||||
// ✅ Use AutoMapper to transform DB entities into VMs
|
// Use AutoMapper to transform DB entities into VMs
|
||||||
var response = _mapper.Map<List<BasicEmployeeVM>>(assignedEmployees);
|
var response = _mapper.Map<List<BasicEmployeeVM>>(assignedEmployees);
|
||||||
|
|
||||||
// Return a consistent API response with success message
|
// Return a consistent API response with success message
|
||||||
@ -1770,8 +1769,6 @@ namespace Marco.Pms.Services.Service
|
|||||||
return ApiResponse<object>.ErrorResponse("An error occurred while retrieving employees with project-level permissions.", 500);
|
return ApiResponse<object>.ErrorResponse("An error occurred while retrieving employees with project-level permissions.", 500);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
#endregion
|
#endregion
|
||||||
|
|
||||||
#region =================================================================== Helper Functions ===================================================================
|
#region =================================================================== Helper Functions ===================================================================
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user