added new parameter tenant table

Marco.Pms.DataAccess/Migrations/20250801101253_Added_New_Parameter_In_Tenant_Table.cs

@@ -0,0 +1,37 @@
+using System;
+using Microsoft.EntityFrameworkCore.Migrations;
+
+#nullable disable
+
+namespace Marco.Pms.DataAccess.Migrations
+{
+    /// <inheritdoc />
+    public partial class Added_New_Parameter_In_Tenant_Table : Migration
+    {
+        /// <inheritdoc />
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.AddColumn<string>(
+                name: "OfficeNumber",
+                table: "Tenants",
+                type: "longtext",
+                nullable: true)
+                .Annotation("MySql:CharSet", "utf8mb4");
+
+            migrationBuilder.UpdateData(
+                table: "Tenants",
+                keyColumn: "Id",
+                keyValue: new Guid("b3466e83-7e11-464c-b93a-daf047838b26"),
+                column: "OfficeNumber",
+                value: null);
+        }
+
+        /// <inheritdoc />
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropColumn(
+                name: "OfficeNumber",
+                table: "Tenants");
+        }
+    }
+}

Marco.Pms.DataAccess/Migrations/ApplicationDbContextModelSnapshot.cs

@@ -1223,6 +1223,9 @@ namespace Marco.Pms.DataAccess.Migrations
                         .IsRequired()
                         .HasColumnType("longtext");
 
+                    b.Property<string>("OfficeNumber")
+                        .HasColumnType("longtext");
+
                     b.Property<DateTime>("OnBoardingDate")
                         .HasColumnType("datetime(6)");
 

Marco.Pms.Model/Dtos/Tenant/CreateTenantDto.cs

@@ -11,6 +11,7 @@
         public string? TaxId { get; set; }
         public string? logoImage { get; set; }
         public required string OragnizationName { get; set; }
+        public string? OfficeNumber { get; set; }
         public required string ContactNumber { get; set; }
         public required DateTime OnBoardingDate { get; set; }
         public required string OragnizationSize { get; set; }

Marco.Pms.Model/Entitlements/Tenant.cs

@@ -13,6 +13,7 @@ namespace Marco.Pms.Model.Entitlements
         public string? DomainName { get; set; }
         public string ContactName { get; set; } = string.Empty;
         public string ContactNumber { get; set; } = string.Empty;
+        public string? OfficeNumber { get; set; }
         public string BillingAddress { get; set; } = string.Empty;
         public string? TaxId { get; set; }
         public string? logoImage { get; set; }   // Base64

Marco.Pms.Services/Controllers/RolesController.cs

@@ -1,5 +1,4 @@
-using System.Data;
+using Marco.Pms.DataAccess.Data;
-using Marco.Pms.DataAccess.Data;
 using Marco.Pms.Model.Dtos.Employees;
 using Marco.Pms.Model.Dtos.Roles;
 using Marco.Pms.Model.Employees;
@@ -11,12 +10,13 @@ using Marco.Pms.Model.ViewModels;
 using Marco.Pms.Model.ViewModels.Master;
 using Marco.Pms.Model.ViewModels.Roles;
 using Marco.Pms.Services.Helpers;
+using Marco.Pms.Services.Service;
 using MarcoBMS.Services.Helpers;
 using MarcoBMS.Services.Service;
 using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
+using System.Data;
 #nullable disable
 namespace MarcoBMS.Services.Controllers
 {
@@ -28,15 +28,15 @@ namespace MarcoBMS.Services.Controllers
         private readonly ApplicationDbContext _context;
         private readonly RolesHelper _rolesHelper;
         private readonly UserHelper _userHelper;
-        private readonly UserManager<ApplicationUser> _userManager;
+        private readonly PermissionServices _permissionService;
         private readonly ILoggingService _logger;
         private readonly CacheUpdateHelper _cache;
 
-        public RolesController(UserManager<ApplicationUser> userManager, ApplicationDbContext context, RolesHelper rolesHelper, UserHelper userHelper, ILoggingService logger,
+        public RolesController(PermissionServices permissionServices, ApplicationDbContext context, RolesHelper rolesHelper, UserHelper userHelper, ILoggingService logger,
             CacheUpdateHelper cache)
         {
             _context = context;
-            _userManager = userManager;
+            _permissionService = permissionServices;
             _rolesHelper = rolesHelper;
             _userHelper = userHelper;
             _logger = logger;
@@ -213,12 +213,17 @@ namespace MarcoBMS.Services.Controllers
             }
 
             Guid TenantId = GetTenantId();
+            var loggedInEmployee = await _userHelper.GetCurrentEmployeeAsync();
 
             if (createRoleDto.FeaturesPermission == null || (createRoleDto.FeaturesPermission != null && createRoleDto.FeaturesPermission.Count == 0))
             {
                 return BadRequest(ApiResponse<object>.ErrorResponse("Feature Permission is required.", "Feature Permission is required.", 400));
             }
-
+            var hasManageMasterPermission = await _permissionService.HasPermission(PermissionsMaster.ManageMasters, loggedInEmployee.Id);
+            if (!hasManageMasterPermission)
+            {
+                return StatusCode(403, ApiResponse<object>.SuccessResponse("Access Denied", "User do not have permission for this action", 403));
+            }
             bool roleExists = _context.ApplicationRoles
               .Any(r => r.TenantId == TenantId && r.Role.ToLower() == createRoleDto.Role.ToLower());// assuming role name is unique per tenant
             if (roleExists)
@@ -228,7 +233,11 @@ namespace MarcoBMS.Services.Controllers
             ApplicationRole role = createRoleDto.ToApplicationRoleFromCreateDto(TenantId);
             _context.ApplicationRoles.Add(role);
 
+            var hasPermission = await _permissionService.HasPermission(PermissionsMaster.ManageTenants, loggedInEmployee.Id);
             foreach (var permission in createRoleDto.FeaturesPermission)
+            {
+                if (!hasPermission &&
+                    permission.Id != PermissionsMaster.ManageTenants)
                 {
                     var item = new RolePermissionMappings() { ApplicationRoleId = role.Id, FeaturePermissionId = permission.Id };
                     bool assigned = _context.RolePermissionMappings.Any(c => c.ApplicationRoleId == role.Id && c.FeaturePermissionId == permission.Id);
@@ -237,6 +246,7 @@ namespace MarcoBMS.Services.Controllers
                     else
                         _context.RolePermissionMappings.Remove(item);
                 }
+            }
 
             await _context.SaveChangesAsync();
             return Ok(ApiResponse<object>.SuccessResponse(role.ToRoleVMFromApplicationRole(), "Roles created successfully.", 200));

Marco.Pms.Services/Controllers/TenantController.cs

@@ -237,15 +237,39 @@ namespace Marco.Pms.Services.Controllers
                 return StatusCode(409, ApiResponse<object>.ErrorResponse("Tenant cannot be created", "A user with the specified email already exists.", 409));
             }
 
-            // Check if a tenant with the same Tax ID already exists.
+            // Check if a tenant with the same Tax ID and Domain Name already exists.
+            var taxTask = Task.Run(async () =>
+            {
                 if (!string.IsNullOrWhiteSpace(model.TaxId))
                 {
-                var isTenantExists = await _context.Tenants.AnyAsync(t => t.TaxId == model.TaxId);
+                    return await _context.Tenants.AnyAsync(t => t.TaxId == model.TaxId);
-                if (isTenantExists)
+
+                }
+                return false;
+            });
+            var domainTask = Task.Run(async () =>
+            {
+                if (!string.IsNullOrWhiteSpace(model.DomainName))
+                {
+                    return await _context.Tenants.AnyAsync(t => t.DomainName == model.DomainName);
+
+                }
+                return false;
+            });
+
+            await Task.WhenAll(taxTask, domainTask);
+
+            if (taxTask.Result || domainTask.Result)
+            {
+                if (!string.IsNullOrWhiteSpace(model.TaxId))
                 {
                     _logger.LogWarning("Tenant creation failed for Tax ID {TaxId}: a tenant with this Tax ID already exists.", model.TaxId);
-                    return StatusCode(409, ApiResponse<object>.ErrorResponse("Tenant cannot be created", "A tenant with the same Tax ID already exists.", 409));
                 }
+                if (!string.IsNullOrWhiteSpace(model.DomainName))
+                {
+                    _logger.LogWarning("Tenant creation failed for Domain Name {DomainName}: a tenant with this Domain Name already exists.", model.DomainName);
+                }
+                return StatusCode(409, ApiResponse<object>.ErrorResponse("Tenant cannot be created", "A tenant already exists.", 409));
             }
 
             // Check if the provided logo is a valid Base64 string.
@@ -317,6 +341,47 @@ namespace Marco.Pms.Services.Controllers
                 };
                 _context.Employees.Add(employeeUser);
 
+                var applicationRole = new ApplicationRole
+                {
+                    Role = "Super User",
+                    Description = "Super User",
+                    IsSystem = true,
+                    TenantId = tenant.Id
+                };
+                _context.ApplicationRoles.Add(applicationRole);
+
+                var rolePermissionMappigs = new List<RolePermissionMappings> {
+                    new RolePermissionMappings
+                    {
+                        ApplicationRoleId = applicationRole.Id,
+                        FeaturePermissionId = PermissionsMaster.ModifyTenant
+                    },
+                    new RolePermissionMappings
+                    {
+                        ApplicationRoleId = applicationRole.Id,
+                        FeaturePermissionId = PermissionsMaster.ViewTenant
+                    },
+                    new RolePermissionMappings
+                    {
+                        ApplicationRoleId = applicationRole.Id,
+                        FeaturePermissionId = PermissionsMaster.ManageMasters
+                    },
+                    new RolePermissionMappings
+                    {
+                        ApplicationRoleId = applicationRole.Id,
+                        FeaturePermissionId = PermissionsMaster.ViewMasters
+                    }
+                };
+                _context.RolePermissionMappings.AddRange(rolePermissionMappigs);
+
+                _context.EmployeeRoleMappings.Add(new EmployeeRoleMapping
+                {
+                    EmployeeId = employeeUser.Id,
+                    RoleId = applicationRole.Id,
+                    IsEnabled = true,
+                    TenantId = tenant.Id
+                });
+
                 // Create a default project for the new tenant
                 var project = new Project
                 {