admin/marco.pms.api
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Changed the if condition in expense list API

Browse Source
This commit is contained in:
ashutosh.nehete 2025-08-04 14:46:40 +05:30
parent b9f2bc53c8
commit c3571f76b8
1 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Marco.Pms.Services/Service/ExpensesService.cs
View File

@ -132,17 +132,16 @@ namespace Marco.Pms.Services.Service
await _cache.AddExpensesListToCache(expenses: await expensesQuery.ToListAsync(), tenantId); await _cache.AddExpensesListToCache(expenses: await expensesQuery.ToListAsync(), tenantId);
// Apply permission-based filtering BEFORE any other filters or pagination. // Apply permission-based filtering BEFORE any other filters or pagination.
if (hasViewAllPermissionTask.Result)
if (!hasViewAllPermissionTask.Result && hasViewSelfPermissionTask.Result) {
expensesQuery = expensesQuery.Where(e => e.CreatedById != loggedInEmployeeId || e.StatusId != Draft);
}
else if (hasViewSelfPermissionTask.Result)
{ {
// User only has 'View Self' permission, so restrict the query to their own expenses. // User only has 'View Self' permission, so restrict the query to their own expenses.
_logger.LogInfo("User {EmployeeId} has 'View Self' permission. Restricting query to their expenses.", loggedInEmployeeId); _logger.LogInfo("User {EmployeeId} has 'View Self' permission. Restricting query to their expenses.", loggedInEmployeeId);
expensesQuery = expensesQuery.Where(e => e.CreatedById == loggedInEmployeeId); expensesQuery = expensesQuery.Where(e => e.CreatedById == loggedInEmployeeId);
} }
else
{
expensesQuery = expensesQuery.Where(e => e.CreatedById != loggedInEmployeeId || e.StatusId != Draft);
}
if (expenseFilter != null) if (expenseFilter != null)
{ {