From 915ad7bdb5dd5f01712d6ba4fab9d3ed1c65b11f Mon Sep 17 00:00:00 2001
From: "ashutosh.nehete" <ashutosh.nehete@marcoaiot.com>
Date: Tue, 27 May 2025 12:35:09 +0530
Subject: [PATCH] Enhancement #380: Update "Create Bucket" API to Enforce
 Feature

---
 Marco.Pms.Services/Controllers/DirectoryController.cs | 4 ++++
 Marco.Pms.Services/Helpers/DirectoryHelper.cs         | 9 +++++++++
 2 files changed, 13 insertions(+)

diff --git a/Marco.Pms.Services/Controllers/DirectoryController.cs b/Marco.Pms.Services/Controllers/DirectoryController.cs
index d25c7e8..680a708 100644
--- a/Marco.Pms.Services/Controllers/DirectoryController.cs
+++ b/Marco.Pms.Services/Controllers/DirectoryController.cs
@@ -261,6 +261,10 @@ namespace Marco.Pms.Services.Controllers
             {
                 return Conflict(response);
             }
+            else if (response.StatusCode == 401)
+            {
+                return Unauthorized(response);
+            }
             else
             {
                 return BadRequest(response);
diff --git a/Marco.Pms.Services/Helpers/DirectoryHelper.cs b/Marco.Pms.Services/Helpers/DirectoryHelper.cs
index d2a27ff..515ab3f 100644
--- a/Marco.Pms.Services/Helpers/DirectoryHelper.cs
+++ b/Marco.Pms.Services/Helpers/DirectoryHelper.cs
@@ -2540,6 +2540,15 @@ namespace Marco.Pms.Services.Helpers
             var LoggedInEmployee = await _userHelper.GetCurrentEmployeeAsync();
             if (bucketDto != null)
             {
+                var assignedRoleIds = await _context.EmployeeRoleMappings.Where(r => r.EmployeeId == LoggedInEmployee.Id).Select(r => r.RoleId).ToListAsync();
+                var permissionIds = await _context.RolePermissionMappings.Where(rp => assignedRoleIds.Contains(rp.ApplicationRoleId)).Select(rp => rp.FeaturePermissionId).Distinct().ToListAsync();
+                var demo = !permissionIds.Contains(directoryUser);
+                if (!permissionIds.Contains(directoryAdmin) && !permissionIds.Contains(directoryManager) && !permissionIds.Contains(directoryUser))
+                {
+                    _logger.LogError("Employee {EmployeeId} attemped to create a bucket, but do not have permission", LoggedInEmployee.Id);
+                    return ApiResponse<object>.ErrorResponse("You don't have permission", "You don't have permission", 401);
+                }
+
                 var existingBucket = await _context.Buckets.FirstOrDefaultAsync(b => b.Name == bucketDto.Name);
                 if (existingBucket != null)
                 {