admin/marco.pms.api
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Enhancement #377: Update "Update Contact" API to Enforce Feature

Browse Source
This commit is contained in:
ashutosh.nehete 2025-05-27 12:28:22 +05:30
parent 10df95c481
commit a0cc285d6f
2 changed files with 32 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Marco.Pms.Services/Controllers/DirectoryController.cs
View File

@ -103,6 +103,10 @@ namespace Marco.Pms.Services.Controllers
{ {
return NotFound(response); return NotFound(response);
} }
else if (response.StatusCode == 401)
{
return Unauthorized(response);
}
else else
{ {
return BadRequest(response); return BadRequest(response);

30
Marco.Pms.Services/Helpers/DirectoryHelper.cs
View File

@ -480,6 +480,33 @@ namespace Marco.Pms.Services.Helpers
return ApiResponse<object>.ErrorResponse("Contact not found", "Contact not found", 404); return ApiResponse<object>.ErrorResponse("Contact not found", "Contact not found", 404);
} }
var assignedRoleIds = await _context.EmployeeRoleMappings.Where(r => r.EmployeeId == LoggedInEmployee.Id).Select(r => r.RoleId).ToListAsync();
var permissionIds = await _context.RolePermissionMappings.Where(rp => assignedRoleIds.Contains(rp.ApplicationRoleId)).Select(rp => rp.FeaturePermissionId).Distinct().ToListAsync();
List<EmployeeBucketMapping>? employeeBuckets = await _context.EmployeeBucketMappings.Where(eb => eb.EmployeeId == LoggedInEmployee.Id).ToListAsync();
List<Guid> bucketIds = employeeBuckets.Select(c => c.BucketId).ToList();
if (permissionIds.Contains(directoryAdmin))
{
var buckets = await _context.Buckets.Where(b => b.TenantId == tenantId).ToListAsync();
bucketIds = buckets.Select(b => b.Id).ToList();
}
else if (permissionIds.Contains(directoryManager) || permissionIds.Contains(directoryUser))
{
var buckets = await _context.Buckets.Where(b => b.CreatedByID == LoggedInEmployee.Id).ToListAsync();
var createdBucketIds = buckets.Select(b => b.Id).ToList();
bucketIds.AddRange(createdBucketIds);
bucketIds = bucketIds.Distinct().ToList();
}
else
{
_logger.LogError("Employee {EmployeeId} attemped to update a contact, but do not have permission", LoggedInEmployee.Id);
return ApiResponse<object>.ErrorResponse("You don't have permission", "You don't have permission", 401);
}
List<ContactBucketMapping> contactBuckets = await _context.ContactBucketMappings.AsNoTracking().Where(m => m.ContactId == contact.Id && bucketIds.Contains(m.BucketId)).ToListAsync();
bucketIds = contactBuckets.Select(b => b.BucketId).Distinct().ToList();
var newContact = updateContact.ToContactFromUpdateContactDto(tenantId, contact); var newContact = updateContact.ToContactFromUpdateContactDto(tenantId, contact);
_context.Contacts.Update(newContact); _context.Contacts.Update(newContact);
await _context.SaveChangesAsync(); await _context.SaveChangesAsync();
@ -489,8 +516,7 @@ namespace Marco.Pms.Services.Helpers
List<ContactEmail> emails = await _context.ContactsEmails.AsNoTracking().Where(p => p.ContactId == contact.Id).ToListAsync(); List<ContactEmail> emails = await _context.ContactsEmails.AsNoTracking().Where(p => p.ContactId == contact.Id).ToListAsync();
var emailIds = emails.Select(p => p.Id).ToList(); var emailIds = emails.Select(p => p.Id).ToList();
List<ContactBucketMapping> contactBuckets = await _context.ContactBucketMappings.AsNoTracking().Where(m => m.ContactId == contact.Id).ToListAsync();
var bucketIds = contactBuckets.Select(b => b.BucketId).Distinct().ToList();
List<ContactTagMapping> contactTags = await _context.ContactTagMappings.AsNoTracking().Where(m => m.ContactId == contact.Id).ToListAsync(); List<ContactTagMapping> contactTags = await _context.ContactTagMappings.AsNoTracking().Where(m => m.ContactId == contact.Id).ToListAsync();
var tagIds = contactTags.Select(t => t.ContactTagId).Distinct().ToList(); var tagIds = contactTags.Select(t => t.ContactTagId).Distinct().ToList();