Merge pull request 'Added the API to activate and deactivate the document' (#126) from Ashutosh_Task#1036 into Document_Manager

Reviewed-on: #126

Marco.Pms.Services/Controllers/DocumentController.cs

@@ -1111,14 +1111,74 @@ namespace Marco.Pms.Services.Controllers
             }
         }
 
-
+        [HttpDelete("delete/{id}")]
-        // DELETE api/<DocumentController>/5
+        public async Task<IActionResult> DeleteDocumentAsync(Guid id, [FromQuery] bool isActive = false)
-        [HttpDelete("{id}")]
-        public async Task Delete(int id)
         {
+            // Create a new DbContext instance asynchronously
+            await using var _context = await _dbContextFactory.CreateDbContextAsync();
+
+            // Create a new service scope to resolve scoped services like permission and logging helpers
+            using var scope = _serviceScope.CreateScope();
+            var _permission = scope.ServiceProvider.GetRequiredService<PermissionServices>();
+            var updateLogHelper = scope.ServiceProvider.GetRequiredService<UtilityMongoDBHelper>();
+
+            // Message to indicate whether the document is being activated or deactivated
+            var message = isActive ? "activated" : "deactivated";
+
+            // Get the currently logged-in employee
             var loggedInEmployee = await _userHelper.GetCurrentEmployeeAsync();
+
+            // Log the start of the delete operation for traceability
+            _logger.LogInfo("DeleteDocument started for document ID: {DocumentId} by employee ID: {EmployeeId}", id, loggedInEmployee.Id);
+
+            // Retrieve the document attachment matching the criteria from the database
+            var documentAttachment = await _context.DocumentAttachments
+                .FirstOrDefaultAsync(da => da.Id == id && da.IsCurrentVersion && da.TenantId == tenantId && da.IsActive != isActive);
+
+            // If the document attachment is not found, log a warning and return 404 Not Found
+            if (documentAttachment == null)
+            {
+                _logger.LogWarning("DocumentAttachment not found for ID: {DocumentId}", id);
+                return NotFound(ApiResponse<object>.ErrorResponse("Document Attachment not found", "Document Attachment not found in database", 404));
             }
 
+            // Check if the logged in employee has permission to delete OR is the owner of the document attachment
+            var hasDeletePermission = await _permission.HasPermission(PermissionsMaster.DeleteDocument, loggedInEmployee.Id);
+            if (!hasDeletePermission && loggedInEmployee.Id != documentAttachment.EntityId)
+            {
+                _logger.LogWarning("Access denied for employee ID: {EmployeeId} when attempting to delete document ID: {DocumentId}", loggedInEmployee.Id, id);
+                return StatusCode(403, ApiResponse<object>.ErrorResponse("Access Denied.", "You do not have permission to delete documents", 403));
+            }
+
+            // Log the current state of the document attachment before updating for audit trail
+            var existingEntityBson = updateLogHelper.EntityToBsonDocument(documentAttachment);
+
+            // Update document attachment status and metadata
+            documentAttachment.IsActive = isActive;
+            documentAttachment.IsVerified = null;
+            documentAttachment.UpdatedAt = DateTime.UtcNow;
+            documentAttachment.UpdatedById = loggedInEmployee.Id;
+
+            // Persist changes to the database
+            await _context.SaveChangesAsync();
+
+            // Log the update operation to MongoDB for inspection and history
+            await updateLogHelper.PushToUpdateLogsAsync(new UpdateLogsObject
+            {
+                EntityId = documentAttachment.Id.ToString(),
+                UpdatedById = loggedInEmployee.Id.ToString(),
+                OldObject = existingEntityBson,
+                UpdatedAt = DateTime.UtcNow
+            }, Collection);
+
+            // Log the successful completion of the operation
+            _logger.LogInfo("DocumentAttachment ID: {DocumentId} has been {Message} by employee ID: {EmployeeId}", id, message, loggedInEmployee.Id);
+
+            // Return success response
+            return Ok(ApiResponse<object>.SuccessResponse(new { }, $"Document attachment is {message}", 200));
+        }
+
+
         #region =================================================================== Helper Functions ===================================================================
 
         private DocumentFilter? TryDeserializeFilter(string? filter)