From bbd20548677a9af4183be24f867fa66476562a8c Mon Sep 17 00:00:00 2001
From: "ashutosh.nehete" <ashutosh.nehete@marcoaiot.com>
Date: Wed, 16 Jul 2025 14:49:34 +0530
Subject: [PATCH] only checking if the user have permission of project or not
 only

---
 Marco.Pms.Services/Controllers/DashboardController.cs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Marco.Pms.Services/Controllers/DashboardController.cs b/Marco.Pms.Services/Controllers/DashboardController.cs
index 432459c..3829cdc 100644
--- a/Marco.Pms.Services/Controllers/DashboardController.cs
+++ b/Marco.Pms.Services/Controllers/DashboardController.cs
@@ -199,7 +199,8 @@ namespace Marco.Pms.Services.Controllers
                 if (projectId.HasValue)
                 {
                     // Security Check: Ensure the requested project is in the user's accessible list.
-                    if (!accessibleActiveProjectIds.Contains(projectId.Value))
+                    var hasPermission = await _permissionServices.HasProjectPermission(loggedInEmployee, projectId.Value.ToString());
+                    if (!hasPermission)
                     {
                         _logger.LogWarning("Access DENIED for user {UserId} on project {ProjectId} (not active or not accessible).", loggedInEmployee.Id, projectId.Value);
                         return StatusCode(403, ApiResponse<object>.ErrorResponse("Access Denied.", "You do not have permission to view this project, or it is not active.", 403));