admin/marco.pms.api
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Added code to validate the id received by path parameter with id received by payload

Browse Source
This commit is contained in:
ashutosh.nehete 2025-06-16 17:19:59 +05:30
parent e391c82659
commit ff9c7c9434
1 changed files with 28 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
Marco.Pms.Services/Helpers/MasterHelper.cs
View File

@ -356,41 +356,58 @@ namespace Marco.Pms.Services.Helpers
try
{
// Step 1: Get tenant and employee info
// Step 1: Validate input
if (id == Guid.Empty || id != updateWorkStatusDto.Id)
{
_logger.LogWarning("Invalid ID provided for update. Route ID: {RouteId}, DTO ID: {DtoId}", id, updateWorkStatusDto.Id);
return ApiResponse<object>.ErrorResponse("Invalid data provided", "The provided work status ID is invalid", 400);
}
// Step 2: Get tenant and logged-in employee
Guid tenantId = _userHelper.GetTenantId();
var loggedInEmployee = await _userHelper.GetCurrentEmployeeAsync();
// Step 2: Check permission to update master
// Step 3: Check permissions
var hasManageMasterPermission = await _permissionService.HasPermission(Manage_Master, loggedInEmployee.Id);
if (!hasManageMasterPermission)
{
_logger.LogWarning("Update denied. EmployeeId: {EmployeeId} does not have Manage Master permission.", loggedInEmployee.Id);
return ApiResponse<object>.ErrorResponse("You don't have access", "Don't have access to take action", 403);
_logger.LogWarning("Access denied. EmployeeId: {EmployeeId} does not have Manage Master permission.", loggedInEmployee.Id);
return ApiResponse<object>.ErrorResponse("Access denied", "You do not have permission to update this work status", 403);
}
// Step 3: Retrieve existing work status by id and tenant
// Step 4: Retrieve the work status record
var workStatus = await _context.WorkStatusMasters
.FirstOrDefaultAsync(ws => ws.Id == id && ws.TenantId == tenantId);
if (workStatus == null)
{
_logger.LogWarning("Work status not found for Id: {Id}", id);
return ApiResponse<object>.ErrorResponse("Work status not found", "Work status not found", 404);
_logger.LogWarning("Work status not found for ID: {Id}", id);
return ApiResponse<object>.ErrorResponse("Work status not found", "No work status found with the provided ID", 404);
}
// Step 4: Update fields
// Step 5: Check for duplicate name (optional)
var isDuplicate = await _context.WorkStatusMasters
.AnyAsync(ws => ws.Name == updateWorkStatusDto.Name && ws.Id != id && ws.TenantId == tenantId);
if (isDuplicate)
{
_logger.LogWarning("Duplicate work status name '{Name}' detected during update. ID: {Id}", updateWorkStatusDto.Name ?? "", id);
return ApiResponse<object>.ErrorResponse("Work status with the same name already exists", "Duplicate name", 400);
}
// Step 6: Update fields
workStatus.Name = updateWorkStatusDto.Name?.Trim() ?? "";
workStatus.Description = updateWorkStatusDto.Description?.Trim() ?? "";
await _context.SaveChangesAsync();
_logger.LogInfo("Work status updated successfully. Id: {Id}", workStatus.Id);
_logger.LogInfo("Work status updated successfully. ID: {Id}", id);
return ApiResponse<object>.SuccessResponse(workStatus, "Work status updated successfully", 200);
}
catch (Exception ex)
{
_logger.LogError("Error occurred while updating work status Id: {Id} : {Error}", id, ex.Message);
return ApiResponse<object>.ErrorResponse("An error occurred", "Unable to update work status", 500);
_logger.LogError("Error occurred while updating work status ID: {Id} : {Error}", id, ex.Message);
return ApiResponse<object>.ErrorResponse("An error occurred", "Unable to update the work status at this time", 500);
}
}
public async Task<ApiResponse<object>> DeleteWorkStatus(Guid id)