From e50eedc7e68facf8c03b6873e2ed740482aee964 Mon Sep 17 00:00:00 2001
From: "ashutosh.nehete" <ashutosh.nehete@marcoaiot.com>
Date: Wed, 2 Apr 2025 17:53:07 +0530
Subject: [PATCH] Added validation in Employee Create and update api to check
 Whether this email and Id belongs to same employee

---
 .../Controllers/EmployeeController.cs               | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/Marco.Pms.Services/Controllers/EmployeeController.cs b/Marco.Pms.Services/Controllers/EmployeeController.cs
index 933a402..3112008 100644
--- a/Marco.Pms.Services/Controllers/EmployeeController.cs
+++ b/Marco.Pms.Services/Controllers/EmployeeController.cs
@@ -182,23 +182,24 @@ namespace MarcoBMS.Services.Controllers
                     /* Identity user Exists - Create/update employee Employee */
 
                     // Update Employee record
-                    var existingEmployee = await _context.Employees.FirstOrDefaultAsync(e => e.ApplicationUserId == existingUser.Id || e.Email == model.Email || e.Id == model.Id);
+                    var existingEmployee = await _context.Employees.FirstOrDefaultAsync(e => e.Email == model.Email && e.Id == model.Id);
                     if (existingEmployee != null)
                     {
                         existingEmployee = GetUpdateEmployeeModel(model, existingEmployee, existingUser);
 
                         _context.Employees.Update(existingEmployee);
+                        await _context.SaveChangesAsync();
+                        responsemessage = "User updated successfully.";
                     }
                     else
                     {
                         // Create Employee record if missing
-                        Employee newEmployee = GetNewEmployeeModel(model, TenantId, existingUser.Id);
-                        _context.Employees.Add(newEmployee);
+                        //Employee newEmployee = GetNewEmployeeModel(model, TenantId, existingUser.Id);
+                        //_context.Employees.Add(newEmployee);
+                        return BadRequest("You cannot use this email");
                     }
 
-                    await _context.SaveChangesAsync();
 
-                    responsemessage = "User updated successfully.";
                 }
                 else
                 {
@@ -225,7 +226,7 @@ namespace MarcoBMS.Services.Controllers
                     var resetLink = $"{_configuration["AppSettings:WebFrontendUrl"]}/reset-password?token={WebUtility.UrlEncode(token)}";
                     await _emailSender.SendResetPasswordEmailOnRegister(user.Email, newEmployee.FirstName, resetLink);
 
-                    responsemessage = "User created successfully. PAssword reset link is sent to registered email";
+                    responsemessage = "User created successfully. Password reset link is sent to registered email";
                 }
             }
             else