From fdcbd9af5fc4dfeabe3e832518170d5ffef6fe46 Mon Sep 17 00:00:00 2001 From: "ashutosh.nehete" Date: Mon, 25 Aug 2025 12:57:15 +0530 Subject: [PATCH] Added the logic to only remove the employee permission if every module in subscription is not enabled --- .../Controllers/TenantController.cs | 50 +++++++++++-------- 1 file changed, 29 insertions(+), 21 deletions(-) diff --git a/Marco.Pms.Services/Controllers/TenantController.cs b/Marco.Pms.Services/Controllers/TenantController.cs index 10a031d..69be1e4 100644 --- a/Marco.Pms.Services/Controllers/TenantController.cs +++ b/Marco.Pms.Services/Controllers/TenantController.cs @@ -1293,24 +1293,7 @@ namespace Marco.Pms.Services.Controllers await Task.WhenAll(projectPermTask, attendancePermTask, directoryPermTask, expensePermTask, employeePermTask); - // 8c. Prepare add and remove permission lists. - var newPermissionIds = new List(); - var revokePermissionIds = new List(); - - void ProcessPerms(bool? enabled, List ids) - { - if (enabled == true) newPermissionIds.AddRange(ids); - else revokePermissionIds.AddRange(ids); - } - ProcessPerms(features.Modules?.ProjectManagement?.Enabled, projectPermTask.Result); - ProcessPerms(features.Modules?.Attendance?.Enabled, attendancePermTask.Result); - ProcessPerms(features.Modules?.Directory?.Enabled, directoryPermTask.Result); - ProcessPerms(features.Modules?.Expense?.Enabled, expensePermTask.Result); - - newPermissionIds = newPermissionIds.Distinct().ToList(); - revokePermissionIds = revokePermissionIds.Distinct().ToList(); - - // 8d. Find root employee & role for this tenant. + // 8c. Find root employee & role for this tenant. var rootEmployee = await context.Employees .Include(e => e.ApplicationUser) .FirstOrDefaultAsync(e => e.ApplicationUser != null && (e.ApplicationUser.IsRootUser ?? false) && e.TenantId == model.TenantId); @@ -1338,10 +1321,35 @@ namespace Marco.Pms.Services.Controllers var dbOldRolePerms = await context.RolePermissionMappings.Where(x => x.ApplicationRoleId == rootRoleId).ToListAsync(); var oldPermIds = dbOldRolePerms.Select(rp => rp.FeaturePermissionId).ToList(); - // 8e. Prevent accidental loss of basic employee permissions. - if ((oldPermIds.Count - revokePermissionIds.Count) >= 4 && revokePermissionIds.Any()) + // 8d. Prepare add and remove permission lists. + var newPermissionIds = new List(); + var revokePermissionIds = new List(); + var employeePerms = employeePermTask.Result; + var isOldEmployeePermissionIdExist = oldPermIds.Any(fp => employeePerms.Contains(fp)); + + void ProcessPerms(bool? enabled, List ids) + { + var isOldPermissionIdExist = oldPermIds.Any(fp => ids.Contains(fp)); + + if (enabled == true && !isOldPermissionIdExist) newPermissionIds.AddRange(ids); + if (enabled == true && !isOldEmployeePermissionIdExist) newPermissionIds.AddRange(ids); + if (enabled == false && isOldPermissionIdExist) revokePermissionIds.AddRange(ids); + } + ProcessPerms(features.Modules?.ProjectManagement?.Enabled, projectPermTask.Result); + ProcessPerms(features.Modules?.Attendance?.Enabled, attendancePermTask.Result); + ProcessPerms(features.Modules?.Directory?.Enabled, directoryPermTask.Result); + ProcessPerms(features.Modules?.Expense?.Enabled, expensePermTask.Result); + + newPermissionIds = newPermissionIds.Distinct().ToList(); + revokePermissionIds = revokePermissionIds.Distinct().ToList(); + + + // 8e. Prevent accidental loss of basic employee permissions. + if ((features.Modules?.ProjectManagement?.Enabled == true || + features.Modules?.Attendance?.Enabled == true || + features.Modules?.Directory?.Enabled == true || + features.Modules?.Expense?.Enabled == true) && isOldEmployeePermissionIdExist) { - var employeePerms = employeePermTask.Result; revokePermissionIds = revokePermissionIds.Where(pid => !employeePerms.Contains(pid)).ToList(); }