admin/marco.pms.api
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Enhancement #375: Update "Get Contact" API to Enforce Feature Permissions

Browse Source
This commit is contained in:
ashutosh.nehete 2025-05-27 12:24:41 +05:30
parent 3128372a78
commit 54ea82b984
2 changed files with 32 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Marco.Pms.Services/Controllers/DirectoryController.cs
View File

@ -39,12 +39,17 @@ namespace Marco.Pms.Services.Controllers
{ {
return Ok(response); return Ok(response);
} }
else if (response.StatusCode == 401)
{
return Unauthorized(response);
}
else else
{ {
return BadRequest(response); return BadRequest(response);
} }
} }
[HttpGet("contact-bucket/{bucketId}")] [HttpGet("contact-bucket/{bucketId}")]
public async Task<IActionResult> GetContactsListByBucketId(Guid bucketId) public async Task<IActionResult> GetContactsListByBucketId(Guid bucketId)
{ {

29
Marco.Pms.Services/Helpers/DirectoryHelper.cs
View File

@ -18,13 +18,18 @@ namespace Marco.Pms.Services.Helpers
private readonly ApplicationDbContext _context; private readonly ApplicationDbContext _context;
private readonly ILoggingService _logger; private readonly ILoggingService _logger;
private readonly UserHelper _userHelper; private readonly UserHelper _userHelper;
private readonly Guid directoryAdmin;
private readonly Guid directoryManager;
private readonly Guid directoryUser;
public DirectoryHelper(ApplicationDbContext context, ILoggingService logger, UserHelper userHelper) public DirectoryHelper(ApplicationDbContext context, ILoggingService logger, UserHelper userHelper)
{ {
_context = context; _context = context;
_logger = logger; _logger = logger;
_userHelper = userHelper; _userHelper = userHelper;
directoryAdmin = Guid.Parse("4286a13b-bb40-4879-8c6d-18e9e393beda");
directoryManager = Guid.Parse("62668630-13ce-4f52-a0f0-db38af2230c5");
directoryUser = Guid.Parse("0f919170-92d4-4337-abd3-49b66fc871bb");
} }
@ -33,9 +38,29 @@ namespace Marco.Pms.Services.Helpers
{ {
Guid tenantId = _userHelper.GetTenantId(); Guid tenantId = _userHelper.GetTenantId();
var LoggedInEmployee = await _userHelper.GetCurrentEmployeeAsync(); var LoggedInEmployee = await _userHelper.GetCurrentEmployeeAsync();
var assignedRoleIds = await _context.EmployeeRoleMappings.Where(r => r.EmployeeId == LoggedInEmployee.Id).Select(r => r.RoleId).ToListAsync();
var permissionIds = await _context.RolePermissionMappings.Where(rp => assignedRoleIds.Contains(rp.ApplicationRoleId)).Select(rp => rp.FeaturePermissionId).Distinct().ToListAsync();
List<EmployeeBucketMapping>? employeeBuckets = await _context.EmployeeBucketMappings.Where(eb => eb.EmployeeId == LoggedInEmployee.Id).ToListAsync(); List<EmployeeBucketMapping>? employeeBuckets = await _context.EmployeeBucketMappings.Where(eb => eb.EmployeeId == LoggedInEmployee.Id).ToListAsync();
List<Guid> bucketIds = employeeBuckets.Select(c => c.BucketId).ToList(); List<Guid> bucketIds = employeeBuckets.Select(c => c.BucketId).ToList();
List<Guid> filterbucketIds = employeeBuckets.Select(c => c.BucketId).ToList(); if (permissionIds.Contains(directoryAdmin))
{
var buckets = await _context.Buckets.Where(b => b.TenantId == tenantId).ToListAsync();
bucketIds = buckets.Select(b => b.Id).ToList();
}
else if (permissionIds.Contains(directoryManager) || permissionIds.Contains(directoryUser))
{
var buckets = await _context.Buckets.Where(b => b.CreatedByID == LoggedInEmployee.Id).ToListAsync();
var createdBucketIds = buckets.Select(b => b.Id).ToList();
bucketIds.AddRange(createdBucketIds);
bucketIds = bucketIds.Distinct().ToList();
}
else
{
_logger.LogError("Employee {EmployeeId} attemped to access a contacts, but do not have permission", LoggedInEmployee.Id);
return ApiResponse<object>.ErrorResponse("You don't have permission", "You don't have permission", 401);
}
List<Guid> filterbucketIds = bucketIds;
if (filterDto != null && filterDto.BucketIds != null && filterDto.BucketIds.Count > 0) if (filterDto != null && filterDto.BucketIds != null && filterDto.BucketIds.Count > 0)
{ {
filterbucketIds = filterDto.BucketIds; filterbucketIds = filterDto.BucketIds;