Sending list of projects of which employee has permission

2025-06-06 18:40:09 +05:30 · 2025-06-06 18:40:09 +05:30 · baa168ff8f
commit baa168ff8f
parent 47ad6231dd
3 changed files with 71 additions and 3 deletions
--- a/Marco.Pms.Services/Controllers/AttendanceController.cs
+++ b/Marco.Pms.Services/Controllers/AttendanceController.cs
@ -137,6 +137,13 @@ namespace MarcoBMS.Services.Controllers
            var LoggedInEmployee = await _userHelper.GetCurrentEmployeeAsync();
            var hasTeamAttendancePermission = await _permission.HasPermission(new Guid("915e6bff-65f6-4e3f-aea8-3fd217d3ea9e"), LoggedInEmployee.Id);
            var hasSelfAttendancePermission = await _permission.HasPermission(new Guid("ccb0589f-712b-43de-92ed-5b6088e7dc4e"), LoggedInEmployee.Id);
+            var hasProjectPermission = await _permission.HasProjectPermission(LoggedInEmployee, projectId.ToString());
+
+            if (!hasProjectPermission)
+            {
+                _logger.LogWarning("Employee {EmployeeId} tries to access attendance of project {ProjectId}, but don't have access", LoggedInEmployee.Id, projectId);
+                return Unauthorized(ApiResponse<object>.ErrorResponse("Unauthorized access", "Unauthorized access", 404));
+            }

            DateTime fromDate = new DateTime();
            DateTime toDate = new DateTime();
@ -246,6 +253,13 @@ namespace MarcoBMS.Services.Controllers
            var LoggedInEmployee = await _userHelper.GetCurrentEmployeeAsync();
            var hasTeamAttendancePermission = await _permission.HasPermission(new Guid("915e6bff-65f6-4e3f-aea8-3fd217d3ea9e"), LoggedInEmployee.Id);
            var hasSelfAttendancePermission = await _permission.HasPermission(new Guid("ccb0589f-712b-43de-92ed-5b6088e7dc4e"), LoggedInEmployee.Id);
+            var hasProjectPermission = await _permission.HasProjectPermission(LoggedInEmployee, projectId.ToString());
+
+            if (!hasProjectPermission)
+            {
+                _logger.LogWarning("Employee {EmployeeId} tries to access attendance of project {ProjectId}, but don't have access", LoggedInEmployee.Id, projectId);
+                return Unauthorized(ApiResponse<object>.ErrorResponse("Unauthorized access", "Unauthorized access", 404));
+            }

            DateTime forDate = new DateTime();

@ -341,7 +355,15 @@ namespace MarcoBMS.Services.Controllers
        public async Task<IActionResult> GetRequestRegularizeAttendance([FromQuery] Guid projectId, [FromQuery] bool IncludeInActive)
        {
            Guid TenantId = GetTenantId();
+            Employee LoggedInEmployee = await _userHelper.GetCurrentEmployeeAsync();
            var result = new List<EmployeeAttendanceVM>();
+            var hasProjectPermission = await _permission.HasProjectPermission(LoggedInEmployee, projectId.ToString());
+
+            if (!hasProjectPermission)
+            {
+                _logger.LogWarning("Employee {EmployeeId} tries to access attendance of project {ProjectId}, but don't have access", LoggedInEmployee.Id, projectId);
+                return Unauthorized(ApiResponse<object>.ErrorResponse("Unauthorized access", "Unauthorized access", 404));
+            }

            List<Attendance> lstAttendance = await _context.Attendes.Where(c => c.ProjectID == projectId && c.Activity == ATTENDANCE_MARK_TYPE.REQUEST_REGULARIZE && c.TenantId == TenantId).ToListAsync();

--- a/Marco.Pms.Services/Controllers/ProjectController.cs
+++ b/Marco.Pms.Services/Controllers/ProjectController.cs
@ -24,13 +24,17 @@ namespace MarcoBMS.Services.Controllers
        private readonly ApplicationDbContext _context;
        private readonly UserHelper _userHelper;
        private readonly ILoggingService _logger;
+        private readonly RolesHelper _rolesHelper;
+        private readonly ProjectsHelper _projectsHelper;


-        public ProjectController(ApplicationDbContext context, UserHelper userHelper, ILoggingService logger)
+        public ProjectController(ApplicationDbContext context, UserHelper userHelper, ILoggingService logger, RolesHelper rolesHelper, ProjectsHelper projectHelper)
        {
            _context = context;
            _userHelper = userHelper;
            _logger = logger;
+            _rolesHelper = rolesHelper;
+            _projectsHelper = projectHelper;
        }
        [HttpGet("list")]
        public async Task<IActionResult> GetAll()
@ -45,7 +49,22 @@ namespace MarcoBMS.Services.Controllers

            }
            Guid tenantId = _userHelper.GetTenantId();
-            List<Project> projects = await _context.Projects.Where(c => c.TenantId == tenantId).ToListAsync();
+            var LoggedInEmployee = await _userHelper.GetCurrentEmployeeAsync();
+            List<FeaturePermission> featurePermission = await _rolesHelper.GetFeaturePermissionByEmployeeID(LoggedInEmployee.Id);
+            string[] projectsId = [];
+            List<Project> projects = new List<Project>();
+
+            /* User with permission manage project  can see all projects */
+            if (featurePermission != null && featurePermission.Exists(c => c.Id.ToString() == "172fc9b6-755b-4f62-ab26-55c34a330614"))
+            {
+                projects = await _projectsHelper.GetAllProjectByTanentID(LoggedInEmployee.TenantId);
+            }
+            else
+            {
+                List<ProjectAllocation> allocation = await _projectsHelper.GetProjectByEmployeeID(LoggedInEmployee.Id);
+                projectsId = allocation.Select(c => c.ProjectId.ToString()).ToArray();
+                projects = await _context.Projects.Where(c => projectsId.Contains(c.Id.ToString()) && c.TenantId == tenantId).ToListAsync();
+            }


            List<ProjectListVM> response = new List<ProjectListVM>();
--- a/Marco.Pms.Services/Service/PermissionServices.cs
+++ b/Marco.Pms.Services/Service/PermissionServices.cs
@ -1,4 +1,8 @@
 using Marco.Pms.DataAccess.Data;
+using Marco.Pms.Model.Employees;
+using Marco.Pms.Model.Entitlements;
+using Marco.Pms.Model.Projects;
+using MarcoBMS.Services.Helpers;
 using Microsoft.EntityFrameworkCore;

 namespace Marco.Pms.Services.Service
@ -6,9 +10,13 @@ namespace Marco.Pms.Services.Service
    public class PermissionServices
    {
        private readonly ApplicationDbContext _context;
-        public PermissionServices(ApplicationDbContext context)
+        private readonly RolesHelper _rolesHelper;
+        private readonly ProjectsHelper _projectsHelper;
+        public PermissionServices(ApplicationDbContext context, RolesHelper rolesHelper, ProjectsHelper projectsHelper)
        {
            _context = context;
+            _rolesHelper = rolesHelper;
+            _projectsHelper = projectsHelper;
        }

        public async Task<bool> HasPermission(Guid featurePermissionId, Guid employeeId)
@ -21,5 +29,24 @@ namespace Marco.Pms.Services.Service
                    .Any(rp => rp.FeaturePermissionId == featurePermissionId && rp.ApplicationRoleId == roleId));
            return hasPermission;
        }
+        public async Task<bool> HasProjectPermission(Employee emp, string projectId)
+        {
+            List<FeaturePermission> featurePermission = await _rolesHelper.GetFeaturePermissionByEmployeeID(emp.Id);
+            string[] projectsId = [];
+
+            /* User with permission manage project  can see all projects */
+            if (featurePermission != null && featurePermission.Exists(c => c.Id.ToString() == "172fc9b6-755b-4f62-ab26-55c34a330614"))
+            {
+                List<Project> projects = await _projectsHelper.GetAllProjectByTanentID(emp.TenantId);
+                projectsId = projects.Select(c => c.Id.ToString()).ToArray();
+            }
+            else
+            {
+                List<ProjectAllocation> allocation = await _projectsHelper.GetProjectByEmployeeID(emp.Id);
+                projectsId = allocation.Select(c => c.ProjectId.ToString()).ToArray();
+            }
+            bool response = projectsId.Contains(projectId);
+            return response;
+        }
    }
 }