admin/marco.pms.api
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Enhancement #378: Update "Get Bucket List" API to Enforce Feature

Browse Source
This commit is contained in:
ashutosh.nehete 2025-05-27 12:32:51 +05:30
parent a0cc285d6f
commit b5707ba133
2 changed files with 35 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Marco.Pms.Services/Controllers/DirectoryController.cs
View File

@ -226,7 +226,18 @@ namespace Marco.Pms.Services.Controllers
public async Task<IActionResult> GetBucketList()
{
var response = await _directoryHelper.GetBucketList();
return Ok(response);
if (response.StatusCode == 200)
{
return Ok(response);
}
else if (response.StatusCode == 401)
{
return Unauthorized(response);
}
else
{
return BadRequest(response);
}
}
[HttpPost("bucket")]

28
Marco.Pms.Services/Helpers/DirectoryHelper.cs
View File

@ -1022,20 +1022,38 @@ namespace Marco.Pms.Services.Helpers
{
Guid tenantId = _userHelper.GetTenantId();
var LoggedInEmployee = await _userHelper.GetCurrentEmployeeAsync();
var assignedRoleIds = await _context.EmployeeRoleMappings.Where(r => r.EmployeeId == LoggedInEmployee.Id).Select(r => r.RoleId).ToListAsync();
var permissionIds = await _context.RolePermissionMappings.Where(rp => assignedRoleIds.Contains(rp.ApplicationRoleId)).Select(rp => rp.FeaturePermissionId).Distinct().ToListAsync();
List<EmployeeBucketMapping> employeeBuckets = await _context.EmployeeBucketMappings.Where(b => b.EmployeeId == LoggedInEmployee.Id).ToListAsync();
var bucketIds = employeeBuckets.Select(b => b.BucketId).ToList();
List<Bucket> bucketList = await _context.Buckets.Where(b => bucketIds.Contains(b.Id)).ToListAsync();
List<Bucket> bucketList = new List<Bucket>();
if (permissionIds.Contains(directoryAdmin))
{
bucketList = await _context.Buckets.Where(b => b.TenantId == tenantId).ToListAsync();
}
else if (permissionIds.Contains(directoryManager) || permissionIds.Contains(directoryUser))
{
bucketList = await _context.Buckets.Where(b => bucketIds.Contains(b.Id) || b.CreatedByID == LoggedInEmployee.Id).ToListAsync();
}
else
{
_logger.LogError("Employee {EmployeeId} attemped to access a buckets list, but do not have permission", LoggedInEmployee.Id);
return ApiResponse<object>.ErrorResponse("You don't have permission", "You don't have permission", 401);
}
List<BucketVM> bucketVMs = new List<BucketVM>();
foreach (var bucket in bucketList)
if (bucketList.Any())
{
BucketVM bucketVM = bucket.ToBucketVMFromBucket();
bucketVMs.Add(bucketVM);
foreach (var bucket in bucketList)
{
BucketVM bucketVM = bucket.ToBucketVMFromBucket();
bucketVMs.Add(bucketVM);
}
}
_logger.LogInfo("{count} Buckets are fetched by Employee with ID {LoggedInEmployeeId}", bucketVMs.Count, LoggedInEmployee.Id);
return ApiResponse<object>.SuccessResponse(bucketVMs, System.String.Format("{0} buckets fetched successfully", bucketVMs.Count), 200);
return ApiResponse<object>.SuccessResponse(bucketVMs, $"{bucketVMs.Count} buckets fetched successfully", 200);
}
public async Task<ApiResponse<object>> CreateBucket(CreateBucketDto bucketDto)
{