Implemented the view employee and view all employee permission to employee list API

2025-06-30 16:33:50 +05:30 · 2025-06-30 16:33:50 +05:30 · 5f9ca98284
commit 5f9ca98284
parent 00c30eb2cc
1 changed files with 44 additions and 13 deletions
--- a/Marco.Pms.Services/Controllers/EmployeeController.cs
+++ b/Marco.Pms.Services/Controllers/EmployeeController.cs
@ -37,12 +37,15 @@ namespace MarcoBMS.Services.Controllers
        private readonly ILoggingService _logger;
        private readonly IHubContext<MarcoHub> _signalR;
        private readonly PermissionServices _permission;
+        private readonly ProjectsHelper _projectsHelper;
        private readonly Guid ViewAllEmployee;
        private readonly Guid ViewEmployee;
+        private readonly Guid tenantId;
+

        public EmployeeController(UserManager<ApplicationUser> userManager, IEmailSender emailSender,
            ApplicationDbContext context, EmployeeHelper employeeHelper, UserHelper userHelper, IConfiguration configuration, ILoggingService logger,
-            IHubContext<MarcoHub> signalR, PermissionServices permission)
+            IHubContext<MarcoHub> signalR, PermissionServices permission, ProjectsHelper projectsHelper)
        {
            _context = context;
            _userManager = userManager;
@ -55,6 +58,8 @@ namespace MarcoBMS.Services.Controllers
            _permission = permission;
            ViewAllEmployee = Guid.Parse("60611762-7f8a-4fb5-b53f-b1139918796b");
            ViewEmployee = Guid.Parse("b82d2b7e-0d52-45f3-997b-c008ea460e7f");
+            _projectsHelper = projectsHelper;
+            tenantId = _userHelper.GetTenantId();
        }

        [HttpGet]
@ -108,30 +113,56 @@ namespace MarcoBMS.Services.Controllers
                    .Select(e => e.ErrorMessage)
                    .ToList();

-                _logger.LogWarning("Invalid request model in GetEmployeesByProject. Errors: {@Errors}", errors);
+                _logger.LogWarning("Invalid model state in GetEmployeesByProject. Errors: {@Errors}", errors);
                return BadRequest(ApiResponse<object>.ErrorResponse("Invalid data", errors, 400));
            }

-            // Step 2: Get currently logged-in employee
+            // Step 2: Get logged-in employee
            var loggedInEmployee = await _userHelper.GetCurrentEmployeeAsync();
            _logger.LogInfo("GetEmployeesByProject called by EmployeeId: {EmployeeId}, ProjectId: {ProjectId}, ShowInactive: {ShowInactive}",
                loggedInEmployee.Id, projectid ?? Guid.Empty, ShowInactive);

-            // Step 3: Check permission (if project ID is not provided, user must have global view permission)
+            // Step 3: Fetch project access and permissions
+            List<Project> projects = await _projectsHelper.GetMyProjects(tenantId, loggedInEmployee);
+            var projectIds = projects.Select(p => p.Id).ToList();
+
            var hasViewAllEmployeePermission = await _permission.HasPermission(ViewAllEmployee, loggedInEmployee.Id);
-            if (projectid == null && !hasViewAllEmployeePermission)
+            var hasViewEmployeePermission = await _permission.HasPermission(ViewEmployee, loggedInEmployee.Id);
+
+            List<EmployeeVM> result = new();
+
+            // Step 4: Determine access level and fetch employees accordingly
+            if (hasViewAllEmployeePermission || projectid != null)
            {
-                _logger.LogWarning("Access denied. EmployeeId: {EmployeeId} tried to access employees without project filter", loggedInEmployee.Id);
-                return StatusCode(403, ApiResponse<object>.ErrorResponse("You don't have access", "You don't have access", 403));
+                result = await _employeeHelper.GetEmployeeByProjectId(tenantId, projectid, ShowInactive);
+                _logger.LogInfo("Employee list fetched using full access or specific project.");
+            }
+            else if (hasViewEmployeePermission && !ShowInactive)
+            {
+                var employeeIds = await _context.ProjectAllocations
+                    .Where(pa => projectIds.Contains(pa.ProjectId) && pa.IsActive)
+                    .Select(pa => pa.EmployeeId)
+                    .Distinct()
+                    .ToListAsync();
+
+                result = await _context.Employees
+                    .Include(fp => fp.JobRole)
+                    .Where(e => employeeIds.Contains(e.Id) && e.IsActive)
+                    .Select(e => e.ToEmployeeVMFromEmployee())
+                    .ToListAsync();
+
+                _logger.LogInfo("Employee list fetched using limited access (active only).");
+            }
+            else
+            {
+                _logger.LogWarning("Access denied for EmployeeId: {EmployeeId} - insufficient permissions.", loggedInEmployee.Id);
+                return Ok(ApiResponse<object>.SuccessResponse(result, "Filter applied.", 200));
            }

-            // Step 4: Get employee list from helper based on project and visibility flag
-            var result = await _employeeHelper.GetEmployeeByProjectId(GetTenantId(), projectid, ShowInactive);
+            // Step 5: Log and return results
+            _logger.LogInfo("Employees fetched successfully by EmployeeId: {EmployeeId} for ProjectId: {ProjectId}. Count: {Count}",
+                loggedInEmployee.Id, projectid ?? Guid.Empty, result.Count);

-            _logger.LogInfo("Employees fetched successfully for ProjectId: {ProjectId} by EmployeeId: {EmployeeId}. Result Count: {Count}",
-                projectid ?? Guid.Empty, loggedInEmployee.Id, result.Count());
-
-            // Step 5: Return success response with employee data
            return Ok(ApiResponse<object>.SuccessResponse(result, "Filter applied.", 200));
        }