Enhancement #375: Update "Get Contact" API to Enforce Feature Permissions

2025-05-27 12:24:41 +05:30 · 2025-05-27 12:24:41 +05:30 · b638e35b25
commit b638e35b25
parent 27a7044ede
2 changed files with 32 additions and 2 deletions
--- a/Marco.Pms.Services/Controllers/DirectoryController.cs
+++ b/Marco.Pms.Services/Controllers/DirectoryController.cs
@ -39,12 +39,17 @@ namespace Marco.Pms.Services.Controllers
            {
                return Ok(response);
            }
+            else if (response.StatusCode == 401)
+            {
+                return Unauthorized(response);
+            }
            else
            {
                return BadRequest(response);
            }

        }
+
        [HttpGet("contact-bucket/{bucketId}")]
        public async Task<IActionResult> GetContactsListByBucketId(Guid bucketId)
        {
--- a/Marco.Pms.Services/Helpers/DirectoryHelper.cs
+++ b/Marco.Pms.Services/Helpers/DirectoryHelper.cs
@ -18,13 +18,18 @@ namespace Marco.Pms.Services.Helpers
        private readonly ApplicationDbContext _context;
        private readonly ILoggingService _logger;
        private readonly UserHelper _userHelper;
-
+        private readonly Guid directoryAdmin;
+        private readonly Guid directoryManager;
+        private readonly Guid directoryUser;

        public DirectoryHelper(ApplicationDbContext context, ILoggingService logger, UserHelper userHelper)
        {
            _context = context;
            _logger = logger;
            _userHelper = userHelper;
+            directoryAdmin = Guid.Parse("4286a13b-bb40-4879-8c6d-18e9e393beda");
+            directoryManager = Guid.Parse("62668630-13ce-4f52-a0f0-db38af2230c5");
+            directoryUser = Guid.Parse("0f919170-92d4-4337-abd3-49b66fc871bb");
        }


@ -33,9 +38,29 @@ namespace Marco.Pms.Services.Helpers
        {
            Guid tenantId = _userHelper.GetTenantId();
            var LoggedInEmployee = await _userHelper.GetCurrentEmployeeAsync();
+            var assignedRoleIds = await _context.EmployeeRoleMappings.Where(r => r.EmployeeId == LoggedInEmployee.Id).Select(r => r.RoleId).ToListAsync();
+            var permissionIds = await _context.RolePermissionMappings.Where(rp => assignedRoleIds.Contains(rp.ApplicationRoleId)).Select(rp => rp.FeaturePermissionId).Distinct().ToListAsync();
            List<EmployeeBucketMapping>? employeeBuckets = await _context.EmployeeBucketMappings.Where(eb => eb.EmployeeId == LoggedInEmployee.Id).ToListAsync();
            List<Guid> bucketIds = employeeBuckets.Select(c => c.BucketId).ToList();
-            List<Guid> filterbucketIds = employeeBuckets.Select(c => c.BucketId).ToList();
+            if (permissionIds.Contains(directoryAdmin))
+            {
+                var buckets = await _context.Buckets.Where(b => b.TenantId == tenantId).ToListAsync();
+                bucketIds = buckets.Select(b => b.Id).ToList();
+            }
+            else if (permissionIds.Contains(directoryManager) || permissionIds.Contains(directoryUser))
+            {
+                var buckets = await _context.Buckets.Where(b => b.CreatedByID == LoggedInEmployee.Id).ToListAsync();
+                var createdBucketIds = buckets.Select(b => b.Id).ToList();
+                bucketIds.AddRange(createdBucketIds);
+                bucketIds = bucketIds.Distinct().ToList();
+            }
+            else
+            {
+                _logger.LogError("Employee {EmployeeId} attemped to access a contacts, but do not have permission", LoggedInEmployee.Id);
+                return ApiResponse<object>.ErrorResponse("You don't have permission", "You don't have permission", 401);
+            }
+
+            List<Guid> filterbucketIds = bucketIds;
            if (filterDto != null && filterDto.BucketIds != null && filterDto.BucketIds.Count > 0)
            {
                filterbucketIds = filterDto.BucketIds;