admin/marco.pms.api
1
0
Fork 0
Code Issues Pull Requests 8 Actions Packages Projects Releases Wiki Activity

Tenant_Management #114

Merged
ashutosh.nehete merged 73 commits from Tenant_Management into main 2025-08-28 05:13:10 +00:00
Conversation 0 Commits 73 Files Changed 93 +2 -2
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 540c3e75fd - Show all commits

4
Marco.Pms.Services/Controllers/TenantController.cs
View File

@ -258,7 +258,7 @@ namespace Marco.Pms.Services.Controllers
return StatusCode(403, return StatusCode(403,
ApiResponse<object>.ErrorResponse("Access denied", "User does not have the required permissions for this action.", 403)); ApiResponse<object>.ErrorResponse("Access denied", "User does not have the required permissions for this action.", 403));
} }
if ((hasModifyPermission || hasViewPermission) && id != loggedInEmployee.TenantId) if (!hasManagePermission && (hasModifyPermission || hasViewPermission) && id != loggedInEmployee.TenantId)
{ {
_logger.LogWarning("Permission denied: User {EmployeeId} attempted to access tenant details of other tenant.", loggedInEmployee.Id); _logger.LogWarning("Permission denied: User {EmployeeId} attempted to access tenant details of other tenant.", loggedInEmployee.Id);
return StatusCode(403, return StatusCode(403,
@ -658,7 +658,7 @@ namespace Marco.Pms.Services.Controllers
_logger.LogWarning("Access denied: User {EmployeeId} lacks required permissions for UpdateTenant on TenantId: {TenantId}.", loggedInEmployee.Id, id); _logger.LogWarning("Access denied: User {EmployeeId} lacks required permissions for UpdateTenant on TenantId: {TenantId}.", loggedInEmployee.Id, id);
return StatusCode(403, ApiResponse<object>.ErrorResponse("Access denied", "User does not have the required permissions for this action.", 403)); return StatusCode(403, ApiResponse<object>.ErrorResponse("Access denied", "User does not have the required permissions for this action.", 403));
} }
if (hasModifyPermission && id != loggedInEmployee.TenantId) if (!hasManagePermission && hasModifyPermission && id != loggedInEmployee.TenantId)
{ {
_logger.LogWarning("Permission denied: User {EmployeeId} attempted to access tenant details of other tenant.", loggedInEmployee.Id); _logger.LogWarning("Permission denied: User {EmployeeId} attempted to access tenant details of other tenant.", loggedInEmployee.Id);
return StatusCode(403, return StatusCode(403,