Changed the authontication logic for delete contact notes

Marco.Pms.Services/Service/DirectoryService.cs

@@ -2271,9 +2271,11 @@ namespace Marco.Pms.Services.Service
                 return ApiResponse<object>.ErrorResponse("Note not found", "Note not found", 404);
             }
 
-            var bucketIds = await _context.ContactBucketMappings.Where(cb => cb.ContactId == note.ContactId).Select(cb => cb.BucketId).ToListAsync();
-            var hasContactAccess = await _context.EmployeeBucketMappings.AnyAsync(eb => bucketIds.Contains(eb.BucketId) && eb.EmployeeId == loggedInEmployee.Id);
-            if (hasContactAccess)
+            var (hasAdminPermission, hasManagerPermission, hasUserPermission) = await CheckPermissionsAsync(loggedInEmployee.Id);
+
+            var bucketIds = await _context.ContactBucketMappings.AsNoTracking().Where(cb => cb.ContactId == noteDto.ContactId).Select(cb => cb.BucketId).ToListAsync();
+            var hasContactAccess = await _context.EmployeeBucketMappings.AsNoTracking().AnyAsync(eb => bucketIds.Contains(eb.BucketId) && eb.EmployeeId == loggedInEmployee.Id);
+            if (!hasAdminPermission && !hasContactAccess)
             {
                 _logger.LogWarning("Employee {EmployeeId} does not have permission to delete contact {ContactId}",
                      loggedInEmployee.Id, note.ContactId);