Enhancement #380: Update "Create Bucket" API to Enforce Feature

Marco.Pms.Services/Controllers/DirectoryController.cs

@@ -261,6 +261,10 @@ namespace Marco.Pms.Services.Controllers
             {
                 return Conflict(response);
             }
+            else if (response.StatusCode == 401)
+            {
+                return Unauthorized(response);
+            }
             else
             {
                 return BadRequest(response);

Marco.Pms.Services/Helpers/DirectoryHelper.cs

@@ -1061,6 +1061,15 @@ namespace Marco.Pms.Services.Helpers
             var LoggedInEmployee = await _userHelper.GetCurrentEmployeeAsync();
             if (bucketDto != null)
             {
+                var assignedRoleIds = await _context.EmployeeRoleMappings.Where(r => r.EmployeeId == LoggedInEmployee.Id).Select(r => r.RoleId).ToListAsync();
+                var permissionIds = await _context.RolePermissionMappings.Where(rp => assignedRoleIds.Contains(rp.ApplicationRoleId)).Select(rp => rp.FeaturePermissionId).Distinct().ToListAsync();
+                var demo = !permissionIds.Contains(directoryUser);
+                if (!permissionIds.Contains(directoryAdmin) && !permissionIds.Contains(directoryManager) && !permissionIds.Contains(directoryUser))
+                {
+                    _logger.LogError("Employee {EmployeeId} attemped to create a bucket, but do not have permission", LoggedInEmployee.Id);
+                    return ApiResponse<object>.ErrorResponse("You don't have permission", "You don't have permission", 401);
+                }
+
                 var existingBucket = await _context.Buckets.FirstOrDefaultAsync(b => b.Name == bucketDto.Name);
                 if (existingBucket != null)
                 {