diff --git a/Marco.Pms.Services/Controllers/DirectoryController.cs b/Marco.Pms.Services/Controllers/DirectoryController.cs index fcd82a7..de262fb 100644 --- a/Marco.Pms.Services/Controllers/DirectoryController.cs +++ b/Marco.Pms.Services/Controllers/DirectoryController.cs @@ -39,12 +39,17 @@ namespace Marco.Pms.Services.Controllers { return Ok(response); } + else if (response.StatusCode == 401) + { + return Unauthorized(response); + } else { return BadRequest(response); } } + [HttpGet("contact-bucket/{bucketId}")] public async Task GetContactsListByBucketId(Guid bucketId) { diff --git a/Marco.Pms.Services/Helpers/DirectoryHelper.cs b/Marco.Pms.Services/Helpers/DirectoryHelper.cs index 86d9449..1beb114 100644 --- a/Marco.Pms.Services/Helpers/DirectoryHelper.cs +++ b/Marco.Pms.Services/Helpers/DirectoryHelper.cs @@ -18,13 +18,18 @@ namespace Marco.Pms.Services.Helpers private readonly ApplicationDbContext _context; private readonly ILoggingService _logger; private readonly UserHelper _userHelper; - + private readonly Guid directoryAdmin; + private readonly Guid directoryManager; + private readonly Guid directoryUser; public DirectoryHelper(ApplicationDbContext context, ILoggingService logger, UserHelper userHelper) { _context = context; _logger = logger; _userHelper = userHelper; + directoryAdmin = Guid.Parse("4286a13b-bb40-4879-8c6d-18e9e393beda"); + directoryManager = Guid.Parse("62668630-13ce-4f52-a0f0-db38af2230c5"); + directoryUser = Guid.Parse("0f919170-92d4-4337-abd3-49b66fc871bb"); } @@ -33,9 +38,29 @@ namespace Marco.Pms.Services.Helpers { Guid tenantId = _userHelper.GetTenantId(); var LoggedInEmployee = await _userHelper.GetCurrentEmployeeAsync(); + var assignedRoleIds = await _context.EmployeeRoleMappings.Where(r => r.EmployeeId == LoggedInEmployee.Id).Select(r => r.RoleId).ToListAsync(); + var permissionIds = await _context.RolePermissionMappings.Where(rp => assignedRoleIds.Contains(rp.ApplicationRoleId)).Select(rp => rp.FeaturePermissionId).Distinct().ToListAsync(); List? employeeBuckets = await _context.EmployeeBucketMappings.Where(eb => eb.EmployeeId == LoggedInEmployee.Id).ToListAsync(); List bucketIds = employeeBuckets.Select(c => c.BucketId).ToList(); - List filterbucketIds = employeeBuckets.Select(c => c.BucketId).ToList(); + if (permissionIds.Contains(directoryAdmin)) + { + var buckets = await _context.Buckets.Where(b => b.TenantId == tenantId).ToListAsync(); + bucketIds = buckets.Select(b => b.Id).ToList(); + } + else if (permissionIds.Contains(directoryManager) || permissionIds.Contains(directoryUser)) + { + var buckets = await _context.Buckets.Where(b => b.CreatedByID == LoggedInEmployee.Id).ToListAsync(); + var createdBucketIds = buckets.Select(b => b.Id).ToList(); + bucketIds.AddRange(createdBucketIds); + bucketIds = bucketIds.Distinct().ToList(); + } + else + { + _logger.LogError("Employee {EmployeeId} attemped to access a contacts, but do not have permission", LoggedInEmployee.Id); + return ApiResponse.ErrorResponse("You don't have permission", "You don't have permission", 401); + } + + List filterbucketIds = bucketIds; if (filterDto != null && filterDto.BucketIds != null && filterDto.BucketIds.Count > 0) { filterbucketIds = filterDto.BucketIds;