From 404c16946bfeca64e0e60ac1cc2b6ddd3aa06910 Mon Sep 17 00:00:00 2001 From: "ashutosh.nehete" Date: Tue, 27 May 2025 12:28:22 +0530 Subject: [PATCH] Enhancement #377: Update "Update Contact" API to Enforce Feature --- .../Controllers/DirectoryController.cs | 4 +++ Marco.Pms.Services/Helpers/DirectoryHelper.cs | 30 +++++++++++++++++-- 2 files changed, 32 insertions(+), 2 deletions(-) diff --git a/Marco.Pms.Services/Controllers/DirectoryController.cs b/Marco.Pms.Services/Controllers/DirectoryController.cs index de262fb..6b54891 100644 --- a/Marco.Pms.Services/Controllers/DirectoryController.cs +++ b/Marco.Pms.Services/Controllers/DirectoryController.cs @@ -103,6 +103,10 @@ namespace Marco.Pms.Services.Controllers { return NotFound(response); } + else if (response.StatusCode == 401) + { + return Unauthorized(response); + } else { return BadRequest(response); diff --git a/Marco.Pms.Services/Helpers/DirectoryHelper.cs b/Marco.Pms.Services/Helpers/DirectoryHelper.cs index 630bb10..bc14302 100644 --- a/Marco.Pms.Services/Helpers/DirectoryHelper.cs +++ b/Marco.Pms.Services/Helpers/DirectoryHelper.cs @@ -1795,6 +1795,33 @@ namespace Marco.Pms.Services.Helpers return ApiResponse.ErrorResponse("Contact not found", "Contact not found", 404); } + var assignedRoleIds = await _context.EmployeeRoleMappings.Where(r => r.EmployeeId == LoggedInEmployee.Id).Select(r => r.RoleId).ToListAsync(); + var permissionIds = await _context.RolePermissionMappings.Where(rp => assignedRoleIds.Contains(rp.ApplicationRoleId)).Select(rp => rp.FeaturePermissionId).Distinct().ToListAsync(); + List? employeeBuckets = await _context.EmployeeBucketMappings.Where(eb => eb.EmployeeId == LoggedInEmployee.Id).ToListAsync(); + List bucketIds = employeeBuckets.Select(c => c.BucketId).ToList(); + if (permissionIds.Contains(directoryAdmin)) + { + var buckets = await _context.Buckets.Where(b => b.TenantId == tenantId).ToListAsync(); + bucketIds = buckets.Select(b => b.Id).ToList(); + } + else if (permissionIds.Contains(directoryManager) || permissionIds.Contains(directoryUser)) + { + var buckets = await _context.Buckets.Where(b => b.CreatedByID == LoggedInEmployee.Id).ToListAsync(); + var createdBucketIds = buckets.Select(b => b.Id).ToList(); + bucketIds.AddRange(createdBucketIds); + bucketIds = bucketIds.Distinct().ToList(); + } + else + { + _logger.LogError("Employee {EmployeeId} attemped to update a contact, but do not have permission", LoggedInEmployee.Id); + return ApiResponse.ErrorResponse("You don't have permission", "You don't have permission", 401); + } + + List contactBuckets = await _context.ContactBucketMappings.AsNoTracking().Where(m => m.ContactId == contact.Id && bucketIds.Contains(m.BucketId)).ToListAsync(); + bucketIds = contactBuckets.Select(b => b.BucketId).Distinct().ToList(); + + + var newContact = updateContact.ToContactFromUpdateContactDto(tenantId, contact); _context.Contacts.Update(newContact); await _context.SaveChangesAsync(); @@ -1804,8 +1831,7 @@ namespace Marco.Pms.Services.Helpers List emails = await _context.ContactsEmails.AsNoTracking().Where(p => p.ContactId == contact.Id).ToListAsync(); var emailIds = emails.Select(p => p.Id).ToList(); - List contactBuckets = await _context.ContactBucketMappings.AsNoTracking().Where(m => m.ContactId == contact.Id).ToListAsync(); - var bucketIds = contactBuckets.Select(b => b.BucketId).Distinct().ToList(); + List contactTags = await _context.ContactTagMappings.AsNoTracking().Where(m => m.ContactId == contact.Id).ToListAsync(); var tagIds = contactTags.Select(t => t.ContactTagId).Distinct().ToList();