admin/marco.pms.api
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Checking the project levelmpermission in project controller

Browse Source
This commit is contained in:
ashutosh.nehete 2025-09-18 18:04:22 +05:30
parent 51d86d7bfc
commit 2ce294904b
2 changed files with 12 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Marco.Pms.Services/Controllers/DocumentController.cs
View File

@ -1331,15 +1331,14 @@ namespace Marco.Pms.Services.Controllers
} }
// Check if the logged in employee has permission to delete OR is the owner of the document attachment // Check if the logged in employee has permission to delete OR is the owner of the document attachment
var hasDeletePermission = await _permission.HasPermission(PermissionsMaster.DeleteDocument, loggedInEmployee.Id); ar hasDeletePermission = false;
var hasViewPermission = false;
if (ProjectEntity == documentAttachment.DocumentType?.DocumentCategory?.EntityTypeId) if (ProjectEntity == documentAttachment.DocumentType?.DocumentCategory?.EntityTypeId)
{ {
hasViewPermission = await _permission.HasPermission(PermissionsMaster.ViewDocument, loggedInEmployee.Id, documentAttachment.EntityId); hasDeletePermission = await _permission.HasPermission(PermissionsMaster.DeleteDocument, loggedInEmployee.Id, documentAttachment.EntityId);
} }
else if (EmployeeEntity == documentAttachment.DocumentType?.DocumentCategory?.EntityTypeId) else if (EmployeeEntity == documentAttachment.DocumentType?.DocumentCategory?.EntityTypeId)
{ {
hasViewPermission = await _permission.HasPermission(PermissionsMaster.ViewDocument, loggedInEmployee.Id); hasDeletePermission = await _permission.HasPermission(PermissionsMaster.DeleteDocument, loggedInEmployee.Id);
} }
if (!hasDeletePermission && loggedInEmployee.Id != documentAttachment.EntityId) if (!hasDeletePermission && loggedInEmployee.Id != documentAttachment.EntityId)
{ {

10
Marco.Pms.Services/Service/ProjectServices.cs
View File

@ -641,7 +641,8 @@ namespace Marco.Pms.Services.Service
// In a real application, you would check if the loggedInEmployee has permission // In a real application, you would check if the loggedInEmployee has permission
// to manage allocations for ALL projects involved in this batch. // to manage allocations for ALL projects involved in this batch.
var projectIdsInBatch = allocationsDto.Select(a => a.ProjectId).Distinct().ToList(); var projectIdsInBatch = allocationsDto.Select(a => a.ProjectId).Distinct().ToList();
var hasPermission = await _permission.HasPermission(PermissionsMaster.ManageTeam, loggedInEmployee.Id); var projectId = projectIdsInBatch.FirstOrDefault();
var hasPermission = await _permission.HasPermission(PermissionsMaster.ManageTeam, loggedInEmployee.Id, projectId);
if (!hasPermission) if (!hasPermission)
{ {
_logger.LogWarning("Access DENIED for user {UserId} trying to manage allocations for projects.", loggedInEmployee.Id); _logger.LogWarning("Access DENIED for user {UserId} trying to manage allocations for projects.", loggedInEmployee.Id);
@ -826,12 +827,15 @@ namespace Marco.Pms.Services.Service
// --- (Placeholder) Security Check --- // --- (Placeholder) Security Check ---
// You MUST verify that the loggedInEmployee has permission to modify the assignments for the target employeeId. // You MUST verify that the loggedInEmployee has permission to modify the assignments for the target employeeId.
var hasPermission = await _permission.HasPermission(PermissionsMaster.ManageTeam, loggedInEmployee.Id); foreach (var allocation in allocationsDto)
if (!hasPermission) {
if (!await _permission.HasPermission(PermissionsMaster.ManageTeam, loggedInEmployee.Id, allocation.ProjectId))
{ {
_logger.LogWarning("Access DENIED for user {UserId} trying to manage assignments for employee {TargetEmployeeId}.", loggedInEmployee.Id, employeeId); _logger.LogWarning("Access DENIED for user {UserId} trying to manage assignments for employee {TargetEmployeeId}.", loggedInEmployee.Id, employeeId);
return ApiResponse<List<ProjectAllocationVM>>.ErrorResponse("Access Denied.", "You do not have permission to manage this employee's assignments.", 403); return ApiResponse<List<ProjectAllocationVM>>.ErrorResponse("Access Denied.", "You do not have permission to manage this employee's assignments.", 403);
} }
}
// --- Step 2: Fetch all relevant existing data in ONE database call --- // --- Step 2: Fetch all relevant existing data in ONE database call ---
var projectIdsInDto = allocationsDto.Select(p => p.ProjectId).ToList(); var projectIdsInDto = allocationsDto.Select(p => p.ProjectId).ToList();