diff --git a/Marco.Pms.Services/Controllers/DirectoryController.cs b/Marco.Pms.Services/Controllers/DirectoryController.cs index fcd82a7..cfc9ed8 100644 --- a/Marco.Pms.Services/Controllers/DirectoryController.cs +++ b/Marco.Pms.Services/Controllers/DirectoryController.cs @@ -39,12 +39,17 @@ namespace Marco.Pms.Services.Controllers { return Ok(response); } + else if (response.StatusCode == 401) + { + return Unauthorized(response); + } else { return BadRequest(response); } } + [HttpGet("contact-bucket/{bucketId}")] public async Task GetContactsListByBucketId(Guid bucketId) { @@ -98,6 +103,10 @@ namespace Marco.Pms.Services.Controllers { return NotFound(response); } + else if (response.StatusCode == 401) + { + return Unauthorized(response); + } else { return BadRequest(response); @@ -217,7 +226,18 @@ namespace Marco.Pms.Services.Controllers public async Task GetBucketList() { var response = await _directoryHelper.GetBucketList(); - return Ok(response); + if (response.StatusCode == 200) + { + return Ok(response); + } + else if (response.StatusCode == 401) + { + return Unauthorized(response); + } + else + { + return BadRequest(response); + } } [HttpPost("bucket")] @@ -241,6 +261,10 @@ namespace Marco.Pms.Services.Controllers { return Conflict(response); } + else if (response.StatusCode == 401) + { + return Unauthorized(response); + } else { return BadRequest(response); @@ -260,6 +284,10 @@ namespace Marco.Pms.Services.Controllers { return NotFound(response); } + else if (response.StatusCode == 401) + { + return Unauthorized(response); + } else { return BadRequest(response); diff --git a/Marco.Pms.Services/Helpers/DirectoryHelper.cs b/Marco.Pms.Services/Helpers/DirectoryHelper.cs index 370e8fd..760ae61 100644 --- a/Marco.Pms.Services/Helpers/DirectoryHelper.cs +++ b/Marco.Pms.Services/Helpers/DirectoryHelper.cs @@ -18,13 +18,18 @@ namespace Marco.Pms.Services.Helpers private readonly ApplicationDbContext _context; private readonly ILoggingService _logger; private readonly UserHelper _userHelper; - + private readonly Guid directoryAdmin; + private readonly Guid directoryManager; + private readonly Guid directoryUser; public DirectoryHelper(ApplicationDbContext context, ILoggingService logger, UserHelper userHelper) { _context = context; _logger = logger; _userHelper = userHelper; + directoryAdmin = Guid.Parse("4286a13b-bb40-4879-8c6d-18e9e393beda"); + directoryManager = Guid.Parse("62668630-13ce-4f52-a0f0-db38af2230c5"); + directoryUser = Guid.Parse("0f919170-92d4-4337-abd3-49b66fc871bb"); } @@ -33,9 +38,29 @@ namespace Marco.Pms.Services.Helpers { Guid tenantId = _userHelper.GetTenantId(); var LoggedInEmployee = await _userHelper.GetCurrentEmployeeAsync(); + var assignedRoleIds = await _context.EmployeeRoleMappings.Where(r => r.EmployeeId == LoggedInEmployee.Id).Select(r => r.RoleId).ToListAsync(); + var permissionIds = await _context.RolePermissionMappings.Where(rp => assignedRoleIds.Contains(rp.ApplicationRoleId)).Select(rp => rp.FeaturePermissionId).Distinct().ToListAsync(); List? employeeBuckets = await _context.EmployeeBucketMappings.Where(eb => eb.EmployeeId == LoggedInEmployee.Id).ToListAsync(); List bucketIds = employeeBuckets.Select(c => c.BucketId).ToList(); - List filterbucketIds = employeeBuckets.Select(c => c.BucketId).ToList(); + if (permissionIds.Contains(directoryAdmin)) + { + var buckets = await _context.Buckets.Where(b => b.TenantId == tenantId).ToListAsync(); + bucketIds = buckets.Select(b => b.Id).ToList(); + } + else if (permissionIds.Contains(directoryManager) || permissionIds.Contains(directoryUser)) + { + var buckets = await _context.Buckets.Where(b => b.CreatedByID == LoggedInEmployee.Id).ToListAsync(); + var createdBucketIds = buckets.Select(b => b.Id).ToList(); + bucketIds.AddRange(createdBucketIds); + bucketIds = bucketIds.Distinct().ToList(); + } + else + { + _logger.LogError("Employee {EmployeeId} attemped to access a contacts, but do not have permission", LoggedInEmployee.Id); + return ApiResponse.ErrorResponse("You don't have permission", "You don't have permission", 401); + } + + List filterbucketIds = bucketIds; if (filterDto != null && filterDto.BucketIds != null && filterDto.BucketIds.Count > 0) { filterbucketIds = filterDto.BucketIds; @@ -160,12 +185,37 @@ namespace Marco.Pms.Services.Helpers var LoggedInEmployee = await _userHelper.GetCurrentEmployeeAsync(); if (id != Guid.Empty) { - EmployeeBucketMapping? employeeBucket = await _context.EmployeeBucketMappings.FirstOrDefaultAsync(em => em.BucketId == id && em.EmployeeId == LoggedInEmployee.Id); + Bucket? bucket = await _context.Buckets.FirstOrDefaultAsync(b => b.Id == id && b.TenantId == tenantId); + if (bucket == null) + { + _logger.LogInfo("Employee ID {EmployeeId} attempted access to bucket ID {BucketId}, but not found in database", LoggedInEmployee.Id); + return ApiResponse.ErrorResponse("Bucket not found", "Bucket not found", 404); + } + List? employeeBuckets = await _context.EmployeeBucketMappings.Where(em => em.BucketId == id).ToListAsync(); + var assignedRoleIds = await _context.EmployeeRoleMappings.Where(r => r.EmployeeId == LoggedInEmployee.Id).Select(r => r.RoleId).ToListAsync(); + var permissionIds = await _context.RolePermissionMappings.Where(rp => assignedRoleIds.Contains(rp.ApplicationRoleId)).Select(rp => rp.FeaturePermissionId).Distinct().ToListAsync(); + + EmployeeBucketMapping? employeeBucket = null; + if (permissionIds.Contains(directoryAdmin)) + { + employeeBucket = employeeBuckets.FirstOrDefault(); + } + else if (permissionIds.Contains(directoryManager) || permissionIds.Contains(directoryUser)) + { + employeeBucket = employeeBuckets.FirstOrDefault(eb => eb.EmployeeId == LoggedInEmployee.Id); + } + else + { + _logger.LogError("Employee {EmployeeId} attemped to access a contacts with in bucket {BucketId}, but do not have permission", LoggedInEmployee.Id, id); + return ApiResponse.ErrorResponse("You don't have permission", "You don't have permission", 401); + } + if (employeeBucket == null) { _logger.LogInfo("Employee ID {EmployeeId} does not have access to bucket ID {BucketId}", LoggedInEmployee.Id); return ApiResponse.ErrorResponse("You do not have access to this bucket.", "You do not have access to this bucket.", 401); } + List contactBucket = await _context.ContactBucketMappings.Where(cb => cb.BucketId == id).ToListAsync() ?? new List(); List contactVMs = new List(); if (contactBucket.Count > 0) @@ -426,6 +476,33 @@ namespace Marco.Pms.Services.Helpers return ApiResponse.ErrorResponse("Contact not found", "Contact not found", 404); } + var assignedRoleIds = await _context.EmployeeRoleMappings.Where(r => r.EmployeeId == LoggedInEmployee.Id).Select(r => r.RoleId).ToListAsync(); + var permissionIds = await _context.RolePermissionMappings.Where(rp => assignedRoleIds.Contains(rp.ApplicationRoleId)).Select(rp => rp.FeaturePermissionId).Distinct().ToListAsync(); + List? employeeBuckets = await _context.EmployeeBucketMappings.Where(eb => eb.EmployeeId == LoggedInEmployee.Id).ToListAsync(); + List bucketIds = employeeBuckets.Select(c => c.BucketId).ToList(); + if (permissionIds.Contains(directoryAdmin)) + { + var buckets = await _context.Buckets.Where(b => b.TenantId == tenantId).ToListAsync(); + bucketIds = buckets.Select(b => b.Id).ToList(); + } + else if (permissionIds.Contains(directoryManager) || permissionIds.Contains(directoryUser)) + { + var buckets = await _context.Buckets.Where(b => b.CreatedByID == LoggedInEmployee.Id).ToListAsync(); + var createdBucketIds = buckets.Select(b => b.Id).ToList(); + bucketIds.AddRange(createdBucketIds); + bucketIds = bucketIds.Distinct().ToList(); + } + else + { + _logger.LogError("Employee {EmployeeId} attemped to update a contact, but do not have permission", LoggedInEmployee.Id); + return ApiResponse.ErrorResponse("You don't have permission", "You don't have permission", 401); + } + + List contactBuckets = await _context.ContactBucketMappings.AsNoTracking().Where(m => m.ContactId == contact.Id && bucketIds.Contains(m.BucketId)).ToListAsync(); + bucketIds = contactBuckets.Select(b => b.BucketId).Distinct().ToList(); + + + var newContact = updateContact.ToContactFromUpdateContactDto(tenantId, contact); _context.Contacts.Update(newContact); await _context.SaveChangesAsync(); @@ -435,8 +512,7 @@ namespace Marco.Pms.Services.Helpers List emails = await _context.ContactsEmails.AsNoTracking().Where(p => p.ContactId == contact.Id).ToListAsync(); var emailIds = emails.Select(p => p.Id).ToList(); - List contactBuckets = await _context.ContactBucketMappings.AsNoTracking().Where(m => m.ContactId == contact.Id).ToListAsync(); - var bucketIds = contactBuckets.Select(b => b.BucketId).Distinct().ToList(); + List contactTags = await _context.ContactTagMappings.AsNoTracking().Where(m => m.ContactId == contact.Id).ToListAsync(); var tagIds = contactTags.Select(t => t.ContactTagId).Distinct().ToList(); @@ -926,20 +1002,38 @@ namespace Marco.Pms.Services.Helpers { Guid tenantId = _userHelper.GetTenantId(); var LoggedInEmployee = await _userHelper.GetCurrentEmployeeAsync(); + var assignedRoleIds = await _context.EmployeeRoleMappings.Where(r => r.EmployeeId == LoggedInEmployee.Id).Select(r => r.RoleId).ToListAsync(); + var permissionIds = await _context.RolePermissionMappings.Where(rp => assignedRoleIds.Contains(rp.ApplicationRoleId)).Select(rp => rp.FeaturePermissionId).Distinct().ToListAsync(); List employeeBuckets = await _context.EmployeeBucketMappings.Where(b => b.EmployeeId == LoggedInEmployee.Id).ToListAsync(); var bucketIds = employeeBuckets.Select(b => b.BucketId).ToList(); - List bucketList = await _context.Buckets.Where(b => bucketIds.Contains(b.Id)).ToListAsync(); + List bucketList = new List(); + if (permissionIds.Contains(directoryAdmin)) + { + bucketList = await _context.Buckets.Where(b => b.TenantId == tenantId).ToListAsync(); + } + else if (permissionIds.Contains(directoryManager) || permissionIds.Contains(directoryUser)) + { + bucketList = await _context.Buckets.Where(b => bucketIds.Contains(b.Id) || b.CreatedByID == LoggedInEmployee.Id).ToListAsync(); + } + else + { + _logger.LogError("Employee {EmployeeId} attemped to access a buckets list, but do not have permission", LoggedInEmployee.Id); + return ApiResponse.ErrorResponse("You don't have permission", "You don't have permission", 401); + } List bucketVMs = new List(); - foreach (var bucket in bucketList) + if (bucketList.Any()) { - BucketVM bucketVM = bucket.ToBucketVMFromBucket(); - bucketVMs.Add(bucketVM); + foreach (var bucket in bucketList) + { + BucketVM bucketVM = bucket.ToBucketVMFromBucket(); + bucketVMs.Add(bucketVM); + } } _logger.LogInfo("{count} Buckets are fetched by Employee with ID {LoggedInEmployeeId}", bucketVMs.Count, LoggedInEmployee.Id); - return ApiResponse.SuccessResponse(bucketVMs, System.String.Format("{0} buckets fetched successfully", bucketVMs.Count), 200); + return ApiResponse.SuccessResponse(bucketVMs, $"{bucketVMs.Count} buckets fetched successfully", 200); } public async Task> CreateBucket(CreateBucketDto bucketDto) { @@ -947,6 +1041,15 @@ namespace Marco.Pms.Services.Helpers var LoggedInEmployee = await _userHelper.GetCurrentEmployeeAsync(); if (bucketDto != null) { + var assignedRoleIds = await _context.EmployeeRoleMappings.Where(r => r.EmployeeId == LoggedInEmployee.Id).Select(r => r.RoleId).ToListAsync(); + var permissionIds = await _context.RolePermissionMappings.Where(rp => assignedRoleIds.Contains(rp.ApplicationRoleId)).Select(rp => rp.FeaturePermissionId).Distinct().ToListAsync(); + var demo = !permissionIds.Contains(directoryUser); + if (!permissionIds.Contains(directoryAdmin) && !permissionIds.Contains(directoryManager) && !permissionIds.Contains(directoryUser)) + { + _logger.LogError("Employee {EmployeeId} attemped to create a bucket, but do not have permission", LoggedInEmployee.Id); + return ApiResponse.ErrorResponse("You don't have permission", "You don't have permission", 401); + } + var existingBucket = await _context.Buckets.FirstOrDefaultAsync(b => b.Name == bucketDto.Name); if (existingBucket != null) { @@ -985,12 +1088,39 @@ namespace Marco.Pms.Services.Helpers var LoggedInEmployee = await _userHelper.GetCurrentEmployeeAsync(); if (bucketDto != null && id == bucketDto.Id) { - var bucket = await _context.Buckets.FirstOrDefaultAsync(b => b.Id == bucketDto.Id && b.TenantId == tenantId); + var assignedRoleIds = await _context.EmployeeRoleMappings.Where(r => r.EmployeeId == LoggedInEmployee.Id).Select(r => r.RoleId).ToListAsync(); + var permissionIds = await _context.RolePermissionMappings.Where(rp => assignedRoleIds.Contains(rp.ApplicationRoleId)).Select(rp => rp.FeaturePermissionId).Distinct().ToListAsync(); + var bucketIds = await _context.EmployeeBucketMappings.Where(eb => eb.EmployeeId == LoggedInEmployee.Id).Select(eb => eb.BucketId).ToListAsync(); + Bucket? bucket = await _context.Buckets.FirstOrDefaultAsync(b => b.Id == bucketDto.Id && b.TenantId == tenantId); + if (bucket == null) { _logger.LogWarning("Employee ID {LoggedInEmployeeId} attempted to update a bucket but not found in database.", LoggedInEmployee.Id); return ApiResponse.ErrorResponse("Bucket not found", "Bucket not found", 404); } + + Bucket? accessableBucket = null; + if (permissionIds.Contains(directoryAdmin)) + { + accessableBucket = bucket; + } + else if (permissionIds.Contains(directoryManager) && bucketIds.Contains(id)) + { + accessableBucket = bucket; + } + else if (permissionIds.Contains(directoryUser)) + { + if (bucket.CreatedByID == LoggedInEmployee.Id) + { + accessableBucket = bucket; + } + } + if (accessableBucket == null) + { + _logger.LogError("Employee {EmployeeId} attempted to access bucket {BucketId} without the necessary permissions.", LoggedInEmployee.Id, bucket.Id); + return ApiResponse.ErrorResponse("You don't have permission to access this bucket", "You don't have permission to access this bucket", 401); + } + bucket.Name = bucketDto.Name ?? ""; bucket.Description = bucketDto.Description ?? "";