From 2a507bf7b0075cfff409959ab8145087e8fb1c8b Mon Sep 17 00:00:00 2001 From: "ashutosh.nehete" Date: Mon, 30 Jun 2025 15:29:29 +0530 Subject: [PATCH] Implemented View all employee permission in employee list API --- .../Controllers/EmployeeController.cs | 32 +++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/Marco.Pms.Services/Controllers/EmployeeController.cs b/Marco.Pms.Services/Controllers/EmployeeController.cs index 93580dd..a73c808 100644 --- a/Marco.Pms.Services/Controllers/EmployeeController.cs +++ b/Marco.Pms.Services/Controllers/EmployeeController.cs @@ -10,6 +10,7 @@ using Marco.Pms.Model.Projects; using Marco.Pms.Model.Utilities; using Marco.Pms.Model.ViewModels.Employee; using Marco.Pms.Services.Hubs; +using Marco.Pms.Services.Service; using MarcoBMS.Services.Helpers; using MarcoBMS.Services.Service; using Microsoft.AspNetCore.Authorization; @@ -35,10 +36,13 @@ namespace MarcoBMS.Services.Controllers private readonly IConfiguration _configuration; private readonly ILoggingService _logger; private readonly IHubContext _signalR; + private readonly PermissionServices _permission; + private readonly Guid ViewAllEmployee; + private readonly Guid ViewEmployee; public EmployeeController(UserManager userManager, IEmailSender emailSender, ApplicationDbContext context, EmployeeHelper employeeHelper, UserHelper userHelper, IConfiguration configuration, ILoggingService logger, - IHubContext signalR) + IHubContext signalR, PermissionServices permission) { _context = context; _userManager = userManager; @@ -48,6 +52,9 @@ namespace MarcoBMS.Services.Controllers _configuration = configuration; _logger = logger; _signalR = signalR; + _permission = permission; + ViewAllEmployee = Guid.Parse("60611762-7f8a-4fb5-b53f-b1139918796b"); + ViewEmployee = Guid.Parse("b82d2b7e-0d52-45f3-997b-c008ea460e7f"); } [HttpGet] @@ -93,18 +100,39 @@ namespace MarcoBMS.Services.Controllers [Route("list/{projectid?}")] public async Task GetEmployeesByProject(Guid? projectid, [FromQuery] bool ShowInactive) { + // Step 1: Validate incoming request model state if (!ModelState.IsValid) { var errors = ModelState.Values .SelectMany(v => v.Errors) .Select(e => e.ErrorMessage) .ToList(); + + _logger.LogWarning("Invalid request model in GetEmployeesByProject. Errors: {@Errors}", errors); return BadRequest(ApiResponse.ErrorResponse("Invalid data", errors, 400)); } + + // Step 2: Get currently logged-in employee + var loggedInEmployee = await _userHelper.GetCurrentEmployeeAsync(); + _logger.LogInfo("GetEmployeesByProject called by EmployeeId: {EmployeeId}, ProjectId: {ProjectId}, ShowInactive: {ShowInactive}", + loggedInEmployee.Id, projectid ?? Guid.Empty, ShowInactive); + + // Step 3: Check permission (if project ID is not provided, user must have global view permission) + var hasViewAllEmployeePermission = await _permission.HasPermission(ViewAllEmployee, loggedInEmployee.Id); + if (projectid == null && !hasViewAllEmployeePermission) + { + _logger.LogWarning("Access denied. EmployeeId: {EmployeeId} tried to access employees without project filter", loggedInEmployee.Id); + return StatusCode(403, ApiResponse.ErrorResponse("You don't have access", "You don't have access", 403)); + } + + // Step 4: Get employee list from helper based on project and visibility flag var result = await _employeeHelper.GetEmployeeByProjectId(GetTenantId(), projectid, ShowInactive); - return Ok(ApiResponse.SuccessResponse(result, "Filter applied.", 200)); + _logger.LogInfo("Employees fetched successfully for ProjectId: {ProjectId} by EmployeeId: {EmployeeId}. Result Count: {Count}", + projectid ?? Guid.Empty, loggedInEmployee.Id, result.Count()); + // Step 5: Return success response with employee data + return Ok(ApiResponse.SuccessResponse(result, "Filter applied.", 200)); } [HttpGet]