admin/marco.pms.api
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Changed status code 401 to 403

Browse Source
This commit is contained in:
ashutosh.nehete 2025-08-06 15:10:55 +05:30
parent 9ef7946d89
commit f02eb32143
1 changed files with 3 additions and 118 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

121
Marco.Pms.Services/Controllers/TenantController.cs
View File

@ -210,121 +210,6 @@ namespace Marco.Pms.Services.Controllers
} }
// GET api/<TenantController>/5 // GET api/<TenantController>/5
[HttpGet("details/{id}")]
private async Task<IActionResult> GetTenantDetails(Guid id)
{
var loggedInEmployee = await _userHelper.GetCurrentEmployeeAsync();
await using var _context = await _dbContextFactory.CreateDbContextAsync();
var manageTenantsTask = Task.Run(async () =>
{
using var scope = _serviceScopeFactory.CreateScope();
var _permissionService = scope.ServiceProvider.GetRequiredService<PermissionServices>();
return await _permissionService.HasPermission(PermissionsMaster.ManageTenants, loggedInEmployee.Id);
});
var modifyTenantTask = Task.Run(async () =>
{
using var scope = _serviceScopeFactory.CreateScope();
var _permissionService = scope.ServiceProvider.GetRequiredService<PermissionServices>();
return await _permissionService.HasPermission(PermissionsMaster.ModifyTenant, loggedInEmployee.Id);
});
var viewTenantTask = Task.Run(async () =>
{
using var scope = _serviceScopeFactory.CreateScope();
var _permissionService = scope.ServiceProvider.GetRequiredService<PermissionServices>();
return await _permissionService.HasPermission(PermissionsMaster.ViewTenant, loggedInEmployee.Id);
});
await Task.WhenAll(manageTenantsTask, modifyTenantTask, viewTenantTask);
var hasManageTenantsPermission = manageTenantsTask.Result;
var hasModifyTenantPermission = modifyTenantTask.Result;
var hasViewTenantPermission = viewTenantTask.Result;
if (!hasManageTenantsPermission && !hasModifyTenantPermission && !hasViewTenantPermission)
{
_logger.LogWarning("Permission denied: User {EmployeeId} attempted to add subscription without permission or root access.",
loggedInEmployee.Id);
return StatusCode(403,
ApiResponse<object>.ErrorResponse("Access denied",
"User does not have the required permissions for this action.", 403));
}
var tenant = await _context.Tenants
.Include(t => t.Industry)
.Include(t => t.TenantStatus)
.AsNoTracking()
.FirstOrDefaultAsync(t => t.Id == id);
if (tenant == null)
{
_logger.LogWarning("Tenant {TenantId} not found in database", id);
return NotFound(ApiResponse<object>.ErrorResponse("Tenant not found", "Tenant not found", 404));
}
var employeeTask = Task.Run(async () =>
{
await using var _dbContext = await _dbContextFactory.CreateDbContextAsync();
return await _dbContext.Employees.Include(e => e.ApplicationUser).AsNoTracking().Where(e => e.TenantId == tenant.Id).ToListAsync();
});
var createdByTask = Task.Run(async () =>
{
await using var _dbContext = await _dbContextFactory.CreateDbContextAsync();
return await _dbContext.Employees.AsNoTracking().Where(e => e.Id == tenant.CreatedById).Select(e => _mapper.Map<BasicEmployeeVM>(e)).FirstOrDefaultAsync();
});
var planTask = Task.Run(async () =>
{
await using var _dbContext = await _dbContextFactory.CreateDbContextAsync();
return await _dbContext.TenantSubscriptions
.Include(sp => sp!.CreatedBy)
.Include(sp => sp!.UpdatedBy)
.Include(sp => sp!.Currency)
.Include(ts => ts.Plan).ThenInclude(sp => sp!.Plan)
.AsNoTracking()
.Where(ts => ts.TenantId == tenant.Id && ts.Plan != null)
.OrderBy(ts => ts.CreatedBy).ToListAsync();
});
var projectTask = Task.Run(async () =>
{
await using var _dbContext = await _dbContextFactory.CreateDbContextAsync();
return await _dbContext.Projects
.Include(p => p.ProjectStatus)
.AsNoTracking()
.Where(p => p.TenantId == tenant.Id)
.ToListAsync();
});
await Task.WhenAll(employeeTask, projectTask, planTask, createdByTask);
var employees = employeeTask.Result;
var projects = projectTask.Result;
var plans = planTask.Result;
var createdBy = createdByTask.Result;
var activeEmployeesCount = employees.Where(e => e.IsActive).Count();
var inActiveEmployeesCount = employees.Where(e => !e.IsActive).Count();
var currentPlan = plans.FirstOrDefault(ts => !ts.IsCancelled);
var expiryDate = currentPlan?.EndDate;
var nextBillingDate = currentPlan?.NextBillingDate;
var response = _mapper.Map<TenantDetailsVM>(tenant);
response.ActiveEmployees = activeEmployeesCount;
response.InActiveEmployees = inActiveEmployeesCount;
response.ActiveProjects = projects.Where(p => p.ProjectStatusId == projectActiveStatus).Count();
response.InProgressProjects = projects.Where(p => p.ProjectStatusId == projectInProgressStatus).Count();
response.OnHoldProjects = projects.Where(p => p.ProjectStatusId == projectOnHoldStatus).Count();
response.InActiveProjects = projects.Where(p => p.ProjectStatusId == projectInActiveStatus).Count();
response.CompletedProjects = projects.Where(p => p.ProjectStatusId == projectCompletedStatus).Count();
response.ExpiryDate = expiryDate;
response.NextBillingDate = nextBillingDate;
response.CreatedBy = createdBy;
response.SubscriptionHistery = _mapper.Map<List<SubscriptionPlanDetailsVM>>(plans);
return Ok(ApiResponse<object>.SuccessResponse(response, "Tenant profile fetched successfully", 200));
}
[HttpGet("details/{id}")] [HttpGet("details/{id}")]
public async Task<IActionResult> GetTenantDetailsAsync(Guid id) public async Task<IActionResult> GetTenantDetailsAsync(Guid id)
{ {
@ -335,7 +220,7 @@ namespace Marco.Pms.Services.Controllers
if (loggedInEmployee == null) if (loggedInEmployee == null)
{ {
_logger.LogWarning("No logged-in employee found for the request."); _logger.LogWarning("No logged-in employee found for the request.");
return Unauthorized(ApiResponse<object>.ErrorResponse("Unauthorized", "User must be logged in.", 401)); return StatusCode(403, ApiResponse<object>.ErrorResponse("Unauthorized", "User must be logged in.", 403));
} }
// Check permissions using a single service scope to avoid overhead // Check permissions using a single service scope to avoid overhead
@ -485,7 +370,7 @@ namespace Marco.Pms.Services.Controllers
if (loggedInEmployee == null) if (loggedInEmployee == null)
{ {
// This case should ideally be handled by an [Authorize] attribute, but it's good practice to double-check. // This case should ideally be handled by an [Authorize] attribute, but it's good practice to double-check.
return Unauthorized(ApiResponse<object>.ErrorResponse("Authentication required", "User is not logged in.", 401)); return StatusCode(403, ApiResponse<object>.ErrorResponse("Authentication required", "User is not logged in.", 403));
} }
var hasPermission = await _permissionService.HasPermission(PermissionsMaster.ManageTenants, loggedInEmployee.Id); var hasPermission = await _permissionService.HasPermission(PermissionsMaster.ManageTenants, loggedInEmployee.Id);
@ -729,7 +614,7 @@ namespace Marco.Pms.Services.Controllers
if (loggedInEmployee == null) if (loggedInEmployee == null)
{ {
_logger.LogWarning("No logged-in employee found."); _logger.LogWarning("No logged-in employee found.");
return Unauthorized(ApiResponse<object>.ErrorResponse("Unauthorized", "User must be logged in.", 401)); return StatusCode(403, ApiResponse<object>.ErrorResponse("Unauthorized", "User must be logged in.", 403));
} }
await using var _context = await _dbContextFactory.CreateDbContextAsync(); await using var _context = await _dbContextFactory.CreateDbContextAsync();