admin/marco.pms.api
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Ashutosh_Get_All_Permission #130

Merged
ashutosh.nehete merged 4 commits from Ashutosh_Get_All_Permission into main 2025-09-18 04:52:11 +00:00
Conversation 0 Commits 4 Files Changed 4 +161 -54
4 changed files with 161 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Marco.Pms.Services/Controllers/ProjectController.cs
View File

@ -470,6 +470,13 @@ namespace MarcoBMS.Services.Controllers
var response = await _projectServices.GetAssignedProjectLevelPermissionAsync(employeeId, projectId, tenantId, loggedInEmployee);
return StatusCode(response.StatusCode, response);
}
[HttpGet("get/all/project-level-permission/{projectId}")]
public async Task<IActionResult> GetAllPermissionFroProject(Guid projectId)
{
Employee loggedInEmployee = await _userHelper.GetCurrentEmployeeAsync();
var response = await _projectServices.GetAllPermissionFroProjectAsync(projectId, loggedInEmployee, tenantId);
return StatusCode(response.StatusCode, response);
}
[HttpGet("get/proejct-level/modules")]
public async Task<IActionResult> AssignProjectLevelModules()
{

1
Marco.Pms.Services/Service/PermissionServices.cs
View File

@ -88,7 +88,6 @@ namespace Marco.Pms.Services.Service
{
Guid.Parse("53176ebf-c75d-42e5-839f-4508ffac3def"),
Guid.Parse("9d4b5489-2079-40b9-bd77-6e1bf90bc19f"),
Guid.Parse("81ab8a87-8ccd-4015-a917-0627cee6a100"),
Guid.Parse("52c9cf54-1eb2-44d2-81bb-524cf29c0a94"),
Guid.Parse("a8cf4331-8f04-4961-8360-a3f7c3cc7462")
};

206
Marco.Pms.Services/Service/ProjectServices.cs
View File

@ -16,6 +16,7 @@ using Marco.Pms.Model.ViewModels.Master;
using Marco.Pms.Model.ViewModels.Projects;
using Marco.Pms.Services.Helpers;
using Marco.Pms.Services.Service.ServiceInterfaces;
using MarcoBMS.Services.Helpers;
using MarcoBMS.Services.Service;
using Microsoft.CodeAnalysis;
using Microsoft.EntityFrameworkCore;
@ -28,26 +29,23 @@ namespace Marco.Pms.Services.Service
private readonly IDbContextFactory<ApplicationDbContext> _dbContextFactory;
private readonly ApplicationDbContext _context; // Keeping this for direct scoped context use where appropriate
private readonly ILoggingService _logger;
private readonly PermissionServices _permission;
private readonly CacheUpdateHelper _cache;
private readonly IMapper _mapper;
private readonly GeneralHelper _generalHelper;
private readonly IServiceScopeFactory _serviceScopeFactory;
public ProjectServices(
IDbContextFactory<ApplicationDbContext> dbContextFactory,
ApplicationDbContext context,
ILoggingService logger,
PermissionServices permission,
IServiceScopeFactory serviceScopeFactory,
CacheUpdateHelper cache,
IMapper mapper,
GeneralHelper generalHelper)
IMapper mapper)
{
_dbContextFactory = dbContextFactory ?? throw new ArgumentNullException(nameof(dbContextFactory));
_serviceScopeFactory = serviceScopeFactory ?? throw new ArgumentNullException(nameof(serviceScopeFactory));
_context = context ?? throw new ArgumentNullException(nameof(context));
_logger = logger ?? throw new ArgumentNullException(nameof(logger));
_permission = permission ?? throw new ArgumentNullException(nameof(permission));
_cache = cache ?? throw new ArgumentNullException(nameof(cache));
_mapper = mapper ?? throw new ArgumentNullException(nameof(mapper));
_generalHelper = generalHelper ?? throw new ArgumentNullException(nameof(generalHelper));
}
#region =================================================================== Project Get APIs ===================================================================
@ -87,7 +85,6 @@ namespace Marco.Pms.Services.Service
return ApiResponse<object>.ErrorResponse("An internal server error occurred. Please try again later.", null, 500);
}
}
public async Task<ApiResponse<object>> GetAllProjectsAsync(Guid tenantId, Employee loggedInEmployee)
{
try
@ -146,11 +143,12 @@ namespace Marco.Pms.Services.Service
return ApiResponse<object>.ErrorResponse("An internal server error occurred. Please try again later.", null, 500);
}
}
public async Task<ApiResponse<object>> GetProjectAsync(Guid id, Guid tenantId, Employee loggedInEmployee)
{
try
{
using var scope = _serviceScopeFactory.CreateScope();
var _permission = scope.ServiceProvider.GetRequiredService<PermissionServices>();
// --- Step 1: Run independent operations in PARALLEL ---
// We can check permissions and fetch data at the same time to reduce latency.
var permissionTask = _permission.HasProjectPermission(loggedInEmployee, id);
@ -190,13 +188,15 @@ namespace Marco.Pms.Services.Service
return ApiResponse<object>.ErrorResponse("An internal server error occurred.", null, 500);
}
}
public async Task<ApiResponse<object>> GetProjectDetailsAsync(Guid id, Guid tenantId, Employee loggedInEmployee)
{
try
{
_logger.LogInfo("Details requested by EmployeeId: {EmployeeId} for ProjectId: {ProjectId}", loggedInEmployee.Id, id);
using var scope = _serviceScopeFactory.CreateScope();
var _permission = scope.ServiceProvider.GetRequiredService<PermissionServices>();
// Step 1: Check global view project permission
var hasViewProjectPermission = await _permission.HasPermission(PermissionsMaster.ViewProject, loggedInEmployee.Id, id);
if (!hasViewProjectPermission)
@ -252,7 +252,6 @@ namespace Marco.Pms.Services.Service
return ApiResponse<object>.ErrorResponse("An internal server error occurred. Please try again later.", null, 500);
}
}
public async Task<ApiResponse<object>> GetProjectDetailsOldAsync(Guid id, Guid tenantId, Employee loggedInEmployee)
{
var project = await _context.Projects
@ -401,6 +400,8 @@ namespace Marco.Pms.Services.Service
{
try
{
using var scope = _serviceScopeFactory.CreateScope();
var _permission = scope.ServiceProvider.GetRequiredService<PermissionServices>();
// --- Step 1: Fetch the Existing Entity from the Database ---
// This is crucial to avoid the data loss bug. We only want to modify an existing record.
var existingProject = await _context.Projects
@ -489,6 +490,9 @@ namespace Marco.Pms.Services.Service
try
{
using var scope = _serviceScopeFactory.CreateScope();
var _permission = scope.ServiceProvider.GetRequiredService<PermissionServices>();
// --- CRITICAL: Security Check ---
// Before fetching data, you MUST verify the user has permission to see it.
// This is a placeholder for your actual permission logic.
@ -559,6 +563,9 @@ namespace Marco.Pms.Services.Service
try
{
using var scope = _serviceScopeFactory.CreateScope();
var _permission = scope.ServiceProvider.GetRequiredService<PermissionServices>();
// --- Step 2: Security and Existence Checks ---
// Before fetching data, you MUST verify the user has permission to see it.
// This is a placeholder for your actual permission logic.
@ -627,6 +634,9 @@ namespace Marco.Pms.Services.Service
_logger.LogInfo("Starting to manage {AllocationCount} allocations for user {UserId}.", allocationsDto.Count, loggedInEmployee.Id);
using var scope = _serviceScopeFactory.CreateScope();
var _permission = scope.ServiceProvider.GetRequiredService<PermissionServices>();
// --- (Placeholder) Security Check ---
// In a real application, you would check if the loggedInEmployee has permission
// to manage allocations for ALL projects involved in this batch.
@ -735,6 +745,9 @@ namespace Marco.Pms.Services.Service
try
{
using var scope = _serviceScopeFactory.CreateScope();
var _permission = scope.ServiceProvider.GetRequiredService<PermissionServices>();
// --- Step 2: Clarified Security Check ---
// The permission should be about viewing another employee's assignments, not a generic "Manage Team".
// This is a placeholder for your actual, more specific permission logic.
@ -808,6 +821,9 @@ namespace Marco.Pms.Services.Service
_logger.LogInfo("Starting to manage {AllocationCount} project assignments for Employee {EmployeeId}.", allocationsDto.Count, employeeId);
using var scope = _serviceScopeFactory.CreateScope();
var _permission = scope.ServiceProvider.GetRequiredService<PermissionServices>();
// --- (Placeholder) Security Check ---
// You MUST verify that the loggedInEmployee has permission to modify the assignments for the target employeeId.
var hasPermission = await _permission.HasPermission(PermissionsMaster.ManageTeam, loggedInEmployee.Id);
@ -977,18 +993,26 @@ namespace Marco.Pms.Services.Service
try
{
using var scope = _serviceScopeFactory.CreateScope();
var _permission = scope.ServiceProvider.GetRequiredService<PermissionServices>();
var _generalHelper = scope.ServiceProvider.GetRequiredService<GeneralHelper>();
// --- Step 1: Run independent permission checks in PARALLEL ---
var projectPermissionTask = _permission.HasProjectPermission(loggedInEmployee, projectId);
var viewInfraPermissionTask = _permission.HasPermission(PermissionsMaster.ViewProjectInfra, loggedInEmployee.Id, projectId);
var manageInfraPermissionTask = _permission.HasPermission(PermissionsMaster.ManageProjectInfra, loggedInEmployee.Id, projectId);
await Task.WhenAll(projectPermissionTask, viewInfraPermissionTask);
await Task.WhenAll(projectPermissionTask, viewInfraPermissionTask, manageInfraPermissionTask);
if (!await projectPermissionTask)
var hasProjectPermission = projectPermissionTask.Result;
var hasViewInfraPermission = viewInfraPermissionTask.Result;
var hasManageInfraPermission = manageInfraPermissionTask.Result;
if (!hasProjectPermission)
{
_logger.LogWarning("Project access denied for EmployeeId: {EmployeeId} on ProjectId: {ProjectId}", loggedInEmployee.Id, projectId);
return ApiResponse<object>.ErrorResponse("Access denied", "You don't have access to this project", 403);
}
if (!await viewInfraPermissionTask)
if (!hasViewInfraPermission && !hasManageInfraPermission)
{
_logger.LogWarning("ViewInfra permission denied for EmployeeId: {EmployeeId}", loggedInEmployee.Id);
return ApiResponse<object>.ErrorResponse("Access denied", "You don't have access to view this project's infrastructure", 403);
@ -1033,6 +1057,9 @@ namespace Marco.Pms.Services.Service
try
{
using var scope = _serviceScopeFactory.CreateScope();
var _permission = scope.ServiceProvider.GetRequiredService<PermissionServices>();
var _generalHelper = scope.ServiceProvider.GetRequiredService<GeneralHelper>();
// --- Step 1: Cache-First Strategy ---
var cachedWorkItems = await _cache.GetWorkItemDetailsByWorkArea(workAreaId);
if (cachedWorkItems != null)
@ -1268,6 +1295,9 @@ namespace Marco.Pms.Services.Service
{
_logger.LogInfo("CreateProjectTask called with {Count} items by user {UserId}", workItemDtos?.Count ?? 0, loggedInEmployee.Id);
using var scope = _serviceScopeFactory.CreateScope();
var _permission = scope.ServiceProvider.GetRequiredService<PermissionServices>();
// --- Step 1: Input Validation ---
if (workItemDtos == null || !workItemDtos.Any())
{
@ -1382,7 +1412,6 @@ namespace Marco.Pms.Services.Service
return ApiResponse<List<WorkItemVM>>.SuccessResponse(responseList, message, 200);
}
public async Task<ServiceResponse> DeleteProjectTaskAsync(Guid id, Guid tenantId, Employee loggedInEmployee)
{
// 1. Fetch the task and its parent data in a single query.
@ -1483,6 +1512,9 @@ namespace Marco.Pms.Services.Service
_logger.LogInfo("ManageProjectLevelPermissionAsync started for EmployeeId: {EmployeeId}, ProjectId: {ProjectId}, TenantId: {TenantId}",
model.EmployeeId, model.ProjectId, tenantId);
using var scope = _serviceScopeFactory.CreateScope();
var _permission = scope.ServiceProvider.GetRequiredService<PermissionServices>();
var hasTeamPermission = await _permission.HasPermission(PermissionsMaster.ManageTeam, loggedInEmployee.Id, model.ProjectId);
if (!hasTeamPermission)
{
@ -1621,31 +1653,30 @@ namespace Marco.Pms.Services.Service
employeeId, projectId, tenantId, loggedInEmployee.Id);
// Query the database for relevant project-level permission mappings
var permissionMappings = await _context.ProjectLevelPermissionMappings
.Include(p => p.Employee)
.ThenInclude(e => e!.JobRole)
.Include(p => p.Project)
.Include(p => p.Permission)
.ThenInclude(fp => fp!.Feature)
.AsNoTracking()
.Where(p => p.EmployeeId == employeeId
&& p.ProjectId == projectId
&& p.TenantId == tenantId)
.ToListAsync();
if (permissionMappings == null || !permissionMappings.Any())
var employeeTask = Task.Run(async () =>
{
_logger.LogWarning("No project-level permissions found for EmployeeId: {EmployeeId}, ProjectId: {ProjectId}, TenantId: {TenantId}",
employeeId, projectId, tenantId);
return ApiResponse<object>.ErrorResponse("Project-Level Permissions not found", "Project-Level Permissions not found in database", 404);
}
await using var context = await _dbContextFactory.CreateDbContextAsync();
return await context.Employees.FirstOrDefaultAsync(e => e.Id == employeeId);
});
var projectTask = Task.Run(async () =>
{
await using var context = await _dbContextFactory.CreateDbContextAsync();
return await context.Projects.FirstOrDefaultAsync(p => p.Id == projectId && p.TenantId == tenantId);
});
var permissionIdsTask = Task.Run(async () =>
{
return await GetPermissionIdsByProject(projectId, employeeId, tenantId);
});
// Map the employee, project, and permissions.
var employee = _mapper.Map<BasicEmployeeVM>(permissionMappings.First().Employee);
var project = _mapper.Map<BasicProjectVM>(permissionMappings.First().Project);
var permissions = permissionMappings
.Select(p => _mapper.Map<FeaturePermissionVM>(p.Permission))
.ToList();
await Task.WhenAll(employeeTask, projectTask, permissionIdsTask);
var employee = employeeTask.Result;
var project = projectTask.Result;
var permissionIds = permissionIdsTask.Result;
var permissions = await _context.FeaturePermissions
.Include(fp => fp.Feature)
.Where(fp => permissionIds.Contains(fp.Id)).ToListAsync();
if (employee == null)
{
@ -1658,12 +1689,26 @@ namespace Marco.Pms.Services.Service
return ApiResponse<object>.ErrorResponse("Project not found", "Project not found in database", 404);
}
if (permissions == null || !permissions.Any())
{
_logger.LogWarning("No project-level permissions found for EmployeeId: {EmployeeId}, ProjectId: {ProjectId}, TenantId: {TenantId}",
employeeId, projectId, tenantId);
return ApiResponse<object>.ErrorResponse("Project-Level Permissions not found", "Project-Level Permissions not found in database", 404);
}
// Map the employee, project, and permissions.
var employeeVm = _mapper.Map<BasicEmployeeVM>(employee);
var projectVm = _mapper.Map<BasicProjectVM>(project);
var permissionVms = permissions
.Select(p => _mapper.Map<FeaturePermissionVM>(p))
.ToList();
// Prepare the result object.
var result = new
{
Employee = employee,
Project = project,
Permissions = permissions
Employee = employeeVm,
Project = projectVm,
Permissions = permissionVms
};
_logger.LogInfo("Project-level permissions fetched successfully for EmployeeId: {EmployeeId}, ProjectId: {ProjectId}, TenantId: {TenantId}",
@ -1688,7 +1733,6 @@ namespace Marco.Pms.Services.Service
{
Guid.Parse("53176ebf-c75d-42e5-839f-4508ffac3def"),
Guid.Parse("9d4b5489-2079-40b9-bd77-6e1bf90bc19f"),
Guid.Parse("81ab8a87-8ccd-4015-a917-0627cee6a100"),
Guid.Parse("52c9cf54-1eb2-44d2-81bb-524cf29c0a94"),
Guid.Parse("a8cf4331-8f04-4961-8360-a3f7c3cc7462")
};
@ -1768,6 +1812,11 @@ namespace Marco.Pms.Services.Service
return ApiResponse<object>.ErrorResponse("An error occurred while retrieving employees with project-level permissions.", 500);
}
}
public async Task<ApiResponse<object>> GetAllPermissionFroProjectAsync(Guid projectId, Employee loggedInEmployee, Guid tenantId)
{
var featurePermissionIds = await GetPermissionIdsByProject(projectId, loggedInEmployee.Id, tenantId);
return ApiResponse<object>.SuccessResponse(featurePermissionIds, "Successfully featched the permission ids", 200);
}
#endregion
#region =================================================================== Helper Functions ===================================================================
@ -1777,13 +1826,11 @@ namespace Marco.Pms.Services.Service
List<Project> alloc = await _context.Projects.Where(c => c.TenantId == tanentId).ToListAsync();
return alloc;
}
public async Task<List<ProjectAllocation>> GetProjectByEmployeeID(Guid employeeId)
{
List<ProjectAllocation> alloc = await _context.ProjectAllocations.Where(c => c.EmployeeId == employeeId && c.IsActive == true).Include(c => c.Project).ToListAsync();
return alloc;
}
public async Task<List<ProjectAllocation>> GetTeamByProject(Guid TenantId, Guid ProjectId, bool IncludeInactive)
{
if (IncludeInactive)
@ -1800,9 +1847,11 @@ namespace Marco.Pms.Services.Service
return employees;
}
}
public async Task<List<Guid>> GetMyProjects(Guid tenantId, Employee LoggedInEmployee)
{
using var scope = _serviceScopeFactory.CreateScope();
var _permission = scope.ServiceProvider.GetRequiredService<PermissionServices>();
var projectIds = await _cache.GetProjects(LoggedInEmployee.Id);
if (projectIds == null)
@ -1826,9 +1875,11 @@ namespace Marco.Pms.Services.Service
}
return projectIds;
}
public async Task<List<Guid>> GetMyProjectIdsAsync(Guid tenantId, Employee loggedInEmployee)
{
using var scope = _serviceScopeFactory.CreateScope();
var _permission = scope.ServiceProvider.GetRequiredService<PermissionServices>();
// 1. Attempt to retrieve the list of project IDs from the cache first.
// This is the "happy path" and should be as fast as possible.
List<Guid>? projectIds = await _cache.GetProjects(loggedInEmployee.Id);
@ -1875,7 +1926,6 @@ namespace Marco.Pms.Services.Service
return newProjectIds;
}
/// <summary>
/// Retrieves a list of ProjectInfoVMs by their IDs, using an efficient partial cache-hit strategy.
/// It fetches what it can from the cache (as ProjectMongoDB), gets the rest from the
@ -1926,7 +1976,6 @@ namespace Marco.Pms.Services.Service
return finalViewModels;
}
private async Task<ProjectDetailsVM> GetProjectViewModel(Guid? id, Project project)
{
ProjectDetailsVM vm = new ProjectDetailsVM();
@ -2076,7 +2125,6 @@ namespace Marco.Pms.Services.Service
// Map from the database entity to the response ViewModel.
return dbProject;
}
private async Task UpdateCacheInBackground(Project project)
{
try
@ -2094,7 +2142,6 @@ namespace Marco.Pms.Services.Service
_logger.LogError(ex, "Background cache update failed for project {ProjectId} ", project.Id);
}
}
private async Task UpdateCacheAndNotify(Dictionary<Guid, (double Planned, double Completed)> workDelta, List<WorkItem> affectedItems)
{
try
@ -2116,7 +2163,6 @@ namespace Marco.Pms.Services.Service
_logger.LogError(ex, "An error occurred during background cache update/notification.");
}
}
private void ProcessBuilding(BuildingDto dto, Guid tenantId, InfraVM responseData, List<string> messages, ISet<Guid> projectIds, List<Task> cacheTasks)
{
Building building = _mapper.Map<Building>(dto);
@ -2139,7 +2185,6 @@ namespace Marco.Pms.Services.Service
responseData.building = building;
projectIds.Add(building.ProjectId);
}
private void ProcessFloor(FloorDto dto, Guid tenantId, InfraVM responseData, List<string> messages, ISet<Guid> projectIds, List<Task> cacheTasks, IDictionary<Guid, Building> buildings)
{
Floor floor = _mapper.Map<Floor>(dto);
@ -2165,7 +2210,6 @@ namespace Marco.Pms.Services.Service
responseData.floor = floor;
if (parentBuilding != null) projectIds.Add(parentBuilding.ProjectId);
}
private void ProcessWorkArea(WorkAreaDto dto, Guid tenantId, InfraVM responseData, List<string> messages, ISet<Guid> projectIds, List<Task> cacheTasks, IDictionary<Guid, Floor> floors)
{
WorkArea workArea = _mapper.Map<WorkArea>(dto);
@ -2192,6 +2236,62 @@ namespace Marco.Pms.Services.Service
responseData.workArea = workArea;
if (parentBuilding != null) projectIds.Add(parentBuilding.ProjectId);
}
private async Task<List<Guid>> GetPermissionIdsByProject(Guid projectId, Guid EmployeeId, Guid tenantId)
{
await using var context = await _dbContextFactory.CreateDbContextAsync();
using var scope = _serviceScopeFactory.CreateScope();
var _rolesHelper = scope.ServiceProvider.GetRequiredService<RolesHelper>();
// 1. Try fetching permissions from cache (fast-path lookup).
var featurePermissionIds = await _cache.GetPermissions(EmployeeId);
// If not found in cache, fallback to database (slower).
if (featurePermissionIds == null)
{
var featurePermissions = await _rolesHelper.GetFeaturePermissionByEmployeeId(EmployeeId);
featurePermissionIds = featurePermissions.Select(fp => fp.Id).ToList();
}
// 2. Handle project-level permission overrides if a project is specified.
if (projectId != Guid.Empty)
{
// Fetch permissions explicitly assigned to this employee in the project.
var projectLevelPermissionIds = await context.ProjectLevelPermissionMappings
.Where(pl => pl.ProjectId == projectId && pl.EmployeeId == EmployeeId && pl.TenantId == tenantId)
.Select(pl => pl.PermissionId)
.ToListAsync();
if (projectLevelPermissionIds?.Any() ?? false)
{
// Define modules where project-level overrides apply.
var projectLevelModuleIds = new HashSet<Guid>
{
Guid.Parse("53176ebf-c75d-42e5-839f-4508ffac3def"),
Guid.Parse("9d4b5489-2079-40b9-bd77-6e1bf90bc19f"),
Guid.Parse("52c9cf54-1eb2-44d2-81bb-524cf29c0a94"),
Guid.Parse("a8cf4331-8f04-4961-8360-a3f7c3cc7462")
};
// Get all feature permissions under those modules where the user didn't have explicit project-level grants.
var allOverriddenPermissions = await context.FeaturePermissions
.Where(fp => projectLevelModuleIds.Contains(fp.FeatureId) &&
!projectLevelPermissionIds.Contains(fp.Id))
.Select(fp => fp.Id)
.ToListAsync();
// Apply overrides:
// - Remove global permissions overridden by project-level rules.
// - Add explicit project-level permissions.
featurePermissionIds = featurePermissionIds
.Except(allOverriddenPermissions) // Remove overridden
.Concat(projectLevelPermissionIds) // Add project-level
.Distinct() // Ensure no duplicates
.ToList();
}
}
return featurePermissionIds;
}
#endregion
}

1
Marco.Pms.Services/Service/ServiceInterfaces/IProjectServices.cs
View File

@ -40,6 +40,7 @@ namespace Marco.Pms.Services.Service.ServiceInterfaces
Task<ApiResponse<object>> GetAssignedProjectLevelPermissionAsync(Guid employeeId, Guid projectId, Guid tenantId, Employee loggedInEmployee);
Task<ApiResponse<object>> AssignProjectLevelModulesAsync(Guid tenantId, Employee loggedInEmployee);
Task<ApiResponse<object>> GetEmployeeToWhomProjectLevelAssignedAsync(Guid projectId, Guid tenantId, Employee loggedInEmployee);
Task<ApiResponse<object>> GetAllPermissionFroProjectAsync(Guid projectId, Employee loggedInEmployee, Guid tenantId);
}
}