From 87cf37ca035dd4b00de4479a03bd2911bb3d18ca Mon Sep 17 00:00:00 2001 From: "ashutosh.nehete" Date: Fri, 29 Aug 2025 13:10:31 +0530 Subject: [PATCH] Added the API to verify or reject the document --- .../Controllers/DocumentController.cs | 81 ++++++++++++++++++- 1 file changed, 77 insertions(+), 4 deletions(-) diff --git a/Marco.Pms.Services/Controllers/DocumentController.cs b/Marco.Pms.Services/Controllers/DocumentController.cs index adb872e..85e4e3b 100644 --- a/Marco.Pms.Services/Controllers/DocumentController.cs +++ b/Marco.Pms.Services/Controllers/DocumentController.cs @@ -536,17 +536,90 @@ namespace Marco.Pms.Services.Controllers } } + /// + /// Verifies a document attachment by its ID. Checks permissions, logs the operation, and updates verification fields. + /// + /// Document Attachment ID (Guid) + /// Flag to verify or unverify the document (default: true) + [HttpPost("verify/{id}")] - public async Task VerifyDocumentAsync(Guid id) + public async Task VerifyDocumentAsync(Guid id, [FromQuery] bool isVerify = true) { + // Begin: Create DbContext and DI scope await using var dbContext = await _dbContextFactory.CreateDbContextAsync(); using var scope = _serviceScope.CreateScope(); - var loggedInEmployee = await _userHelper.GetCurrentEmployeeAsync(); + try + { + // Get current logged-in employee for authentication/auditing + var loggedInEmployee = await _userHelper.GetCurrentEmployeeAsync(); + var tenantId = loggedInEmployee.TenantId; - return Ok(ApiResponse.SuccessResponse(new { }, "Document is verified successfully", 200)); + _logger.LogInfo("Attempting to verify document. EmployeeId: {EmployeeId}, DocumentId: {DocumentId}, IsVerify: {IsVerify}", + loggedInEmployee.Id, id, isVerify); + + // Fetch active/current document by Id, TenantId, and relevant conditions + var documentAttachment = await dbContext.DocumentAttachments + .FirstOrDefaultAsync(da => da.Id == id && da.IsActive && da.IsCurrentVersion && da.TenantId == tenantId); + + if (documentAttachment == null) + { + _logger.LogWarning("Document attachment not found. Requested Id: {DocumentId}, TenantId: {TenantId}", id, tenantId); + return NotFound(ApiResponse.ErrorResponse("Attachment not found", "Attachment not found in database", 404)); + } + + // Permission service: check if employee is authorized to verify documents + var permissionService = scope.ServiceProvider.GetRequiredService(); + var hasVerifyPermission = await permissionService.HasPermission(PermissionsMaster.VerifyDocument, loggedInEmployee.Id); + + if (!hasVerifyPermission) + { + _logger.LogWarning("Access denied for document verification. EmployeeId: {EmployeeId}, DocumentId: {DocumentId}", loggedInEmployee.Id, id); + return StatusCode(403, ApiResponse.ErrorResponse("Access Denied.", "You do not have permission to verify this document", 403)); + } + + // Log existing entity state before update (for audit trail) + var updateLogHelper = scope.ServiceProvider.GetRequiredService(); + var existingEntityBson = updateLogHelper.EntityToBsonDocument(documentAttachment); + + // Update document verification status and audit fields + documentAttachment.IsVerified = isVerify; + documentAttachment.VerifiedAt = DateTime.UtcNow; + documentAttachment.VerifiedById = loggedInEmployee.Id; + + // Commit changes + await dbContext.SaveChangesAsync(); + + // Log the update to MongoDB for change tracking + await updateLogHelper.PushToUpdateLogsAsync(new UpdateLogsObject + { + EntityId = documentAttachment.Id.ToString(), + UpdatedById = loggedInEmployee.Id.ToString(), + OldObject = existingEntityBson, + UpdatedAt = DateTime.UtcNow + }, Collection); + + var versionMapping = await dbContext.AttachmentVersionMappings.FirstOrDefaultAsync(av => av.ChildAttachmentId == documentAttachment.Id); + + var response = _mapper.Map(documentAttachment); + if (versionMapping != null) + { + response.ParentAttachmentId = versionMapping.ParentAttachmentId; + response.Version = versionMapping.Version; + } + + _logger.LogInfo("Document verified successfully. DocumentId: {DocumentId}, VerifiedBy: {EmployeeId}", documentAttachment.Id, loggedInEmployee.Id); + return Ok(ApiResponse.SuccessResponse(new { }, "Document is verified successfully", 200)); + } + catch (Exception ex) + { + // Handle unexpected errors gracefully + _logger.LogError(ex, "Error occurred during document verification. DocumentId: {DocumentId}", id); + return StatusCode(500, ApiResponse.ErrorResponse("Server Error", "An error occurred while verifying the document", 500)); + } } + [HttpPut("edit/{id}")] public async Task UpdateDocumentAsync(Guid id, [FromBody] UpdateDocumentAttachmentDto model) { @@ -568,7 +641,7 @@ namespace Marco.Pms.Services.Controllers var oldAttachment = await dbContext.DocumentAttachments .Include(da => da.DocumentType) .ThenInclude(dt => dt!.DocumentCategory) - .FirstOrDefaultAsync(da => da.Id == id && da.IsCurrentVersion && da.TenantId == tenantId); + .FirstOrDefaultAsync(da => da.Id == id && da.IsActive && da.IsCurrentVersion && da.TenantId == tenantId); if (oldAttachment == null) {