diff --git a/Marco.Pms.Model/Entitlements/PermissionsMaster.cs b/Marco.Pms.Model/Entitlements/PermissionsMaster.cs new file mode 100644 index 0000000..24e115f --- /dev/null +++ b/Marco.Pms.Model/Entitlements/PermissionsMaster.cs @@ -0,0 +1,10 @@ +namespace Marco.Pms.Model.Entitlements +{ + public static class PermissionsMaster + { + public static readonly Guid DirectoryAdmin = Guid.Parse("4286a13b-bb40-4879-8c6d-18e9e393beda"); + public static readonly Guid DirectoryManager = Guid.Parse("62668630-13ce-4f52-a0f0-db38af2230c5"); + public static readonly Guid DirectoryUser = Guid.Parse("0f919170-92d4-4337-abd3-49b66fc871bb"); + + } +} diff --git a/Marco.Pms.Services/Helpers/DirectoryHelper.cs b/Marco.Pms.Services/Helpers/DirectoryHelper.cs index bafa36f..37f58cf 100644 --- a/Marco.Pms.Services/Helpers/DirectoryHelper.cs +++ b/Marco.Pms.Services/Helpers/DirectoryHelper.cs @@ -1,6 +1,7 @@ using Marco.Pms.DataAccess.Data; using Marco.Pms.Model.Directory; using Marco.Pms.Model.Dtos.Directory; +using Marco.Pms.Model.Entitlements; using Marco.Pms.Model.Mapper; using Marco.Pms.Model.Projects; using Marco.Pms.Model.Utilities; @@ -20,9 +21,6 @@ namespace Marco.Pms.Services.Helpers private readonly ILoggingService _logger; private readonly UserHelper _userHelper; private readonly PermissionServices _permissionServices; - private readonly Guid directoryAdmin; - private readonly Guid directoryManager; - private readonly Guid directoryUser; public DirectoryHelper(ApplicationDbContext context, ILoggingService logger, UserHelper userHelper, PermissionServices permissionServices) { @@ -30,13 +28,8 @@ namespace Marco.Pms.Services.Helpers _logger = logger; _userHelper = userHelper; _permissionServices = permissionServices; - directoryAdmin = Guid.Parse("4286a13b-bb40-4879-8c6d-18e9e393beda"); - directoryManager = Guid.Parse("62668630-13ce-4f52-a0f0-db38af2230c5"); - directoryUser = Guid.Parse("0f919170-92d4-4337-abd3-49b66fc871bb"); } - - public async Task> GetListOfContacts(string? search, bool active, ContactFilterDto? filterDto, Guid? projectId) { Guid tenantId = _userHelper.GetTenantId(); @@ -45,12 +38,12 @@ namespace Marco.Pms.Services.Helpers var permissionIds = await _context.RolePermissionMappings.Where(rp => assignedRoleIds.Contains(rp.ApplicationRoleId)).Select(rp => rp.FeaturePermissionId).Distinct().ToListAsync(); List? employeeBuckets = await _context.EmployeeBucketMappings.Where(eb => eb.EmployeeId == LoggedInEmployee.Id).ToListAsync(); List bucketIds = employeeBuckets.Select(c => c.BucketId).ToList(); - if (permissionIds.Contains(directoryAdmin)) + if (permissionIds.Contains(PermissionsMaster.DirectoryAdmin)) { var buckets = await _context.Buckets.Where(b => b.TenantId == tenantId).ToListAsync(); bucketIds = buckets.Select(b => b.Id).ToList(); } - else if (permissionIds.Contains(directoryManager) || permissionIds.Contains(directoryUser)) + else if (permissionIds.Contains(PermissionsMaster.DirectoryAdmin) || permissionIds.Contains(PermissionsMaster.DirectoryUser)) { var buckets = await _context.Buckets.Where(b => b.CreatedByID == LoggedInEmployee.Id).ToListAsync(); var createdBucketIds = buckets.Select(b => b.Id).ToList(); @@ -199,11 +192,11 @@ namespace Marco.Pms.Services.Helpers var permissionIds = await _context.RolePermissionMappings.Where(rp => assignedRoleIds.Contains(rp.ApplicationRoleId)).Select(rp => rp.FeaturePermissionId).Distinct().ToListAsync(); EmployeeBucketMapping? employeeBucket = null; - if (permissionIds.Contains(directoryAdmin)) + if (permissionIds.Contains(PermissionsMaster.DirectoryAdmin)) { employeeBucket = employeeBuckets.FirstOrDefault(); } - else if (permissionIds.Contains(directoryManager) || permissionIds.Contains(directoryUser)) + else if (permissionIds.Contains(PermissionsMaster.DirectoryAdmin) || permissionIds.Contains(PermissionsMaster.DirectoryUser)) { employeeBucket = employeeBuckets.FirstOrDefault(eb => eb.EmployeeId == LoggedInEmployee.Id); } @@ -483,12 +476,12 @@ namespace Marco.Pms.Services.Helpers var permissionIds = await _context.RolePermissionMappings.Where(rp => assignedRoleIds.Contains(rp.ApplicationRoleId)).Select(rp => rp.FeaturePermissionId).Distinct().ToListAsync(); List? employeeBuckets = await _context.EmployeeBucketMappings.Where(eb => eb.EmployeeId == LoggedInEmployee.Id).ToListAsync(); List bucketIds = employeeBuckets.Select(c => c.BucketId).ToList(); - if (permissionIds.Contains(directoryAdmin)) + if (permissionIds.Contains(PermissionsMaster.DirectoryAdmin)) { var buckets = await _context.Buckets.Where(b => b.TenantId == tenantId).ToListAsync(); bucketIds = buckets.Select(b => b.Id).ToList(); } - else if (permissionIds.Contains(directoryManager) || permissionIds.Contains(directoryUser)) + else if (permissionIds.Contains(PermissionsMaster.DirectoryAdmin) || permissionIds.Contains(PermissionsMaster.DirectoryUser)) { var buckets = await _context.Buckets.Where(b => b.CreatedByID == LoggedInEmployee.Id).ToListAsync(); var createdBucketIds = buckets.Select(b => b.Id).ToList(); @@ -919,9 +912,9 @@ namespace Marco.Pms.Services.Helpers } // --- Permission Checks --- - var hasAdminPermission = await _permissionServices.HasPermission(directoryAdmin, loggedInEmployee.Id); - var hasManagerPermission = await _permissionServices.HasPermission(directoryManager, loggedInEmployee.Id); - var hasUserPermission = await _permissionServices.HasPermission(directoryUser, loggedInEmployee.Id); + var hasAdminPermission = await _permissionServices.HasPermission(PermissionsMaster.DirectoryAdmin, loggedInEmployee.Id); + var hasManagerPermission = await _permissionServices.HasPermission(PermissionsMaster.DirectoryAdmin, loggedInEmployee.Id); + var hasUserPermission = await _permissionServices.HasPermission(PermissionsMaster.DirectoryUser, loggedInEmployee.Id); IQueryable notesQuery = _context.ContactNotes .Include(cn => cn.UpdatedBy) @@ -1166,11 +1159,11 @@ namespace Marco.Pms.Services.Helpers var bucketIds = employeeBuckets.Select(b => b.BucketId).ToList(); List employeeBucketVM = await _context.EmployeeBucketMappings.Where(b => bucketIds.Contains(b.BucketId)).ToListAsync(); List bucketList = new List(); - if (permissionIds.Contains(directoryAdmin)) + if (permissionIds.Contains(PermissionsMaster.DirectoryAdmin)) { bucketList = await _context.Buckets.Include(b => b.CreatedBy).Where(b => b.TenantId == tenantId).ToListAsync(); } - else if (permissionIds.Contains(directoryManager) || permissionIds.Contains(directoryUser)) + else if (permissionIds.Contains(PermissionsMaster.DirectoryAdmin) || permissionIds.Contains(PermissionsMaster.DirectoryUser)) { bucketList = await _context.Buckets.Include(b => b.CreatedBy).Where(b => bucketIds.Contains(b.Id) || b.CreatedByID == LoggedInEmployee.Id).ToListAsync(); } @@ -1208,8 +1201,8 @@ namespace Marco.Pms.Services.Helpers { var assignedRoleIds = await _context.EmployeeRoleMappings.Where(r => r.EmployeeId == LoggedInEmployee.Id).Select(r => r.RoleId).ToListAsync(); var permissionIds = await _context.RolePermissionMappings.Where(rp => assignedRoleIds.Contains(rp.ApplicationRoleId)).Select(rp => rp.FeaturePermissionId).Distinct().ToListAsync(); - var demo = !permissionIds.Contains(directoryUser); - if (!permissionIds.Contains(directoryAdmin) && !permissionIds.Contains(directoryManager) && !permissionIds.Contains(directoryUser)) + var demo = !permissionIds.Contains(PermissionsMaster.DirectoryUser); + if (!permissionIds.Contains(PermissionsMaster.DirectoryAdmin) && !permissionIds.Contains(PermissionsMaster.DirectoryAdmin) && !permissionIds.Contains(PermissionsMaster.DirectoryUser)) { _logger.LogError("Employee {EmployeeId} attemped to create a bucket, but do not have permission", LoggedInEmployee.Id); return ApiResponse.ErrorResponse("You don't have permission", "You don't have permission", 401); @@ -1266,15 +1259,15 @@ namespace Marco.Pms.Services.Helpers } Bucket? accessableBucket = null; - if (permissionIds.Contains(directoryAdmin)) + if (permissionIds.Contains(PermissionsMaster.DirectoryAdmin)) { accessableBucket = bucket; } - else if (permissionIds.Contains(directoryManager) && bucketIds.Contains(id)) + else if (permissionIds.Contains(PermissionsMaster.DirectoryAdmin) && bucketIds.Contains(id)) { accessableBucket = bucket; } - else if (permissionIds.Contains(directoryUser)) + else if (permissionIds.Contains(PermissionsMaster.DirectoryUser)) { if (bucket.CreatedByID == LoggedInEmployee.Id) { @@ -1332,15 +1325,15 @@ namespace Marco.Pms.Services.Helpers var bucketIds = employeeBuckets.Where(eb => eb.EmployeeId == LoggedInEmployee.Id).Select(eb => eb.BucketId).ToList(); var employeeBucketIds = employeeBuckets.Select(eb => eb.EmployeeId).ToList(); Bucket? accessableBucket = null; - if (permissionIds.Contains(directoryAdmin)) + if (permissionIds.Contains(PermissionsMaster.DirectoryAdmin)) { accessableBucket = bucket; } - else if (permissionIds.Contains(directoryManager) && bucketIds.Contains(bucketId)) + else if (permissionIds.Contains(PermissionsMaster.DirectoryAdmin) && bucketIds.Contains(bucketId)) { accessableBucket = bucket; } - else if (permissionIds.Contains(directoryUser)) + else if (permissionIds.Contains(PermissionsMaster.DirectoryUser)) { if (bucket.CreatedByID == LoggedInEmployee.Id) { @@ -1433,15 +1426,15 @@ namespace Marco.Pms.Services.Helpers var bucketIds = employeeBuckets.Where(eb => eb.EmployeeId == LoggedInEmployee.Id).Select(eb => eb.BucketId).ToList(); Bucket? accessableBucket = null; - if (permissionIds.Contains(directoryAdmin)) + if (permissionIds.Contains(PermissionsMaster.DirectoryAdmin)) { accessableBucket = bucket; } - else if (permissionIds.Contains(directoryManager) && bucketIds.Contains(id)) + else if (permissionIds.Contains(PermissionsMaster.DirectoryAdmin) && bucketIds.Contains(id)) { accessableBucket = bucket; } - else if (permissionIds.Contains(directoryUser)) + else if (permissionIds.Contains(PermissionsMaster.DirectoryUser)) { if (bucket.CreatedByID == LoggedInEmployee.Id) {