admin/marco.pms.api
1
0
Fork 0
Code Issues Pull Requests 4 Actions Packages Projects Releases Wiki Activity

Compare commits

base: admin:fb3932fe25318ee1ceb3664ee7eb7d986bd0fcb9
Branches Tags
admin:main
admin:Upgrade_Expense
admin:Project_Report_Datewise
admin:Ashutosh_Task#1622
admin:Ashutosh_Task#1612
admin:Ashutosh_Task#1609
admin:Inventory_Management
admin:Payment_Gatway_Management
admin:Payment_Gatway_Management_OFW
admin:Collection_Management
admin:OnFieldWork_V1
admin:Ashutosh_Bug#1498
admin:Ashutosh_AllowCredentials
admin:Ashutosh_Bug#1461
admin:Ashutosh_Enhancement#1452
admin:Organization_Management
admin:Ashutosh_Task_#1362
admin:Ashutosh_Task#1360
admin:Ashutosh_Enhancement_#1355
admin:Ashutosh_Enhancement#1347
admin:Ashutosh_Enhancement_#1297
admin:Ashutosh_Enhancement_#1293
admin:Firebase_Implementation
admin:Ashutosh_Task#1246
admin:Ashutosh_Task#1239
admin:Ashutosh_Task#1225
admin:Ashutosh_Subscription_Plan
admin:Ashutosh_Get_All_Permission
admin:Document_Manager
admin:Directory_Refactor
admin:Mobile_Logger_Feature
admin:Brevo_Mailling
admin:Ashutosh_Task#1036
admin:Ashutosh_Task#1029
admin:Ashutosh_Task#1027
admin:Ashutosh_Task#1026
admin:Ashutosh_Task#1025
admin:Ashutosh_Task#1013
admin:Ashutosh_Task#1010
admin:Ashutosh_Task#1011
admin:Ashutosh_Task#1009
admin:Ashutosh_Task#1019
admin:Ashutosh_Task#1018
admin:Ashutosh_Task#980
admin:Tenant_Management
admin:AppMenu
admin:Issues_Aug_1W
admin:Activity_Hierarchy
admin:Ashutosh_Bug#935
admin:profile_page
admin:Expanses_Management_Feature
admin:contact_import
admin:Issues_July_4W
admin:Change_MPIN_Digits
admin:Ashutosh_Refactor
admin:Ashutosh_Task#767
admin:Attendance_Weidget_feature
admin:ProjectDetails_Split_API
admin:Ashutosh_JWT_Token
admin:vikas#387_code_review
admin:Image_Gallery
admin:Ashutosh_Task#663
admin:Ashutosh_Enhancement_#631
admin:Issues_July_1W
admin:Issues_June_3W
admin:Ashutosh_Enhancement_#622
admin:Ashutosh_Task_#237
admin:Ashutosh_Task#513
admin:Approve_Task_Feature
admin:Ashutosh_Bug#529
admin:SingalR_Integration
admin:Approve_Task
admin:Acititvity_Images
admin:GlobalSelectProject
admin:Feature_Directory
admin:Ashutosh_Enhancement#496_ShortName
admin:pramod_Task#455
admin:pramod_Task#474
admin:Issue_Jun_1W_2
admin:Issue_Jun_2W
admin:Ashutosh_Task#484_Login_MPIN
admin:Ashutosh_Task#483_Login_OTP
admin:pramod_Task#448
admin:Ashutosh_Task#480_Send_OTP
admin:Ashutosh_Task#471_Create_MPIN
admin:Ashutosh_Task#469_Mobile_Login
admin:pramod_Task#465
admin:Issue_Jun_1W
admin:Ashutosh_Enhancement#456_Self_Attendance
admin:Ashutosh_Enhancement#276_TodaysPlanned
admin:Issue_May_5W
admin:Ashutosh_Enhancement#413_Manage_Employee
admin:Ashutosh_Task#269_Delete_Bucket
admin:Ashutosh_Task#387_Assign_Bucket
admin:Ashutosh_#375_To_#381
admin:Issue_May_4W
admin:Ashutosh_Task#316_Daily_Project_Report
admin:Ashutosh_Task#356_Directory_Management
admin:Ashutosh_Task#348_Activities_Report
admin:Ashutosh_Task#347_Project_Attendance_Report
admin:Ashutosh_Task#346_Pending_Attendance
admin:Ashutosh_Task#233_Update_Contact_Category
admin:Ashutosh_Task#250_Update_Bucket
admin:AshutoshEnhancement#332_Added_Filter_To_Contact_List
admin:Ashutosh_Task#263_Delete_Contact
admin:Ashutosh_Task#317_Get_Organization_List
admin:Ashutosh_Task#230_Get_Contact_By_Id
admin:pramod_Task-#237_Update_Contact_Tag
admin:Issue_May_3W
admin:Ashutosh_AppSettings_Changes
admin:Ashutosh_Contact_Note_CRUD
admin:Ashutosh_Task#234_Get_COntact_Category_By_Id
admin:Ashutosh_Task#246_Get_Note_List_By_ContactID
admin:Ashutosh_Task#266_Delete_Contact_Tag
admin:Ashutosh_Task#231_Get_Contact_By_BucketId
admin:Ashtush_Task#265_Delete_Contact_Category
admin:Ashutosh_Task#249_Create_Bucket
admin:Ashutosh_Tasl#236_Create_ContactTag
admin:pramod_Task#238
admin:Ashutosh_Task#228_Update_Contact
admin:Ashutosh_Task#235_Get_Contact_Category_List
admin:Ashutosh_Task#229_Create_Contact_Category
admin:Ashutosh_Task#226_Create_Contact
admin:pramod_Task#282
admin:Ashutosh_Task#124_Models_And_Dto
admin:Ashutosh_Feature_Permission
admin:Issues_May_2W
admin:Ashutosh_Enhancement#206_Added_WorkCategory_In_WorkItem
admin:Ashutosh_Enhancement_#214_Report_Task_At_Zero
admin:Ashutosh_Feature#208_WorkCategory_Master_Table
admin:Ashutosh_Enhancement#199_Manage_Employee_FromBody
admin:Ashtuosh_Bug#191_Incorrect_Success_Message
admin:Ashutosh_Enhancement#198_Added_IsSystem
admin:Ashutosh_Enhancement#172_Show_InactiveEmployees
admin:Ashutosh_Feature#183_Get_AttendanceLogs_By_EmployeeId
admin:Ashutosh_ApprovedBy_In_Attendes
admin:Ashutosh_Feature#174_Suspend_Employee
admin:Ashutosh_Feature#170_Task_Deletion
admin:Feature_Forum
admin:tmp-releae-head
admin:Ashutosh_Bug#127_Regularization_Time_Validation
admin:Ashutosh_Bug#125_Unable_To_Add_Checklist_Item
admin:Ashutosh_Bug#117_Null_Validation_In_Attendance_Log
admin:Ashutosh_Enhancement_#123_Possible_Null_Reference
admin:Ashutosh_Bug#119_Remove_CheckList_Item
admin:Ashutosh_Bug#114_Email_Template_Not_Found
admin:Ashutosh_Task#106_Upload_Whitelist_Only
admin:Ashutosh_Forum_APIs
admin:Ashutosh_Bug#108_Attendance_log
admin:Ashutosh_Enhancement_#104_Store_Images_In_AmazonS3
admin:TenantManagementV1
admin:Feature_Task_management
admin:Issues_April_4W
admin:Ashutosh_Task_#67_Request_Demo
admin:Ashutosh_Task_#79_Get_Industries_API
admin:Ashutosh_Bug_#75_Employee_duplicatation
admin:Ashutosh_Bug_#74_Attendance_Regularization_Date
admin:Feature_Image_Gallary
admin:Ashutosh_ActivityMaster_managenment
admin:Ashutosh_Dashboard
admin:Ashutosh_Null_Refrenance_Warning_Fixed
admin:Ashutosh_AddServerHeade_False
admin:Vaibhav_Resolved_Issues
admin:Issuses
admin:Ashutosh_Employee_Update_Validation
admin:vikas_38_featurepermission_issue
admin:Ashutosh_User_Validations
admin:Ashutosh_Bug#37_Attendance_Issues
admin:TeanantManagement
admin:pramod_Refactoring#12_UniqueApplicationRole
admin:Ashutosh_Task#16_UpdateTenant
admin:Ashutosh_Bug#18_Project_Duplicate
admin:Ashutosh_Task#14_TenantProfile
admin:Ashutosh_Bug#1_Cors_Configuration
admin:UserRights
admin:Ashutosh_SCRUM-58_Time_Discrepancies_Attendance
admin:Ashutosh_SCRUM-62_Decodeing_Token_Reset_password
admin:Ashutosh_CreateNewTenant
..
compare: admin:27a7044edecd7bebab867631ad279812441724f6
Branches Tags
admin:Upgrade_Expense
admin:Project_Report_Datewise
admin:Ashutosh_Task#1622
admin:Ashutosh_Task#1612
admin:Ashutosh_Task#1609
admin:Inventory_Management
admin:Payment_Gatway_Management
admin:Payment_Gatway_Management_OFW
admin:Collection_Management
admin:main
admin:OnFieldWork_V1
admin:Ashutosh_Bug#1498
admin:Ashutosh_AllowCredentials
admin:Ashutosh_Bug#1461
admin:Ashutosh_Enhancement#1452
admin:Organization_Management
admin:Ashutosh_Task_#1362
admin:Ashutosh_Task#1360
admin:Ashutosh_Enhancement_#1355
admin:Ashutosh_Enhancement#1347
admin:Ashutosh_Enhancement_#1297
admin:Ashutosh_Enhancement_#1293
admin:Firebase_Implementation
admin:Ashutosh_Task#1246
admin:Ashutosh_Task#1239
admin:Ashutosh_Task#1225
admin:Ashutosh_Subscription_Plan
admin:Ashutosh_Get_All_Permission
admin:Document_Manager
admin:Directory_Refactor
admin:Mobile_Logger_Feature
admin:Brevo_Mailling
admin:Ashutosh_Task#1036
admin:Ashutosh_Task#1029
admin:Ashutosh_Task#1027
admin:Ashutosh_Task#1026
admin:Ashutosh_Task#1025
admin:Ashutosh_Task#1013
admin:Ashutosh_Task#1010
admin:Ashutosh_Task#1011
admin:Ashutosh_Task#1009
admin:Ashutosh_Task#1019
admin:Ashutosh_Task#1018
admin:Ashutosh_Task#980
admin:Tenant_Management
admin:AppMenu
admin:Issues_Aug_1W
admin:Activity_Hierarchy
admin:Ashutosh_Bug#935
admin:profile_page
admin:Expanses_Management_Feature
admin:contact_import
admin:Issues_July_4W
admin:Change_MPIN_Digits
admin:Ashutosh_Refactor
admin:Ashutosh_Task#767
admin:Attendance_Weidget_feature
admin:ProjectDetails_Split_API
admin:Ashutosh_JWT_Token
admin:vikas#387_code_review
admin:Image_Gallery
admin:Ashutosh_Task#663
admin:Ashutosh_Enhancement_#631
admin:Issues_July_1W
admin:Issues_June_3W
admin:Ashutosh_Enhancement_#622
admin:Ashutosh_Task_#237
admin:Ashutosh_Task#513
admin:Approve_Task_Feature
admin:Ashutosh_Bug#529
admin:SingalR_Integration
admin:Approve_Task
admin:Acititvity_Images
admin:GlobalSelectProject
admin:Feature_Directory
admin:Ashutosh_Enhancement#496_ShortName
admin:pramod_Task#455
admin:pramod_Task#474
admin:Issue_Jun_1W_2
admin:Issue_Jun_2W
admin:Ashutosh_Task#484_Login_MPIN
admin:Ashutosh_Task#483_Login_OTP
admin:pramod_Task#448
admin:Ashutosh_Task#480_Send_OTP
admin:Ashutosh_Task#471_Create_MPIN
admin:Ashutosh_Task#469_Mobile_Login
admin:pramod_Task#465
admin:Issue_Jun_1W
admin:Ashutosh_Enhancement#456_Self_Attendance
admin:Ashutosh_Enhancement#276_TodaysPlanned
admin:Issue_May_5W
admin:Ashutosh_Enhancement#413_Manage_Employee
admin:Ashutosh_Task#269_Delete_Bucket
admin:Ashutosh_Task#387_Assign_Bucket
admin:Ashutosh_#375_To_#381
admin:Issue_May_4W
admin:Ashutosh_Task#316_Daily_Project_Report
admin:Ashutosh_Task#356_Directory_Management
admin:Ashutosh_Task#348_Activities_Report
admin:Ashutosh_Task#347_Project_Attendance_Report
admin:Ashutosh_Task#346_Pending_Attendance
admin:Ashutosh_Task#233_Update_Contact_Category
admin:Ashutosh_Task#250_Update_Bucket
admin:AshutoshEnhancement#332_Added_Filter_To_Contact_List
admin:Ashutosh_Task#263_Delete_Contact
admin:Ashutosh_Task#317_Get_Organization_List
admin:Ashutosh_Task#230_Get_Contact_By_Id
admin:pramod_Task-#237_Update_Contact_Tag
admin:Issue_May_3W
admin:Ashutosh_AppSettings_Changes
admin:Ashutosh_Contact_Note_CRUD
admin:Ashutosh_Task#234_Get_COntact_Category_By_Id
admin:Ashutosh_Task#246_Get_Note_List_By_ContactID
admin:Ashutosh_Task#266_Delete_Contact_Tag
admin:Ashutosh_Task#231_Get_Contact_By_BucketId
admin:Ashtush_Task#265_Delete_Contact_Category
admin:Ashutosh_Task#249_Create_Bucket
admin:Ashutosh_Tasl#236_Create_ContactTag
admin:pramod_Task#238
admin:Ashutosh_Task#228_Update_Contact
admin:Ashutosh_Task#235_Get_Contact_Category_List
admin:Ashutosh_Task#229_Create_Contact_Category
admin:Ashutosh_Task#226_Create_Contact
admin:pramod_Task#282
admin:Ashutosh_Task#124_Models_And_Dto
admin:Ashutosh_Feature_Permission
admin:Issues_May_2W
admin:Ashutosh_Enhancement#206_Added_WorkCategory_In_WorkItem
admin:Ashutosh_Enhancement_#214_Report_Task_At_Zero
admin:Ashutosh_Feature#208_WorkCategory_Master_Table
admin:Ashutosh_Enhancement#199_Manage_Employee_FromBody
admin:Ashtuosh_Bug#191_Incorrect_Success_Message
admin:Ashutosh_Enhancement#198_Added_IsSystem
admin:Ashutosh_Enhancement#172_Show_InactiveEmployees
admin:Ashutosh_Feature#183_Get_AttendanceLogs_By_EmployeeId
admin:Ashutosh_ApprovedBy_In_Attendes
admin:Ashutosh_Feature#174_Suspend_Employee
admin:Ashutosh_Feature#170_Task_Deletion
admin:Feature_Forum
admin:tmp-releae-head
admin:Ashutosh_Bug#127_Regularization_Time_Validation
admin:Ashutosh_Bug#125_Unable_To_Add_Checklist_Item
admin:Ashutosh_Bug#117_Null_Validation_In_Attendance_Log
admin:Ashutosh_Enhancement_#123_Possible_Null_Reference
admin:Ashutosh_Bug#119_Remove_CheckList_Item
admin:Ashutosh_Bug#114_Email_Template_Not_Found
admin:Ashutosh_Task#106_Upload_Whitelist_Only
admin:Ashutosh_Forum_APIs
admin:Ashutosh_Bug#108_Attendance_log
admin:Ashutosh_Enhancement_#104_Store_Images_In_AmazonS3
admin:TenantManagementV1
admin:Feature_Task_management
admin:Issues_April_4W
admin:Ashutosh_Task_#67_Request_Demo
admin:Ashutosh_Task_#79_Get_Industries_API
admin:Ashutosh_Bug_#75_Employee_duplicatation
admin:Ashutosh_Bug_#74_Attendance_Regularization_Date
admin:Feature_Image_Gallary
admin:Ashutosh_ActivityMaster_managenment
admin:Ashutosh_Dashboard
admin:Ashutosh_Null_Refrenance_Warning_Fixed
admin:Ashutosh_AddServerHeade_False
admin:Vaibhav_Resolved_Issues
admin:Issuses
admin:Ashutosh_Employee_Update_Validation
admin:vikas_38_featurepermission_issue
admin:Ashutosh_User_Validations
admin:Ashutosh_Bug#37_Attendance_Issues
admin:TeanantManagement
admin:pramod_Refactoring#12_UniqueApplicationRole
admin:Ashutosh_Task#16_UpdateTenant
admin:Ashutosh_Bug#18_Project_Duplicate
admin:Ashutosh_Task#14_TenantProfile
admin:Ashutosh_Bug#1_Cors_Configuration
admin:UserRights
admin:Ashutosh_SCRUM-58_Time_Discrepancies_Attendance
admin:Ashutosh_SCRUM-62_Decodeing_Token_Reset_password
admin:Ashutosh_CreateNewTenant

No commits in common. "fb3932fe25318ee1ceb3664ee7eb7d986bd0fcb9" and "27a7044edecd7bebab867631ad279812441724f6" have entirely different histories.
fb3932fe25 ... 27a7044ede

2 changed files with 12 additions and 170 deletions
Show Stats Expand all files Collapse all files

30
Marco.Pms.Services/Controllers/DirectoryController.cs
View File

@ -39,17 +39,12 @@ namespace Marco.Pms.Services.Controllers
{ {
return Ok(response); return Ok(response);
} }
else if (response.StatusCode == 401)
{
return Unauthorized(response);
}
else else
{ {
return BadRequest(response); return BadRequest(response);
} }
} }
[HttpGet("contact-bucket/{bucketId}")] [HttpGet("contact-bucket/{bucketId}")]
public async Task<IActionResult> GetContactsListByBucketId(Guid bucketId) public async Task<IActionResult> GetContactsListByBucketId(Guid bucketId)
{ {
@ -103,10 +98,6 @@ namespace Marco.Pms.Services.Controllers
{ {
return NotFound(response); return NotFound(response);
} }
else if (response.StatusCode == 401)
{
return Unauthorized(response);
}
else else
{ {
return BadRequest(response); return BadRequest(response);
@ -226,18 +217,7 @@ namespace Marco.Pms.Services.Controllers
public async Task<IActionResult> GetBucketList() public async Task<IActionResult> GetBucketList()
{ {
var response = await _directoryHelper.GetBucketList(); var response = await _directoryHelper.GetBucketList();
if (response.StatusCode == 200) return Ok(response);
{
return Ok(response);
}
else if (response.StatusCode == 401)
{
return Unauthorized(response);
}
else
{
return BadRequest(response);
}
} }
[HttpPost("bucket")] [HttpPost("bucket")]
@ -261,10 +241,6 @@ namespace Marco.Pms.Services.Controllers
{ {
return Conflict(response); return Conflict(response);
} }
else if (response.StatusCode == 401)
{
return Unauthorized(response);
}
else else
{ {
return BadRequest(response); return BadRequest(response);
@ -284,10 +260,6 @@ namespace Marco.Pms.Services.Controllers
{ {
return NotFound(response); return NotFound(response);
} }
else if (response.StatusCode == 401)
{
return Unauthorized(response);
}
else else
{ {
return BadRequest(response); return BadRequest(response);

152
Marco.Pms.Services/Helpers/DirectoryHelper.cs
View File

@ -18,18 +18,13 @@ namespace Marco.Pms.Services.Helpers
private readonly ApplicationDbContext _context; private readonly ApplicationDbContext _context;
private readonly ILoggingService _logger; private readonly ILoggingService _logger;
private readonly UserHelper _userHelper; private readonly UserHelper _userHelper;
private readonly Guid directoryAdmin;
private readonly Guid directoryManager;
private readonly Guid directoryUser;
public DirectoryHelper(ApplicationDbContext context, ILoggingService logger, UserHelper userHelper) public DirectoryHelper(ApplicationDbContext context, ILoggingService logger, UserHelper userHelper)
{ {
_context = context; _context = context;
_logger = logger; _logger = logger;
_userHelper = userHelper; _userHelper = userHelper;
directoryAdmin = Guid.Parse("4286a13b-bb40-4879-8c6d-18e9e393beda");
directoryManager = Guid.Parse("62668630-13ce-4f52-a0f0-db38af2230c5");
directoryUser = Guid.Parse("0f919170-92d4-4337-abd3-49b66fc871bb");
} }
@ -38,29 +33,9 @@ namespace Marco.Pms.Services.Helpers
{ {
Guid tenantId = _userHelper.GetTenantId(); Guid tenantId = _userHelper.GetTenantId();
var LoggedInEmployee = await _userHelper.GetCurrentEmployeeAsync(); var LoggedInEmployee = await _userHelper.GetCurrentEmployeeAsync();
var assignedRoleIds = await _context.EmployeeRoleMappings.Where(r => r.EmployeeId == LoggedInEmployee.Id).Select(r => r.RoleId).ToListAsync();
var permissionIds = await _context.RolePermissionMappings.Where(rp => assignedRoleIds.Contains(rp.ApplicationRoleId)).Select(rp => rp.FeaturePermissionId).Distinct().ToListAsync();
List<EmployeeBucketMapping>? employeeBuckets = await _context.EmployeeBucketMappings.Where(eb => eb.EmployeeId == LoggedInEmployee.Id).ToListAsync(); List<EmployeeBucketMapping>? employeeBuckets = await _context.EmployeeBucketMappings.Where(eb => eb.EmployeeId == LoggedInEmployee.Id).ToListAsync();
List<Guid> bucketIds = employeeBuckets.Select(c => c.BucketId).ToList(); List<Guid> bucketIds = employeeBuckets.Select(c => c.BucketId).ToList();
if (permissionIds.Contains(directoryAdmin)) List<Guid> filterbucketIds = employeeBuckets.Select(c => c.BucketId).ToList();
{
var buckets = await _context.Buckets.Where(b => b.TenantId == tenantId).ToListAsync();
bucketIds = buckets.Select(b => b.Id).ToList();
}
else if (permissionIds.Contains(directoryManager) || permissionIds.Contains(directoryUser))
{
var buckets = await _context.Buckets.Where(b => b.CreatedByID == LoggedInEmployee.Id).ToListAsync();
var createdBucketIds = buckets.Select(b => b.Id).ToList();
bucketIds.AddRange(createdBucketIds);
bucketIds = bucketIds.Distinct().ToList();
}
else
{
_logger.LogError("Employee {EmployeeId} attemped to access a contacts, but do not have permission", LoggedInEmployee.Id);
return ApiResponse<object>.ErrorResponse("You don't have permission", "You don't have permission", 401);
}
List<Guid> filterbucketIds = bucketIds;
if (filterDto != null && filterDto.BucketIds != null && filterDto.BucketIds.Count > 0) if (filterDto != null && filterDto.BucketIds != null && filterDto.BucketIds.Count > 0)
{ {
filterbucketIds = filterDto.BucketIds; filterbucketIds = filterDto.BucketIds;
@ -185,37 +160,12 @@ namespace Marco.Pms.Services.Helpers
var LoggedInEmployee = await _userHelper.GetCurrentEmployeeAsync(); var LoggedInEmployee = await _userHelper.GetCurrentEmployeeAsync();
if (id != Guid.Empty) if (id != Guid.Empty)
{ {
Bucket? bucket = await _context.Buckets.FirstOrDefaultAsync(b => b.Id == id && b.TenantId == tenantId); EmployeeBucketMapping? employeeBucket = await _context.EmployeeBucketMappings.FirstOrDefaultAsync(em => em.BucketId == id && em.EmployeeId == LoggedInEmployee.Id);
if (bucket == null)
{
_logger.LogInfo("Employee ID {EmployeeId} attempted access to bucket ID {BucketId}, but not found in database", LoggedInEmployee.Id);
return ApiResponse<object>.ErrorResponse("Bucket not found", "Bucket not found", 404);
}
List<EmployeeBucketMapping>? employeeBuckets = await _context.EmployeeBucketMappings.Where(em => em.BucketId == id).ToListAsync();
var assignedRoleIds = await _context.EmployeeRoleMappings.Where(r => r.EmployeeId == LoggedInEmployee.Id).Select(r => r.RoleId).ToListAsync();
var permissionIds = await _context.RolePermissionMappings.Where(rp => assignedRoleIds.Contains(rp.ApplicationRoleId)).Select(rp => rp.FeaturePermissionId).Distinct().ToListAsync();
EmployeeBucketMapping? employeeBucket = null;
if (permissionIds.Contains(directoryAdmin))
{
employeeBucket = employeeBuckets.FirstOrDefault();
}
else if (permissionIds.Contains(directoryManager) || permissionIds.Contains(directoryUser))
{
employeeBucket = employeeBuckets.FirstOrDefault(eb => eb.EmployeeId == LoggedInEmployee.Id);
}
else
{
_logger.LogError("Employee {EmployeeId} attemped to access a contacts with in bucket {BucketId}, but do not have permission", LoggedInEmployee.Id, id);
return ApiResponse<object>.ErrorResponse("You don't have permission", "You don't have permission", 401);
}
if (employeeBucket == null) if (employeeBucket == null)
{ {
_logger.LogInfo("Employee ID {EmployeeId} does not have access to bucket ID {BucketId}", LoggedInEmployee.Id); _logger.LogInfo("Employee ID {EmployeeId} does not have access to bucket ID {BucketId}", LoggedInEmployee.Id);
return ApiResponse<object>.ErrorResponse("You do not have access to this bucket.", "You do not have access to this bucket.", 401); return ApiResponse<object>.ErrorResponse("You do not have access to this bucket.", "You do not have access to this bucket.", 401);
} }
List<ContactBucketMapping> contactBucket = await _context.ContactBucketMappings.Where(cb => cb.BucketId == id).ToListAsync() ?? new List<ContactBucketMapping>(); List<ContactBucketMapping> contactBucket = await _context.ContactBucketMappings.Where(cb => cb.BucketId == id).ToListAsync() ?? new List<ContactBucketMapping>();
List<ContactVM> contactVMs = new List<ContactVM>(); List<ContactVM> contactVMs = new List<ContactVM>();
if (contactBucket.Count > 0) if (contactBucket.Count > 0)
@ -476,33 +426,6 @@ namespace Marco.Pms.Services.Helpers
return ApiResponse<object>.ErrorResponse("Contact not found", "Contact not found", 404); return ApiResponse<object>.ErrorResponse("Contact not found", "Contact not found", 404);
} }
var assignedRoleIds = await _context.EmployeeRoleMappings.Where(r => r.EmployeeId == LoggedInEmployee.Id).Select(r => r.RoleId).ToListAsync();
var permissionIds = await _context.RolePermissionMappings.Where(rp => assignedRoleIds.Contains(rp.ApplicationRoleId)).Select(rp => rp.FeaturePermissionId).Distinct().ToListAsync();
List<EmployeeBucketMapping>? employeeBuckets = await _context.EmployeeBucketMappings.Where(eb => eb.EmployeeId == LoggedInEmployee.Id).ToListAsync();
List<Guid> bucketIds = employeeBuckets.Select(c => c.BucketId).ToList();
if (permissionIds.Contains(directoryAdmin))
{
var buckets = await _context.Buckets.Where(b => b.TenantId == tenantId).ToListAsync();
bucketIds = buckets.Select(b => b.Id).ToList();
}
else if (permissionIds.Contains(directoryManager) || permissionIds.Contains(directoryUser))
{
var buckets = await _context.Buckets.Where(b => b.CreatedByID == LoggedInEmployee.Id).ToListAsync();
var createdBucketIds = buckets.Select(b => b.Id).ToList();
bucketIds.AddRange(createdBucketIds);
bucketIds = bucketIds.Distinct().ToList();
}
else
{
_logger.LogError("Employee {EmployeeId} attemped to update a contact, but do not have permission", LoggedInEmployee.Id);
return ApiResponse<object>.ErrorResponse("You don't have permission", "You don't have permission", 401);
}
List<ContactBucketMapping> contactBuckets = await _context.ContactBucketMappings.AsNoTracking().Where(m => m.ContactId == contact.Id && bucketIds.Contains(m.BucketId)).ToListAsync();
bucketIds = contactBuckets.Select(b => b.BucketId).Distinct().ToList();
var newContact = updateContact.ToContactFromUpdateContactDto(tenantId, contact); var newContact = updateContact.ToContactFromUpdateContactDto(tenantId, contact);
_context.Contacts.Update(newContact); _context.Contacts.Update(newContact);
await _context.SaveChangesAsync(); await _context.SaveChangesAsync();
@ -512,7 +435,8 @@ namespace Marco.Pms.Services.Helpers
List<ContactEmail> emails = await _context.ContactsEmails.AsNoTracking().Where(p => p.ContactId == contact.Id).ToListAsync(); List<ContactEmail> emails = await _context.ContactsEmails.AsNoTracking().Where(p => p.ContactId == contact.Id).ToListAsync();
var emailIds = emails.Select(p => p.Id).ToList(); var emailIds = emails.Select(p => p.Id).ToList();
List<ContactBucketMapping> contactBuckets = await _context.ContactBucketMappings.AsNoTracking().Where(m => m.ContactId == contact.Id).ToListAsync();
var bucketIds = contactBuckets.Select(b => b.BucketId).Distinct().ToList();
List<ContactTagMapping> contactTags = await _context.ContactTagMappings.AsNoTracking().Where(m => m.ContactId == contact.Id).ToListAsync(); List<ContactTagMapping> contactTags = await _context.ContactTagMappings.AsNoTracking().Where(m => m.ContactId == contact.Id).ToListAsync();
var tagIds = contactTags.Select(t => t.ContactTagId).Distinct().ToList(); var tagIds = contactTags.Select(t => t.ContactTagId).Distinct().ToList();
@ -1002,38 +926,20 @@ namespace Marco.Pms.Services.Helpers
{ {
Guid tenantId = _userHelper.GetTenantId(); Guid tenantId = _userHelper.GetTenantId();
var LoggedInEmployee = await _userHelper.GetCurrentEmployeeAsync(); var LoggedInEmployee = await _userHelper.GetCurrentEmployeeAsync();
var assignedRoleIds = await _context.EmployeeRoleMappings.Where(r => r.EmployeeId == LoggedInEmployee.Id).Select(r => r.RoleId).ToListAsync();
var permissionIds = await _context.RolePermissionMappings.Where(rp => assignedRoleIds.Contains(rp.ApplicationRoleId)).Select(rp => rp.FeaturePermissionId).Distinct().ToListAsync();
List<EmployeeBucketMapping> employeeBuckets = await _context.EmployeeBucketMappings.Where(b => b.EmployeeId == LoggedInEmployee.Id).ToListAsync(); List<EmployeeBucketMapping> employeeBuckets = await _context.EmployeeBucketMappings.Where(b => b.EmployeeId == LoggedInEmployee.Id).ToListAsync();
var bucketIds = employeeBuckets.Select(b => b.BucketId).ToList(); var bucketIds = employeeBuckets.Select(b => b.BucketId).ToList();
List<Bucket> bucketList = new List<Bucket>(); List<Bucket> bucketList = await _context.Buckets.Where(b => bucketIds.Contains(b.Id)).ToListAsync();
if (permissionIds.Contains(directoryAdmin))
{
bucketList = await _context.Buckets.Where(b => b.TenantId == tenantId).ToListAsync();
}
else if (permissionIds.Contains(directoryManager) || permissionIds.Contains(directoryUser))
{
bucketList = await _context.Buckets.Where(b => bucketIds.Contains(b.Id) || b.CreatedByID == LoggedInEmployee.Id).ToListAsync();
}
else
{
_logger.LogError("Employee {EmployeeId} attemped to access a buckets list, but do not have permission", LoggedInEmployee.Id);
return ApiResponse<object>.ErrorResponse("You don't have permission", "You don't have permission", 401);
}
List<BucketVM> bucketVMs = new List<BucketVM>(); List<BucketVM> bucketVMs = new List<BucketVM>();
if (bucketList.Any()) foreach (var bucket in bucketList)
{ {
foreach (var bucket in bucketList) BucketVM bucketVM = bucket.ToBucketVMFromBucket();
{ bucketVMs.Add(bucketVM);
BucketVM bucketVM = bucket.ToBucketVMFromBucket();
bucketVMs.Add(bucketVM);
}
} }
_logger.LogInfo("{count} Buckets are fetched by Employee with ID {LoggedInEmployeeId}", bucketVMs.Count, LoggedInEmployee.Id); _logger.LogInfo("{count} Buckets are fetched by Employee with ID {LoggedInEmployeeId}", bucketVMs.Count, LoggedInEmployee.Id);
return ApiResponse<object>.SuccessResponse(bucketVMs, $"{bucketVMs.Count} buckets fetched successfully", 200); return ApiResponse<object>.SuccessResponse(bucketVMs, System.String.Format("{0} buckets fetched successfully", bucketVMs.Count), 200);
} }
public async Task<ApiResponse<object>> CreateBucket(CreateBucketDto bucketDto) public async Task<ApiResponse<object>> CreateBucket(CreateBucketDto bucketDto)
{ {
@ -1041,15 +947,6 @@ namespace Marco.Pms.Services.Helpers
var LoggedInEmployee = await _userHelper.GetCurrentEmployeeAsync(); var LoggedInEmployee = await _userHelper.GetCurrentEmployeeAsync();
if (bucketDto != null) if (bucketDto != null)
{ {
var assignedRoleIds = await _context.EmployeeRoleMappings.Where(r => r.EmployeeId == LoggedInEmployee.Id).Select(r => r.RoleId).ToListAsync();
var permissionIds = await _context.RolePermissionMappings.Where(rp => assignedRoleIds.Contains(rp.ApplicationRoleId)).Select(rp => rp.FeaturePermissionId).Distinct().ToListAsync();
var demo = !permissionIds.Contains(directoryUser);
if (!permissionIds.Contains(directoryAdmin) && !permissionIds.Contains(directoryManager) && !permissionIds.Contains(directoryUser))
{
_logger.LogError("Employee {EmployeeId} attemped to create a bucket, but do not have permission", LoggedInEmployee.Id);
return ApiResponse<object>.ErrorResponse("You don't have permission", "You don't have permission", 401);
}
var existingBucket = await _context.Buckets.FirstOrDefaultAsync(b => b.Name == bucketDto.Name); var existingBucket = await _context.Buckets.FirstOrDefaultAsync(b => b.Name == bucketDto.Name);
if (existingBucket != null) if (existingBucket != null)
{ {
@ -1088,39 +985,12 @@ namespace Marco.Pms.Services.Helpers
var LoggedInEmployee = await _userHelper.GetCurrentEmployeeAsync(); var LoggedInEmployee = await _userHelper.GetCurrentEmployeeAsync();
if (bucketDto != null && id == bucketDto.Id) if (bucketDto != null && id == bucketDto.Id)
{ {
var assignedRoleIds = await _context.EmployeeRoleMappings.Where(r => r.EmployeeId == LoggedInEmployee.Id).Select(r => r.RoleId).ToListAsync(); var bucket = await _context.Buckets.FirstOrDefaultAsync(b => b.Id == bucketDto.Id && b.TenantId == tenantId);
var permissionIds = await _context.RolePermissionMappings.Where(rp => assignedRoleIds.Contains(rp.ApplicationRoleId)).Select(rp => rp.FeaturePermissionId).Distinct().ToListAsync();
var bucketIds = await _context.EmployeeBucketMappings.Where(eb => eb.EmployeeId == LoggedInEmployee.Id).Select(eb => eb.BucketId).ToListAsync();
Bucket? bucket = await _context.Buckets.FirstOrDefaultAsync(b => b.Id == bucketDto.Id && b.TenantId == tenantId);
if (bucket == null) if (bucket == null)
{ {
_logger.LogWarning("Employee ID {LoggedInEmployeeId} attempted to update a bucket but not found in database.", LoggedInEmployee.Id); _logger.LogWarning("Employee ID {LoggedInEmployeeId} attempted to update a bucket but not found in database.", LoggedInEmployee.Id);
return ApiResponse<object>.ErrorResponse("Bucket not found", "Bucket not found", 404); return ApiResponse<object>.ErrorResponse("Bucket not found", "Bucket not found", 404);
} }
Bucket? accessableBucket = null;
if (permissionIds.Contains(directoryAdmin))
{
accessableBucket = bucket;
}
else if (permissionIds.Contains(directoryManager) && bucketIds.Contains(id))
{
accessableBucket = bucket;
}
else if (permissionIds.Contains(directoryUser))
{
if (bucket.CreatedByID == LoggedInEmployee.Id)
{
accessableBucket = bucket;
}
}
if (accessableBucket == null)
{
_logger.LogError("Employee {EmployeeId} attempted to access bucket {BucketId} without the necessary permissions.", LoggedInEmployee.Id, bucket.Id);
return ApiResponse<object>.ErrorResponse("You don't have permission to access this bucket", "You don't have permission to access this bucket", 401);
}
bucket.Name = bucketDto.Name ?? ""; bucket.Name = bucketDto.Name ?? "";
bucket.Description = bucketDto.Description ?? ""; bucket.Description = bucketDto.Description ?? "";