diff --git a/Marco.Pms.Services/Controllers/TenantController.cs b/Marco.Pms.Services/Controllers/TenantController.cs index 5a7b390..8df2fc9 100644 --- a/Marco.Pms.Services/Controllers/TenantController.cs +++ b/Marco.Pms.Services/Controllers/TenantController.cs @@ -210,121 +210,6 @@ namespace Marco.Pms.Services.Controllers } // GET api//5 - [HttpGet("details/{id}")] - private async Task GetTenantDetails(Guid id) - { - var loggedInEmployee = await _userHelper.GetCurrentEmployeeAsync(); - - await using var _context = await _dbContextFactory.CreateDbContextAsync(); - - var manageTenantsTask = Task.Run(async () => - { - using var scope = _serviceScopeFactory.CreateScope(); - var _permissionService = scope.ServiceProvider.GetRequiredService(); - return await _permissionService.HasPermission(PermissionsMaster.ManageTenants, loggedInEmployee.Id); - }); - var modifyTenantTask = Task.Run(async () => - { - using var scope = _serviceScopeFactory.CreateScope(); - var _permissionService = scope.ServiceProvider.GetRequiredService(); - return await _permissionService.HasPermission(PermissionsMaster.ModifyTenant, loggedInEmployee.Id); - }); - var viewTenantTask = Task.Run(async () => - { - using var scope = _serviceScopeFactory.CreateScope(); - var _permissionService = scope.ServiceProvider.GetRequiredService(); - return await _permissionService.HasPermission(PermissionsMaster.ViewTenant, loggedInEmployee.Id); - }); - - await Task.WhenAll(manageTenantsTask, modifyTenantTask, viewTenantTask); - - var hasManageTenantsPermission = manageTenantsTask.Result; - var hasModifyTenantPermission = modifyTenantTask.Result; - var hasViewTenantPermission = viewTenantTask.Result; - - if (!hasManageTenantsPermission && !hasModifyTenantPermission && !hasViewTenantPermission) - { - _logger.LogWarning("Permission denied: User {EmployeeId} attempted to add subscription without permission or root access.", - loggedInEmployee.Id); - - return StatusCode(403, - ApiResponse.ErrorResponse("Access denied", - "User does not have the required permissions for this action.", 403)); - } - - var tenant = await _context.Tenants - .Include(t => t.Industry) - .Include(t => t.TenantStatus) - .AsNoTracking() - .FirstOrDefaultAsync(t => t.Id == id); - if (tenant == null) - { - _logger.LogWarning("Tenant {TenantId} not found in database", id); - return NotFound(ApiResponse.ErrorResponse("Tenant not found", "Tenant not found", 404)); - } - - var employeeTask = Task.Run(async () => - { - await using var _dbContext = await _dbContextFactory.CreateDbContextAsync(); - return await _dbContext.Employees.Include(e => e.ApplicationUser).AsNoTracking().Where(e => e.TenantId == tenant.Id).ToListAsync(); - }); - var createdByTask = Task.Run(async () => - { - await using var _dbContext = await _dbContextFactory.CreateDbContextAsync(); - return await _dbContext.Employees.AsNoTracking().Where(e => e.Id == tenant.CreatedById).Select(e => _mapper.Map(e)).FirstOrDefaultAsync(); - }); - var planTask = Task.Run(async () => - { - await using var _dbContext = await _dbContextFactory.CreateDbContextAsync(); - return await _dbContext.TenantSubscriptions - .Include(sp => sp!.CreatedBy) - .Include(sp => sp!.UpdatedBy) - .Include(sp => sp!.Currency) - .Include(ts => ts.Plan).ThenInclude(sp => sp!.Plan) - .AsNoTracking() - .Where(ts => ts.TenantId == tenant.Id && ts.Plan != null) - .OrderBy(ts => ts.CreatedBy).ToListAsync(); - }); - var projectTask = Task.Run(async () => - { - await using var _dbContext = await _dbContextFactory.CreateDbContextAsync(); - return await _dbContext.Projects - .Include(p => p.ProjectStatus) - .AsNoTracking() - .Where(p => p.TenantId == tenant.Id) - .ToListAsync(); - }); - - await Task.WhenAll(employeeTask, projectTask, planTask, createdByTask); - - var employees = employeeTask.Result; - var projects = projectTask.Result; - var plans = planTask.Result; - var createdBy = createdByTask.Result; - - var activeEmployeesCount = employees.Where(e => e.IsActive).Count(); - var inActiveEmployeesCount = employees.Where(e => !e.IsActive).Count(); - - var currentPlan = plans.FirstOrDefault(ts => !ts.IsCancelled); - var expiryDate = currentPlan?.EndDate; - var nextBillingDate = currentPlan?.NextBillingDate; - - var response = _mapper.Map(tenant); - response.ActiveEmployees = activeEmployeesCount; - response.InActiveEmployees = inActiveEmployeesCount; - response.ActiveProjects = projects.Where(p => p.ProjectStatusId == projectActiveStatus).Count(); - response.InProgressProjects = projects.Where(p => p.ProjectStatusId == projectInProgressStatus).Count(); - response.OnHoldProjects = projects.Where(p => p.ProjectStatusId == projectOnHoldStatus).Count(); - response.InActiveProjects = projects.Where(p => p.ProjectStatusId == projectInActiveStatus).Count(); - response.CompletedProjects = projects.Where(p => p.ProjectStatusId == projectCompletedStatus).Count(); - response.ExpiryDate = expiryDate; - response.NextBillingDate = nextBillingDate; - response.CreatedBy = createdBy; - response.SubscriptionHistery = _mapper.Map>(plans); - - return Ok(ApiResponse.SuccessResponse(response, "Tenant profile fetched successfully", 200)); - } - [HttpGet("details/{id}")] public async Task GetTenantDetailsAsync(Guid id) { @@ -335,7 +220,7 @@ namespace Marco.Pms.Services.Controllers if (loggedInEmployee == null) { _logger.LogWarning("No logged-in employee found for the request."); - return Unauthorized(ApiResponse.ErrorResponse("Unauthorized", "User must be logged in.", 401)); + return StatusCode(403, ApiResponse.ErrorResponse("Unauthorized", "User must be logged in.", 403)); } // Check permissions using a single service scope to avoid overhead @@ -485,7 +370,7 @@ namespace Marco.Pms.Services.Controllers if (loggedInEmployee == null) { // This case should ideally be handled by an [Authorize] attribute, but it's good practice to double-check. - return Unauthorized(ApiResponse.ErrorResponse("Authentication required", "User is not logged in.", 401)); + return StatusCode(403, ApiResponse.ErrorResponse("Authentication required", "User is not logged in.", 403)); } var hasPermission = await _permissionService.HasPermission(PermissionsMaster.ManageTenants, loggedInEmployee.Id); @@ -729,7 +614,7 @@ namespace Marco.Pms.Services.Controllers if (loggedInEmployee == null) { _logger.LogWarning("No logged-in employee found."); - return Unauthorized(ApiResponse.ErrorResponse("Unauthorized", "User must be logged in.", 401)); + return StatusCode(403, ApiResponse.ErrorResponse("Unauthorized", "User must be logged in.", 403)); } await using var _context = await _dbContextFactory.CreateDbContextAsync();