Implemented View all employee permission in employee list API

Marco.Pms.Services/Controllers/EmployeeController.cs

@@ -10,6 +10,7 @@ using Marco.Pms.Model.Projects;
 using Marco.Pms.Model.Utilities;
 using Marco.Pms.Model.ViewModels.Employee;
 using Marco.Pms.Services.Hubs;
+using Marco.Pms.Services.Service;
 using MarcoBMS.Services.Helpers;
 using MarcoBMS.Services.Service;
 using Microsoft.AspNetCore.Authorization;
@@ -35,10 +36,13 @@ namespace MarcoBMS.Services.Controllers
         private readonly IConfiguration _configuration;
         private readonly ILoggingService _logger;
         private readonly IHubContext<MarcoHub> _signalR;
+        private readonly PermissionServices _permission;
+        private readonly Guid ViewAllEmployee;
+        private readonly Guid ViewEmployee;
 
         public EmployeeController(UserManager<ApplicationUser> userManager, IEmailSender emailSender,
             ApplicationDbContext context, EmployeeHelper employeeHelper, UserHelper userHelper, IConfiguration configuration, ILoggingService logger,
-            IHubContext<MarcoHub> signalR)
+            IHubContext<MarcoHub> signalR, PermissionServices permission)
         {
             _context = context;
             _userManager = userManager;
@@ -48,6 +52,9 @@ namespace MarcoBMS.Services.Controllers
             _configuration = configuration;
             _logger = logger;
             _signalR = signalR;
+            _permission = permission;
+            ViewAllEmployee = Guid.Parse("60611762-7f8a-4fb5-b53f-b1139918796b");
+            ViewEmployee = Guid.Parse("b82d2b7e-0d52-45f3-997b-c008ea460e7f");
         }
 
         [HttpGet]
@@ -93,18 +100,39 @@ namespace MarcoBMS.Services.Controllers
         [Route("list/{projectid?}")]
         public async Task<IActionResult> GetEmployeesByProject(Guid? projectid, [FromQuery] bool ShowInactive)
         {
+            // Step 1: Validate incoming request model state
             if (!ModelState.IsValid)
             {
                 var errors = ModelState.Values
                     .SelectMany(v => v.Errors)
                     .Select(e => e.ErrorMessage)
                     .ToList();
+
+                _logger.LogWarning("Invalid request model in GetEmployeesByProject. Errors: {@Errors}", errors);
                 return BadRequest(ApiResponse<object>.ErrorResponse("Invalid data", errors, 400));
             }
+
+            // Step 2: Get currently logged-in employee
+            var loggedInEmployee = await _userHelper.GetCurrentEmployeeAsync();
+            _logger.LogInfo("GetEmployeesByProject called by EmployeeId: {EmployeeId}, ProjectId: {ProjectId}, ShowInactive: {ShowInactive}",
+                loggedInEmployee.Id, projectid ?? Guid.Empty, ShowInactive);
+
+            // Step 3: Check permission (if project ID is not provided, user must have global view permission)
+            var hasViewAllEmployeePermission = await _permission.HasPermission(ViewAllEmployee, loggedInEmployee.Id);
+            if (projectid == null && !hasViewAllEmployeePermission)
+            {
+                _logger.LogWarning("Access denied. EmployeeId: {EmployeeId} tried to access employees without project filter", loggedInEmployee.Id);
+                return StatusCode(403, ApiResponse<object>.ErrorResponse("You don't have access", "You don't have access", 403));
+            }
+
+            // Step 4: Get employee list from helper based on project and visibility flag
             var result = await _employeeHelper.GetEmployeeByProjectId(GetTenantId(), projectid, ShowInactive);
 
-            return Ok(ApiResponse<object>.SuccessResponse(result, "Filter applied.", 200));
+            _logger.LogInfo("Employees fetched successfully for ProjectId: {ProjectId} by EmployeeId: {EmployeeId}. Result Count: {Count}",
+                projectid ?? Guid.Empty, loggedInEmployee.Id, result.Count());
 
+            // Step 5: Return success response with employee data
+            return Ok(ApiResponse<object>.SuccessResponse(result, "Filter applied.", 200));
         }
 
         [HttpGet]