Document_Manager #129
@ -68,7 +68,16 @@ namespace Marco.Pms.Services.Controllers
|
||||
var loggedInEmployee = await _userHelper.GetCurrentEmployeeAsync();
|
||||
|
||||
// Check global permission
|
||||
var hasViewPermission = await _permission.HasPermission(PermissionsMaster.ViewDocument, loggedInEmployee.Id);
|
||||
var hasViewPermission = false;
|
||||
if (ProjectEntity == entityTypeId)
|
||||
{
|
||||
hasViewPermission = await _permission.HasPermission(PermissionsMaster.ViewDocument, loggedInEmployee.Id, entityId);
|
||||
}
|
||||
else if (EmployeeEntity == entityTypeId)
|
||||
{
|
||||
hasViewPermission = await _permission.HasPermission(PermissionsMaster.ViewDocument, loggedInEmployee.Id);
|
||||
}
|
||||
|
||||
if (!hasViewPermission && loggedInEmployee.Id != entityId)
|
||||
{
|
||||
_logger.LogWarning("Access Denied for Employee {EmployeeId} on EntityId {EntityId}", loggedInEmployee.Id, entityId);
|
||||
@ -280,7 +289,16 @@ namespace Marco.Pms.Services.Controllers
|
||||
}
|
||||
|
||||
// Check if the logged in employee has permission to view the document OR is the owner of the attachment entity
|
||||
var hasViewPermission = await _permission.HasPermission(PermissionsMaster.ViewDocument, loggedInEmployee.Id);
|
||||
var hasViewPermission = false;
|
||||
if (ProjectEntity == versionMapping.ChildAttachment.DocumentType!.DocumentCategory!.EntityTypeId)
|
||||
{
|
||||
hasViewPermission = await _permission.HasPermission(PermissionsMaster.ViewDocument, loggedInEmployee.Id, versionMapping.ChildAttachment.EntityId);
|
||||
}
|
||||
else if (EmployeeEntity == versionMapping.ChildAttachment.DocumentType!.DocumentCategory!.EntityTypeId)
|
||||
{
|
||||
hasViewPermission = await _permission.HasPermission(PermissionsMaster.ViewDocument, loggedInEmployee.Id);
|
||||
}
|
||||
|
||||
if (!hasViewPermission && loggedInEmployee.Id != versionMapping.ChildAttachment.EntityId)
|
||||
{
|
||||
_logger.LogWarning("Access Denied for Employee {EmployeeId} on EntityId {EntityId}",
|
||||
@ -422,6 +440,9 @@ namespace Marco.Pms.Services.Controllers
|
||||
|
||||
// Retrieve all version mappings linked to the parent attachment and tenant
|
||||
var versionMappingsQuery = _context.AttachmentVersionMappings
|
||||
.Include(av => av.ChildAttachment)
|
||||
.ThenInclude(da => da!.DocumentType)
|
||||
.ThenInclude(dt => dt!.DocumentCategory)
|
||||
.Include(av => av.ChildAttachment)
|
||||
.ThenInclude(da => da!.UploadedBy)
|
||||
.ThenInclude(e => e!.JobRole)
|
||||
@ -445,9 +466,18 @@ namespace Marco.Pms.Services.Controllers
|
||||
.ToListAsync();
|
||||
|
||||
var entityId = versionMappings.Select(av => av.ChildAttachment?.EntityId).FirstOrDefault();
|
||||
var entityTypeId = versionMappings.Select(av => av.ChildAttachment?.DocumentType?.DocumentCategory?.EntityTypeId).FirstOrDefault();
|
||||
|
||||
// Check global permission
|
||||
var hasViewPermission = await _permission.HasPermission(PermissionsMaster.ViewDocument, loggedInEmployee.Id);
|
||||
var hasViewPermission = false;
|
||||
if (ProjectEntity == entityTypeId)
|
||||
{
|
||||
hasViewPermission = await _permission.HasPermission(PermissionsMaster.ViewDocument, loggedInEmployee.Id, entityId);
|
||||
}
|
||||
else if (EmployeeEntity == entityTypeId)
|
||||
{
|
||||
hasViewPermission = await _permission.HasPermission(PermissionsMaster.ViewDocument, loggedInEmployee.Id);
|
||||
}
|
||||
if (!hasViewPermission && loggedInEmployee.Id != entityId)
|
||||
{
|
||||
_logger.LogWarning("Access Denied for Employee {EmployeeId} on EntityId {EntityId}", loggedInEmployee.Id, entityId ?? Guid.Empty);
|
||||
@ -507,6 +537,9 @@ namespace Marco.Pms.Services.Controllers
|
||||
// Retrieve version mapping including the child attachment and its document
|
||||
.Include(av => av.ChildAttachment)
|
||||
.ThenInclude(da => da!.Document)
|
||||
.Include(av => av.ChildAttachment)
|
||||
.ThenInclude(da => da!.DocumentType)
|
||||
.ThenInclude(dt => dt!.DocumentCategory)
|
||||
.FirstOrDefaultAsync(av => av.ChildAttachmentId == id);
|
||||
|
||||
if (versionMapping == null || versionMapping.ChildAttachment == null || versionMapping.ChildAttachment.Document == null)
|
||||
@ -516,7 +549,16 @@ namespace Marco.Pms.Services.Controllers
|
||||
return NotFound(ApiResponse<object>.ErrorResponse("Version not found", "Version not found in database", 404));
|
||||
}
|
||||
var _permission = scope.ServiceProvider.GetRequiredService<PermissionServices>();
|
||||
var hasDownloadPermission = await _permission.HasPermission(PermissionsMaster.DownloadDocument, loggedInEmployee.Id);
|
||||
var hasDownloadPermission = false;
|
||||
if (ProjectEntity == versionMapping.ChildAttachment.DocumentType?.DocumentCategory?.EntityTypeId)
|
||||
{
|
||||
hasDownloadPermission = await _permission.HasPermission(PermissionsMaster.DownloadDocument, loggedInEmployee.Id, versionMapping.ChildAttachment.EntityId);
|
||||
}
|
||||
else if (EmployeeEntity == versionMapping.ChildAttachment.DocumentType?.DocumentCategory?.EntityTypeId)
|
||||
{
|
||||
hasDownloadPermission = await _permission.HasPermission(PermissionsMaster.DownloadDocument, loggedInEmployee.Id);
|
||||
}
|
||||
|
||||
if (!hasDownloadPermission && loggedInEmployee.Id != versionMapping.ChildAttachment.EntityId)
|
||||
{
|
||||
_logger.LogWarning("Access Denied for Employee {EmployeeId} on EntityId {EntityId} for downloading",
|
||||
@ -597,16 +639,6 @@ namespace Marco.Pms.Services.Controllers
|
||||
// Get logged in user
|
||||
var loggedInEmployee = await _userHelper.GetCurrentEmployeeAsync();
|
||||
|
||||
// Permission check
|
||||
var permissionService = scope.ServiceProvider.GetRequiredService<PermissionServices>();
|
||||
var hasUploadPermission = await permissionService.HasPermission(PermissionsMaster.UploadDocument, loggedInEmployee.Id);
|
||||
|
||||
if (!hasUploadPermission && loggedInEmployee.Id != model.EntityId)
|
||||
{
|
||||
_logger.LogWarning("Access Denied. User {UserId} tried to upload document for {EntityId}", loggedInEmployee.Id, model.EntityId);
|
||||
return StatusCode(403, ApiResponse<object>.ErrorResponse("Access Denied.", "You do not have permission to upload this document", 403));
|
||||
}
|
||||
|
||||
// Validate Document Type
|
||||
var documentType = await _context.DocumentTypeMasters
|
||||
.Include(dt => dt.DocumentCategory)
|
||||
@ -618,6 +650,24 @@ namespace Marco.Pms.Services.Controllers
|
||||
return NotFound(ApiResponse<object>.ErrorResponse("Document Type not found", "Document Type not found in database", 404));
|
||||
}
|
||||
|
||||
// Permission check
|
||||
var _permission = scope.ServiceProvider.GetRequiredService<PermissionServices>();
|
||||
var hasUploadPermission = false;
|
||||
if (ProjectEntity == documentType.DocumentCategory?.EntityTypeId)
|
||||
{
|
||||
hasUploadPermission = await _permission.HasPermission(PermissionsMaster.UploadDocument, loggedInEmployee.Id, model.EntityId);
|
||||
}
|
||||
else if (EmployeeEntity == documentType.DocumentCategory?.EntityTypeId)
|
||||
{
|
||||
hasUploadPermission = await _permission.HasPermission(PermissionsMaster.UploadDocument, loggedInEmployee.Id);
|
||||
}
|
||||
|
||||
if (!hasUploadPermission && loggedInEmployee.Id != model.EntityId)
|
||||
{
|
||||
_logger.LogWarning("Access Denied. User {UserId} tried to upload document for {EntityId}", loggedInEmployee.Id, model.EntityId);
|
||||
return StatusCode(403, ApiResponse<object>.ErrorResponse("Access Denied.", "You do not have permission to upload this document", 403));
|
||||
}
|
||||
|
||||
// Document ID validation
|
||||
if (documentType.IsMandatory && string.IsNullOrWhiteSpace(model.DocumentId))
|
||||
{
|
||||
@ -817,6 +867,8 @@ namespace Marco.Pms.Services.Controllers
|
||||
|
||||
// Fetch active/current document by Id, TenantId, and relevant conditions
|
||||
var documentAttachment = await _context.DocumentAttachments
|
||||
.Include(da => da.DocumentType)
|
||||
.ThenInclude(dt => dt!.DocumentCategory)
|
||||
.FirstOrDefaultAsync(da => da.Id == id && da.IsActive && da.IsCurrentVersion && da.TenantId == tenantId);
|
||||
|
||||
if (documentAttachment == null)
|
||||
@ -826,9 +878,16 @@ namespace Marco.Pms.Services.Controllers
|
||||
}
|
||||
|
||||
// Permission service: check if employee is authorized to verify documents
|
||||
var permissionService = scope.ServiceProvider.GetRequiredService<PermissionServices>();
|
||||
var hasVerifyPermission = await permissionService.HasPermission(PermissionsMaster.VerifyDocument, loggedInEmployee.Id);
|
||||
|
||||
var _permission = scope.ServiceProvider.GetRequiredService<PermissionServices>();
|
||||
var hasVerifyPermission = false;
|
||||
if (ProjectEntity == documentAttachment.DocumentType?.DocumentCategory?.EntityTypeId)
|
||||
{
|
||||
hasVerifyPermission = await _permission.HasPermission(PermissionsMaster.VerifyDocument, loggedInEmployee.Id, documentAttachment.EntityId);
|
||||
}
|
||||
else if (EmployeeEntity == documentAttachment.DocumentType?.DocumentCategory?.EntityTypeId)
|
||||
{
|
||||
hasVerifyPermission = await _permission.HasPermission(PermissionsMaster.VerifyDocument, loggedInEmployee.Id);
|
||||
}
|
||||
if (!hasVerifyPermission)
|
||||
{
|
||||
_logger.LogWarning("Access denied for document verification. EmployeeId: {EmployeeId}, DocumentId: {DocumentId}", loggedInEmployee.Id, id);
|
||||
@ -891,9 +950,6 @@ namespace Marco.Pms.Services.Controllers
|
||||
// Get logged-in employee details
|
||||
var loggedInEmployee = await _userHelper.GetCurrentEmployeeAsync();
|
||||
|
||||
var permissionService = scope.ServiceProvider.GetRequiredService<PermissionServices>();
|
||||
var hasUploadPermission = await permissionService.HasPermission(PermissionsMaster.UploadDocument, loggedInEmployee.Id);
|
||||
|
||||
// Fetch the existing attachment
|
||||
var oldAttachment = await _context.DocumentAttachments
|
||||
.Include(da => da.DocumentType)
|
||||
@ -906,8 +962,19 @@ namespace Marco.Pms.Services.Controllers
|
||||
return NotFound(ApiResponse<object>.ErrorResponse("Attachment not found", "Attachment not found in database", 404));
|
||||
}
|
||||
|
||||
var _permission = scope.ServiceProvider.GetRequiredService<PermissionServices>();
|
||||
var hasUpdatePermission = false;
|
||||
if (ProjectEntity == oldAttachment.DocumentType?.DocumentCategory?.EntityTypeId)
|
||||
{
|
||||
hasUpdatePermission = await _permission.HasPermission(PermissionsMaster.UploadDocument, loggedInEmployee.Id, oldAttachment.EntityId);
|
||||
}
|
||||
else if (EmployeeEntity == oldAttachment.DocumentType?.DocumentCategory?.EntityTypeId)
|
||||
{
|
||||
hasUpdatePermission = await _permission.HasPermission(PermissionsMaster.UploadDocument, loggedInEmployee.Id);
|
||||
}
|
||||
|
||||
// Permission check: ensure uploader is authorized
|
||||
if (!hasUploadPermission && loggedInEmployee.Id != oldAttachment.EntityId)
|
||||
if (!hasUpdatePermission && loggedInEmployee.Id != oldAttachment.EntityId)
|
||||
{
|
||||
_logger.LogWarning("Access denied for EmployeeId: {EmployeeId}", loggedInEmployee.Id);
|
||||
return StatusCode(403, ApiResponse<object>.ErrorResponse("Access Denied.", "You do not have permission to upload this document", 403));
|
||||
@ -950,7 +1017,7 @@ namespace Marco.Pms.Services.Controllers
|
||||
entityExists = await _context.Projects.AnyAsync(p => p.Id == oldAttachment.EntityId && p.TenantId == tenantId);
|
||||
if (entityExists)
|
||||
{
|
||||
entityExists = await permissionService.HasProjectPermission(loggedInEmployee, oldAttachment.EntityId);
|
||||
entityExists = await _permission.HasProjectPermission(loggedInEmployee, oldAttachment.EntityId);
|
||||
}
|
||||
}
|
||||
else
|
||||
@ -1238,6 +1305,8 @@ namespace Marco.Pms.Services.Controllers
|
||||
|
||||
// Retrieve the document attachment matching the criteria from the database
|
||||
var documentAttachment = await _context.DocumentAttachments
|
||||
.Include(da => da.DocumentType)
|
||||
.ThenInclude(dt => dt!.DocumentCategory)
|
||||
.FirstOrDefaultAsync(da => da.Id == id && da.IsCurrentVersion && da.TenantId == tenantId && da.IsActive != isActive);
|
||||
|
||||
// If the document attachment is not found, log a warning and return 404 Not Found
|
||||
@ -1249,6 +1318,15 @@ namespace Marco.Pms.Services.Controllers
|
||||
|
||||
// Check if the logged in employee has permission to delete OR is the owner of the document attachment
|
||||
var hasDeletePermission = await _permission.HasPermission(PermissionsMaster.DeleteDocument, loggedInEmployee.Id);
|
||||
var hasViewPermission = false;
|
||||
if (ProjectEntity == documentAttachment.DocumentType?.DocumentCategory?.EntityTypeId)
|
||||
{
|
||||
hasViewPermission = await _permission.HasPermission(PermissionsMaster.ViewDocument, loggedInEmployee.Id, documentAttachment.EntityId);
|
||||
}
|
||||
else if (EmployeeEntity == documentAttachment.DocumentType?.DocumentCategory?.EntityTypeId)
|
||||
{
|
||||
hasViewPermission = await _permission.HasPermission(PermissionsMaster.ViewDocument, loggedInEmployee.Id);
|
||||
}
|
||||
if (!hasDeletePermission && loggedInEmployee.Id != documentAttachment.EntityId)
|
||||
{
|
||||
_logger.LogWarning("Access denied for employee ID: {EmployeeId} when attempting to delete document ID: {DocumentId}", loggedInEmployee.Id, id);
|
||||
|
||||
@ -1169,7 +1169,6 @@ namespace Marco.Pms.Services.Service
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
#endregion
|
||||
|
||||
#region =================================================================== Project Infrastructre Manage APIs ===================================================================
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user