From baa168ff8f3c403d10606f961c1faa2e4d5f31e4 Mon Sep 17 00:00:00 2001 From: "ashutosh.nehete" Date: Fri, 6 Jun 2025 18:40:09 +0530 Subject: [PATCH] Sending list of projects of which employee has permission --- .../Controllers/AttendanceController.cs | 22 ++++++++++++++ .../Controllers/ProjectController.cs | 23 +++++++++++++-- .../Service/PermissionServices.cs | 29 ++++++++++++++++++- 3 files changed, 71 insertions(+), 3 deletions(-) diff --git a/Marco.Pms.Services/Controllers/AttendanceController.cs b/Marco.Pms.Services/Controllers/AttendanceController.cs index 7a8f87b..0c81f6e 100644 --- a/Marco.Pms.Services/Controllers/AttendanceController.cs +++ b/Marco.Pms.Services/Controllers/AttendanceController.cs @@ -137,6 +137,13 @@ namespace MarcoBMS.Services.Controllers var LoggedInEmployee = await _userHelper.GetCurrentEmployeeAsync(); var hasTeamAttendancePermission = await _permission.HasPermission(new Guid("915e6bff-65f6-4e3f-aea8-3fd217d3ea9e"), LoggedInEmployee.Id); var hasSelfAttendancePermission = await _permission.HasPermission(new Guid("ccb0589f-712b-43de-92ed-5b6088e7dc4e"), LoggedInEmployee.Id); + var hasProjectPermission = await _permission.HasProjectPermission(LoggedInEmployee, projectId.ToString()); + + if (!hasProjectPermission) + { + _logger.LogWarning("Employee {EmployeeId} tries to access attendance of project {ProjectId}, but don't have access", LoggedInEmployee.Id, projectId); + return Unauthorized(ApiResponse.ErrorResponse("Unauthorized access", "Unauthorized access", 404)); + } DateTime fromDate = new DateTime(); DateTime toDate = new DateTime(); @@ -246,6 +253,13 @@ namespace MarcoBMS.Services.Controllers var LoggedInEmployee = await _userHelper.GetCurrentEmployeeAsync(); var hasTeamAttendancePermission = await _permission.HasPermission(new Guid("915e6bff-65f6-4e3f-aea8-3fd217d3ea9e"), LoggedInEmployee.Id); var hasSelfAttendancePermission = await _permission.HasPermission(new Guid("ccb0589f-712b-43de-92ed-5b6088e7dc4e"), LoggedInEmployee.Id); + var hasProjectPermission = await _permission.HasProjectPermission(LoggedInEmployee, projectId.ToString()); + + if (!hasProjectPermission) + { + _logger.LogWarning("Employee {EmployeeId} tries to access attendance of project {ProjectId}, but don't have access", LoggedInEmployee.Id, projectId); + return Unauthorized(ApiResponse.ErrorResponse("Unauthorized access", "Unauthorized access", 404)); + } DateTime forDate = new DateTime(); @@ -341,7 +355,15 @@ namespace MarcoBMS.Services.Controllers public async Task GetRequestRegularizeAttendance([FromQuery] Guid projectId, [FromQuery] bool IncludeInActive) { Guid TenantId = GetTenantId(); + Employee LoggedInEmployee = await _userHelper.GetCurrentEmployeeAsync(); var result = new List(); + var hasProjectPermission = await _permission.HasProjectPermission(LoggedInEmployee, projectId.ToString()); + + if (!hasProjectPermission) + { + _logger.LogWarning("Employee {EmployeeId} tries to access attendance of project {ProjectId}, but don't have access", LoggedInEmployee.Id, projectId); + return Unauthorized(ApiResponse.ErrorResponse("Unauthorized access", "Unauthorized access", 404)); + } List lstAttendance = await _context.Attendes.Where(c => c.ProjectID == projectId && c.Activity == ATTENDANCE_MARK_TYPE.REQUEST_REGULARIZE && c.TenantId == TenantId).ToListAsync(); diff --git a/Marco.Pms.Services/Controllers/ProjectController.cs b/Marco.Pms.Services/Controllers/ProjectController.cs index 00ff1c2..af8b1d2 100644 --- a/Marco.Pms.Services/Controllers/ProjectController.cs +++ b/Marco.Pms.Services/Controllers/ProjectController.cs @@ -24,13 +24,17 @@ namespace MarcoBMS.Services.Controllers private readonly ApplicationDbContext _context; private readonly UserHelper _userHelper; private readonly ILoggingService _logger; + private readonly RolesHelper _rolesHelper; + private readonly ProjectsHelper _projectsHelper; - public ProjectController(ApplicationDbContext context, UserHelper userHelper, ILoggingService logger) + public ProjectController(ApplicationDbContext context, UserHelper userHelper, ILoggingService logger, RolesHelper rolesHelper, ProjectsHelper projectHelper) { _context = context; _userHelper = userHelper; _logger = logger; + _rolesHelper = rolesHelper; + _projectsHelper = projectHelper; } [HttpGet("list")] public async Task GetAll() @@ -45,7 +49,22 @@ namespace MarcoBMS.Services.Controllers } Guid tenantId = _userHelper.GetTenantId(); - List projects = await _context.Projects.Where(c => c.TenantId == tenantId).ToListAsync(); + var LoggedInEmployee = await _userHelper.GetCurrentEmployeeAsync(); + List featurePermission = await _rolesHelper.GetFeaturePermissionByEmployeeID(LoggedInEmployee.Id); + string[] projectsId = []; + List projects = new List(); + + /* User with permission manage project can see all projects */ + if (featurePermission != null && featurePermission.Exists(c => c.Id.ToString() == "172fc9b6-755b-4f62-ab26-55c34a330614")) + { + projects = await _projectsHelper.GetAllProjectByTanentID(LoggedInEmployee.TenantId); + } + else + { + List allocation = await _projectsHelper.GetProjectByEmployeeID(LoggedInEmployee.Id); + projectsId = allocation.Select(c => c.ProjectId.ToString()).ToArray(); + projects = await _context.Projects.Where(c => projectsId.Contains(c.Id.ToString()) && c.TenantId == tenantId).ToListAsync(); + } List response = new List(); diff --git a/Marco.Pms.Services/Service/PermissionServices.cs b/Marco.Pms.Services/Service/PermissionServices.cs index 12c1306..f3ddb58 100644 --- a/Marco.Pms.Services/Service/PermissionServices.cs +++ b/Marco.Pms.Services/Service/PermissionServices.cs @@ -1,4 +1,8 @@ using Marco.Pms.DataAccess.Data; +using Marco.Pms.Model.Employees; +using Marco.Pms.Model.Entitlements; +using Marco.Pms.Model.Projects; +using MarcoBMS.Services.Helpers; using Microsoft.EntityFrameworkCore; namespace Marco.Pms.Services.Service @@ -6,9 +10,13 @@ namespace Marco.Pms.Services.Service public class PermissionServices { private readonly ApplicationDbContext _context; - public PermissionServices(ApplicationDbContext context) + private readonly RolesHelper _rolesHelper; + private readonly ProjectsHelper _projectsHelper; + public PermissionServices(ApplicationDbContext context, RolesHelper rolesHelper, ProjectsHelper projectsHelper) { _context = context; + _rolesHelper = rolesHelper; + _projectsHelper = projectsHelper; } public async Task HasPermission(Guid featurePermissionId, Guid employeeId) @@ -21,5 +29,24 @@ namespace Marco.Pms.Services.Service .Any(rp => rp.FeaturePermissionId == featurePermissionId && rp.ApplicationRoleId == roleId)); return hasPermission; } + public async Task HasProjectPermission(Employee emp, string projectId) + { + List featurePermission = await _rolesHelper.GetFeaturePermissionByEmployeeID(emp.Id); + string[] projectsId = []; + + /* User with permission manage project can see all projects */ + if (featurePermission != null && featurePermission.Exists(c => c.Id.ToString() == "172fc9b6-755b-4f62-ab26-55c34a330614")) + { + List projects = await _projectsHelper.GetAllProjectByTanentID(emp.TenantId); + projectsId = projects.Select(c => c.Id.ToString()).ToArray(); + } + else + { + List allocation = await _projectsHelper.GetProjectByEmployeeID(emp.Id); + projectsId = allocation.Select(c => c.ProjectId.ToString()).ToArray(); + } + bool response = projectsId.Contains(projectId); + return response; + } } }