Changed the logic of validating

2025-08-22 17:27:53 +05:30 · 2025-08-22 17:27:53 +05:30 · 540c3e75fd
commit 540c3e75fd
parent 6f7fad1ae4
1 changed files with 2 additions and 2 deletions
--- a/Marco.Pms.Services/Controllers/TenantController.cs
+++ b/Marco.Pms.Services/Controllers/TenantController.cs
@ -258,7 +258,7 @@ namespace Marco.Pms.Services.Controllers
                return StatusCode(403,
                    ApiResponse<object>.ErrorResponse("Access denied", "User does not have the required permissions for this action.", 403));
            }
-            if ((hasModifyPermission || hasViewPermission) && id != loggedInEmployee.TenantId)
+            if (!hasManagePermission && (hasModifyPermission || hasViewPermission) && id != loggedInEmployee.TenantId)
            {
                _logger.LogWarning("Permission denied: User {EmployeeId} attempted to access tenant details of other tenant.", loggedInEmployee.Id);
                return StatusCode(403,
@ -658,7 +658,7 @@ namespace Marco.Pms.Services.Controllers
                _logger.LogWarning("Access denied: User {EmployeeId} lacks required permissions for UpdateTenant on TenantId: {TenantId}.", loggedInEmployee.Id, id);
                return StatusCode(403, ApiResponse<object>.ErrorResponse("Access denied", "User does not have the required permissions for this action.", 403));
            }
-            if (hasModifyPermission && id != loggedInEmployee.TenantId)
+            if (!hasManagePermission && hasModifyPermission && id != loggedInEmployee.TenantId)
            {
                _logger.LogWarning("Permission denied: User {EmployeeId} attempted to access tenant details of other tenant.", loggedInEmployee.Id);
                return StatusCode(403,