admin/marco.pms.api
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Added code to validate the id received by path parameter with id received by payload

Browse Source
This commit is contained in:
ashutosh.nehete 2025-06-16 17:19:59 +05:30
parent 5bc13e215d
commit 2e925efcf7
1 changed files with 28 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
Marco.Pms.Services/Helpers/MasterHelper.cs
View File

@ -356,41 +356,58 @@ namespace Marco.Pms.Services.Helpers
try try
{ {
// Step 1: Get tenant and employee info // Step 1: Validate input
if (id == Guid.Empty || id != updateWorkStatusDto.Id)
{
_logger.LogWarning("Invalid ID provided for update. Route ID: {RouteId}, DTO ID: {DtoId}", id, updateWorkStatusDto.Id);
return ApiResponse<object>.ErrorResponse("Invalid data provided", "The provided work status ID is invalid", 400);
}
// Step 2: Get tenant and logged-in employee
Guid tenantId = _userHelper.GetTenantId(); Guid tenantId = _userHelper.GetTenantId();
var loggedInEmployee = await _userHelper.GetCurrentEmployeeAsync(); var loggedInEmployee = await _userHelper.GetCurrentEmployeeAsync();
// Step 2: Check permission to update master // Step 3: Check permissions
var hasManageMasterPermission = await _permissionService.HasPermission(Manage_Master, loggedInEmployee.Id); var hasManageMasterPermission = await _permissionService.HasPermission(Manage_Master, loggedInEmployee.Id);
if (!hasManageMasterPermission) if (!hasManageMasterPermission)
{ {
_logger.LogWarning("Update denied. EmployeeId: {EmployeeId} does not have Manage Master permission.", loggedInEmployee.Id); _logger.LogWarning("Access denied. EmployeeId: {EmployeeId} does not have Manage Master permission.", loggedInEmployee.Id);
return ApiResponse<object>.ErrorResponse("You don't have access", "Don't have access to take action", 403); return ApiResponse<object>.ErrorResponse("Access denied", "You do not have permission to update this work status", 403);
} }
// Step 3: Retrieve existing work status by id and tenant // Step 4: Retrieve the work status record
var workStatus = await _context.WorkStatusMasters var workStatus = await _context.WorkStatusMasters
.FirstOrDefaultAsync(ws => ws.Id == id && ws.TenantId == tenantId); .FirstOrDefaultAsync(ws => ws.Id == id && ws.TenantId == tenantId);
if (workStatus == null) if (workStatus == null)
{ {
_logger.LogWarning("Work status not found for Id: {Id}", id); _logger.LogWarning("Work status not found for ID: {Id}", id);
return ApiResponse<object>.ErrorResponse("Work status not found", "Work status not found", 404); return ApiResponse<object>.ErrorResponse("Work status not found", "No work status found with the provided ID", 404);
} }
// Step 4: Update fields // Step 5: Check for duplicate name (optional)
var isDuplicate = await _context.WorkStatusMasters
.AnyAsync(ws => ws.Name == updateWorkStatusDto.Name && ws.Id != id && ws.TenantId == tenantId);
if (isDuplicate)
{
_logger.LogWarning("Duplicate work status name '{Name}' detected during update. ID: {Id}", updateWorkStatusDto.Name ?? "", id);
return ApiResponse<object>.ErrorResponse("Work status with the same name already exists", "Duplicate name", 400);
}
// Step 6: Update fields
workStatus.Name = updateWorkStatusDto.Name?.Trim() ?? ""; workStatus.Name = updateWorkStatusDto.Name?.Trim() ?? "";
workStatus.Description = updateWorkStatusDto.Description?.Trim() ?? ""; workStatus.Description = updateWorkStatusDto.Description?.Trim() ?? "";
await _context.SaveChangesAsync(); await _context.SaveChangesAsync();
_logger.LogInfo("Work status updated successfully. Id: {Id}", workStatus.Id); _logger.LogInfo("Work status updated successfully. ID: {Id}", id);
return ApiResponse<object>.SuccessResponse(workStatus, "Work status updated successfully", 200); return ApiResponse<object>.SuccessResponse(workStatus, "Work status updated successfully", 200);
} }
catch (Exception ex) catch (Exception ex)
{ {
_logger.LogError("Error occurred while updating work status Id: {Id} : {Error}", id, ex.Message); _logger.LogError("Error occurred while updating work status ID: {Id} : {Error}", id, ex.Message);
return ApiResponse<object>.ErrorResponse("An error occurred", "Unable to update work status", 500); return ApiResponse<object>.ErrorResponse("An error occurred", "Unable to update the work status at this time", 500);
} }
} }
public async Task<ApiResponse<object>> DeleteWorkStatus(Guid id) public async Task<ApiResponse<object>> DeleteWorkStatus(Guid id)