admin/marco.pms.api
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Added the logic to only remove the employee permission if every module in subscription is not enabled

Browse Source
This commit is contained in:
ashutosh.nehete 2025-08-25 12:57:15 +05:30
parent 9765ce1b8f
commit fdcbd9af5f
1 changed files with 29 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
Marco.Pms.Services/Controllers/TenantController.cs
View File

@ -1293,24 +1293,7 @@ namespace Marco.Pms.Services.Controllers
await Task.WhenAll(projectPermTask, attendancePermTask, directoryPermTask, expensePermTask, employeePermTask);
// 8c. Prepare add and remove permission lists.
var newPermissionIds = new List<Guid>();
var revokePermissionIds = new List<Guid>();
void ProcessPerms(bool? enabled, List<Guid> ids)
{
if (enabled == true) newPermissionIds.AddRange(ids);
else revokePermissionIds.AddRange(ids);
}
ProcessPerms(features.Modules?.ProjectManagement?.Enabled, projectPermTask.Result);
ProcessPerms(features.Modules?.Attendance?.Enabled, attendancePermTask.Result);
ProcessPerms(features.Modules?.Directory?.Enabled, directoryPermTask.Result);
ProcessPerms(features.Modules?.Expense?.Enabled, expensePermTask.Result);
newPermissionIds = newPermissionIds.Distinct().ToList();
revokePermissionIds = revokePermissionIds.Distinct().ToList();
// 8d. Find root employee & role for this tenant.
// 8c. Find root employee & role for this tenant.
var rootEmployee = await context.Employees
.Include(e => e.ApplicationUser)
.FirstOrDefaultAsync(e => e.ApplicationUser != null && (e.ApplicationUser.IsRootUser ?? false) && e.TenantId == model.TenantId);
@ -1338,10 +1321,35 @@ namespace Marco.Pms.Services.Controllers
var dbOldRolePerms = await context.RolePermissionMappings.Where(x => x.ApplicationRoleId == rootRoleId).ToListAsync();
var oldPermIds = dbOldRolePerms.Select(rp => rp.FeaturePermissionId).ToList();
// 8e. Prevent accidental loss of basic employee permissions.
if ((oldPermIds.Count - revokePermissionIds.Count) >= 4 && revokePermissionIds.Any())
{
// 8d. Prepare add and remove permission lists.
var newPermissionIds = new List<Guid>();
var revokePermissionIds = new List<Guid>();
var employeePerms = employeePermTask.Result;
var isOldEmployeePermissionIdExist = oldPermIds.Any(fp => employeePerms.Contains(fp));
void ProcessPerms(bool? enabled, List<Guid> ids)
{
var isOldPermissionIdExist = oldPermIds.Any(fp => ids.Contains(fp));
if (enabled == true && !isOldPermissionIdExist) newPermissionIds.AddRange(ids);
if (enabled == true && !isOldEmployeePermissionIdExist) newPermissionIds.AddRange(ids);
if (enabled == false && isOldPermissionIdExist) revokePermissionIds.AddRange(ids);
}
ProcessPerms(features.Modules?.ProjectManagement?.Enabled, projectPermTask.Result);
ProcessPerms(features.Modules?.Attendance?.Enabled, attendancePermTask.Result);
ProcessPerms(features.Modules?.Directory?.Enabled, directoryPermTask.Result);
ProcessPerms(features.Modules?.Expense?.Enabled, expensePermTask.Result);
newPermissionIds = newPermissionIds.Distinct().ToList();
revokePermissionIds = revokePermissionIds.Distinct().ToList();
// 8e. Prevent accidental loss of basic employee permissions.
if ((features.Modules?.ProjectManagement?.Enabled == true ||
features.Modules?.Attendance?.Enabled == true ||
features.Modules?.Directory?.Enabled == true ||
features.Modules?.Expense?.Enabled == true) && isOldEmployeePermissionIdExist)
{
revokePermissionIds = revokePermissionIds.Where(pid => !employeePerms.Contains(pid)).ToList();
}