admin/marco.pms.api
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Enhancement #378: Update "Get Bucket List" API to Enforce Feature

Browse Source
This commit is contained in:
ashutosh.nehete 2025-05-27 12:32:51 +05:30
parent a0cc285d6f
commit b5707ba133
2 changed files with 35 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Marco.Pms.Services/Controllers/DirectoryController.cs
View File

@ -226,8 +226,19 @@ namespace Marco.Pms.Services.Controllers
public async Task<IActionResult> GetBucketList() public async Task<IActionResult> GetBucketList()
{ {
var response = await _directoryHelper.GetBucketList(); var response = await _directoryHelper.GetBucketList();
if (response.StatusCode == 200)
{
return Ok(response); return Ok(response);
} }
else if (response.StatusCode == 401)
{
return Unauthorized(response);
}
else
{
return BadRequest(response);
}
}
[HttpPost("bucket")] [HttpPost("bucket")]
public async Task<IActionResult> CreateBucket(CreateBucketDto bucketDto) public async Task<IActionResult> CreateBucket(CreateBucketDto bucketDto)

22
Marco.Pms.Services/Helpers/DirectoryHelper.cs
View File

@ -1022,20 +1022,38 @@ namespace Marco.Pms.Services.Helpers
{ {
Guid tenantId = _userHelper.GetTenantId(); Guid tenantId = _userHelper.GetTenantId();
var LoggedInEmployee = await _userHelper.GetCurrentEmployeeAsync(); var LoggedInEmployee = await _userHelper.GetCurrentEmployeeAsync();
var assignedRoleIds = await _context.EmployeeRoleMappings.Where(r => r.EmployeeId == LoggedInEmployee.Id).Select(r => r.RoleId).ToListAsync();
var permissionIds = await _context.RolePermissionMappings.Where(rp => assignedRoleIds.Contains(rp.ApplicationRoleId)).Select(rp => rp.FeaturePermissionId).Distinct().ToListAsync();
List<EmployeeBucketMapping> employeeBuckets = await _context.EmployeeBucketMappings.Where(b => b.EmployeeId == LoggedInEmployee.Id).ToListAsync(); List<EmployeeBucketMapping> employeeBuckets = await _context.EmployeeBucketMappings.Where(b => b.EmployeeId == LoggedInEmployee.Id).ToListAsync();
var bucketIds = employeeBuckets.Select(b => b.BucketId).ToList(); var bucketIds = employeeBuckets.Select(b => b.BucketId).ToList();
List<Bucket> bucketList = await _context.Buckets.Where(b => bucketIds.Contains(b.Id)).ToListAsync(); List<Bucket> bucketList = new List<Bucket>();
if (permissionIds.Contains(directoryAdmin))
{
bucketList = await _context.Buckets.Where(b => b.TenantId == tenantId).ToListAsync();
}
else if (permissionIds.Contains(directoryManager) || permissionIds.Contains(directoryUser))
{
bucketList = await _context.Buckets.Where(b => bucketIds.Contains(b.Id) || b.CreatedByID == LoggedInEmployee.Id).ToListAsync();
}
else
{
_logger.LogError("Employee {EmployeeId} attemped to access a buckets list, but do not have permission", LoggedInEmployee.Id);
return ApiResponse<object>.ErrorResponse("You don't have permission", "You don't have permission", 401);
}
List<BucketVM> bucketVMs = new List<BucketVM>(); List<BucketVM> bucketVMs = new List<BucketVM>();
if (bucketList.Any())
{
foreach (var bucket in bucketList) foreach (var bucket in bucketList)
{ {
BucketVM bucketVM = bucket.ToBucketVMFromBucket(); BucketVM bucketVM = bucket.ToBucketVMFromBucket();
bucketVMs.Add(bucketVM); bucketVMs.Add(bucketVM);
} }
}
_logger.LogInfo("{count} Buckets are fetched by Employee with ID {LoggedInEmployeeId}", bucketVMs.Count, LoggedInEmployee.Id); _logger.LogInfo("{count} Buckets are fetched by Employee with ID {LoggedInEmployeeId}", bucketVMs.Count, LoggedInEmployee.Id);
return ApiResponse<object>.SuccessResponse(bucketVMs, System.String.Format("{0} buckets fetched successfully", bucketVMs.Count), 200); return ApiResponse<object>.SuccessResponse(bucketVMs, $"{bucketVMs.Count} buckets fetched successfully", 200);
} }
public async Task<ApiResponse<object>> CreateBucket(CreateBucketDto bucketDto) public async Task<ApiResponse<object>> CreateBucket(CreateBucketDto bucketDto)
{ {