Added validation in Employee Create and update api to check Whether this email and Id belongs to same employee

2025-04-02 17:53:07 +05:30 · 2025-04-02 17:53:07 +05:30 · e50eedc7e6
commit e50eedc7e6
parent 5034da19cd
1 changed files with 7 additions and 6 deletions
--- a/Marco.Pms.Services/Controllers/EmployeeController.cs
+++ b/Marco.Pms.Services/Controllers/EmployeeController.cs
@ -182,23 +182,24 @@ namespace MarcoBMS.Services.Controllers
                    /* Identity user Exists - Create/update employee Employee */

                    // Update Employee record
-                    var existingEmployee = await _context.Employees.FirstOrDefaultAsync(e => e.ApplicationUserId == existingUser.Id || e.Email == model.Email || e.Id == model.Id);
+                    var existingEmployee = await _context.Employees.FirstOrDefaultAsync(e => e.Email == model.Email && e.Id == model.Id);
                    if (existingEmployee != null)
                    {
                        existingEmployee = GetUpdateEmployeeModel(model, existingEmployee, existingUser);

                        _context.Employees.Update(existingEmployee);
+                        await _context.SaveChangesAsync();
+                        responsemessage = "User updated successfully.";
                    }
                    else
                    {
                        // Create Employee record if missing
-                        Employee newEmployee = GetNewEmployeeModel(model, TenantId, existingUser.Id);
-                        _context.Employees.Add(newEmployee);
+                        //Employee newEmployee = GetNewEmployeeModel(model, TenantId, existingUser.Id);
+                        //_context.Employees.Add(newEmployee);
+                        return BadRequest("You cannot use this email");
                    }

-                    await _context.SaveChangesAsync();

-                    responsemessage = "User updated successfully.";
                }
                else
                {
@ -225,7 +226,7 @@ namespace MarcoBMS.Services.Controllers
                    var resetLink = $"{_configuration["AppSettings:WebFrontendUrl"]}/reset-password?token={WebUtility.UrlEncode(token)}";
                    await _emailSender.SendResetPasswordEmailOnRegister(user.Email, newEmployee.FirstName, resetLink);

-                    responsemessage = "User created successfully. PAssword reset link is sent to registered email";
+                    responsemessage = "User created successfully. Password reset link is sent to registered email";
                }
            }
            else