API Fixes for Role Permissions

Author: nitin27may

backend/src/Contact.Api/Controllers/RolePermissionMappingController.cs

@@ -1,15 +1,11 @@
 using Contact.Api.Core.Attributes;
 using Contact.Application.Interfaces;
 using Contact.Application.UseCases.RolePermissions;
-using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
-using System.Security.Claims;
 
 namespace Contact.Api.Controllers;
-
-[Route("api/role-permission-mapping")]
+[Route("api/[controller]")]
 [ApiController]
-[Authorize(Roles = "Administrator")]
 public class RolePermissionMappingController : ControllerBase
 {
     private readonly IRolePermissionService _rolePermissionService;
@@ -82,10 +78,10 @@ public async Task<IActionResult> SaveRolePermissionMapping([FromBody] RolePermis
 
         try
         {
-            var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);
+            var userId = User.FindFirst("Id")?.Value;
             if (userId == null)
             {
-                return Unauthorized("User ID not found in token");
+                return Unauthorized(new { message = "User ID not found in token" });
             }
 
             await _rolePermissionService.SaveRolePermissionMappingAsync(request, Guid.Parse(userId));

backend/src/Contact.Application/Mappings/RolePermissionMappingProfile.cs

@@ -1,6 +1,6 @@
-using AutoMapper;
 using Contact.Application.UseCases.RolePermissions;
 using Contact.Domain.Entities;
+using Contact.Domain.Mappings;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.DependencyInjection;
 
@@ -12,10 +12,15 @@ public RolePermissionMappingProfile(IHttpContextAccessor httpContextAccessor)
         : base(httpContextAccessor)
     {
         CreateMap<RolePermission, RolePermissionResponse>();
+        CreateMap<RolePermissionMappingResponse, PermissionsByRoleMappings>();
         CreateMap<CreateRolePermission, RolePermission>()
             .AfterMap((src, dest) => SetAuditFields(src, dest));
         CreateMap<UpdateRolePermission, RolePermission>()
             .AfterMap((src, dest) => SetAuditFields(src, dest, false));
+        // Configure the mapping between PermissionsByRoleMappings and RolePermissionMappingResponse
+        CreateMap<PermissionsByRoleMappings, RolePermissionMappingResponse>();
+        CreateMap<PageOperationMappings, PageOperationResponse>();
+        CreateMap<OperationMappings, OperationResponse>();
     }
 
     public RolePermissionMappingProfile()
@@ -31,4 +36,5 @@ private static IHttpContextAccessor ResolveHttpContextAccessor()
 
         return serviceProvider.GetRequiredService<IHttpContextAccessor>();
     }
-}
+}
+

backend/src/Contact.Application/Services/RolePermissionService.cs

@@ -85,7 +85,8 @@ public async Task<RolePermissionMappingResponse> GetRolePermissionMappingByRoleI
         // Get the role
         using var transaction = _unitOfWork.BeginTransaction();
         var result = await _rolePermissionRepository.GetRolePermissionMappingByRoleIdAsync(roleId, transaction);
-        return null;
+        await _unitOfWork.CommitAsync();
+        return _mapper.Map<RolePermissionMappingResponse>(result);
     }
 
     public async Task SaveRolePermissionMappingAsync(RolePermissionMappingRequest request, Guid userId)

backend/src/Contact.Application/UseCases/RolePermissions/RolePermissionMappingResponse.cs

@@ -4,14 +4,14 @@ public class RolePermissionMappingResponse
 {
     public Guid RoleId { get; set; }
     public string RoleName { get; set; }
-    public List<PageOperationResponse> Pages { get; set; } = new();
+    public List<PageOperationResponse> Pages { get; set; }
 }
 
 public class PageOperationResponse
 {
     public Guid PageId { get; set; }
     public string PageName { get; set; }
-    public List<OperationResponse> Operations { get; set; } = new();
+    public List<OperationResponse> Operations { get; set; }
 }
 
 public class OperationResponse

backend/src/Contact.Domain/Entities/RolePermissionMapping.cs

@@ -2,10 +2,12 @@
 
 public class RolePermissionMapping
 {
+    public Guid Id { get; set; }
     public Guid RoleId { get; set; }
     public string RoleName { get; set; }
     public Guid PageId { get; set; }
     public string PageName { get; set; }
+    public string PageUrl { get; set; }
     public Guid OperationId { get; set; }
     public string OperationName { get; set; }
     public Guid PermissionId { get; set; }

backend/src/Contact.Domain/Interfaces/IUserRepository.cs

@@ -7,7 +7,7 @@ public interface IUserRepository : IGenericRepository<User>
 {
     Task<User> AddUser(User item);
     Task<User> FindByUserName(string userName);
-    Task<List<Role>> FindRolesById(Guid id);
+    Task<IEnumerable<Role>> FindRolesById(Guid id);
     Task<IEnumerable<User>> CheckUniqueUsers(string email, string username);
     Task<User> UpdatePassword(User item, IDbTransaction? transaction = null);
     Task<IEnumerable<UserRole>> GetUserRoles(Guid userId, IDbTransaction? transaction = null);

backend/src/Contact.Domain/Mappings/PermissionsByRoleMapping.cs

@@ -4,14 +4,14 @@ public class PermissionsByRoleMappings
     {
         public Guid RoleId { get; set; }
         public string RoleName { get; set; }
-        public List<PageOperationMappings> Pages { get; set; } = new();
+        public List<PageOperationMappings> Pages { get; set; }
     }
 
     public class PageOperationMappings
     {
         public Guid PageId { get; set; }
         public string PageName { get; set; }
-        public List<OperationMappings> Operations { get; set; } = new();
+        public List<OperationMappings> Operations { get; set; }
     }
 
     public class OperationMappings

backend/src/Contact.Infrastructure/Persistence/Repositories/RolePermissionRepository.cs

@@ -15,23 +15,60 @@ public RolePermissionRepository(IDapperHelper dapperHelper) : base(dapperHelper,
 
     public async Task<IEnumerable<RolePermissionMapping>> GetRolePermissionMappingsAsync()
     {
-        var dbPara = new DynamicParameters();
         var sql = @"
-            SELECT
+            WITH page_operations AS (
+                -- All possible page-operation combinations
+                SELECT 
+                    p.""Id"" as ""PageId"", 
+                    p.""Name"" as ""PageName"",
+                    p.""Url"" as ""PageUrl"",
+                    o.""Id"" as ""OperationId"",
+                    o.""Name"" as ""OperationName"",
+                    perm.""Id"" as ""PermissionId""
+                FROM ""Pages"" p
+                CROSS JOIN ""Operations"" o
+                LEFT JOIN ""Permissions"" perm ON p.""Id"" = perm.""PageId"" AND o.""Id"" = perm.""OperationId""
+                -- Removed the WHERE clause to include ALL combinations
+            ),
+            role_permissions AS (
+                -- Get permissions assigned to roles
+                SELECT 
+                    r.""Id"" as ""RoleId"",
+                    r.""Name"" as ""RoleName"",
+                    po.""PageId"",
+                    po.""PageName"",
+                    po.""PageUrl"",
+                    po.""OperationId"",
+                    po.""OperationName"",
+                    po.""PermissionId"",
+                    -- Only mark as selected if both permission exists AND role has it assigned
+                    CASE 
+                        WHEN po.""PermissionId"" IS NOT NULL AND rp.""Id"" IS NOT NULL THEN TRUE
+                        ELSE FALSE
+                    END as ""IsSelected"",
+                    rp.""Id""
+                FROM ""Roles"" r
+                CROSS JOIN page_operations po
+                -- Modified LEFT JOIN to handle NULL permission IDs
+                LEFT JOIN ""RolePermissions"" rp ON po.""PermissionId"" = rp.""PermissionId"" AND rp.""RoleId"" = r.""Id"" AND po.""PermissionId"" IS NOT NULL
+            )
+            
+            -- Final result
+            SELECT 
                 rp.""Id"",
-                r.""Name"" AS RoleName,
-                r.""Id"" AS RoleId,
-                perm.""Id"" AS PermissionId,
-                p.""Name"" AS PageName,
-                p.""Url"" as PageUrl,
-                o.""Name"" AS OperationName
-            FROM ""RolePermissions"" rp
-            INNER JOIN ""Roles"" r ON rp.""RoleId"" = r.""Id""
-            INNER JOIN ""Permissions"" perm ON rp.""PermissionId"" = perm.""Id""
-            INNER JOIN ""Pages"" p ON perm.""PageId"" = p.""Id""
-            INNER JOIN ""Operations"" o ON perm.""OperationId"" = o.""Id""
-            ORDER BY r.""Name"", p.""Name"", o.""Name"";";
-        return await _dapperHelper.GetAll<RolePermissionMapping>(sql, dbPara);
+                rp.""RoleId"",
+                rp.""RoleName"",
+                rp.""PageId"",
+                rp.""PageName"",
+                rp.""PageUrl"",
+                rp.""OperationId"",
+                rp.""OperationName"",
+                rp.""PermissionId"",
+                rp.""IsSelected""
+            FROM role_permissions rp
+            ORDER BY rp.""RoleName"", rp.""PageName"", rp.""OperationName""";
+
+        return await _dapperHelper.GetAll<RolePermissionMapping>(sql, new DynamicParameters());
     }
 
     public async Task<IEnumerable<RolePermissionMapping>> GetRolePermissionMappingsAsync(Guid userId)
@@ -40,13 +77,15 @@ public async Task<IEnumerable<RolePermissionMapping>> GetRolePermissionMappingsA
         dbPara.Add("@UserId", userId);
         var sql = @"
             SELECT
+                rp.""Id"" as Id,
                 r.""Id"" as RoleId,
                 r.""Name"" AS RoleName,
                 p.""Id"" as PageId,
                 p.""Name"" AS PageName,
                 p.""Url"" as PageUrl,
                 o.""Id"" as OperationId,
-                o.""Name"" AS OperationName
+                o.""Name"" AS OperationName,
+                perm.""Id"" as PermissionId
             FROM ""UserRoles"" ur
             INNER JOIN ""Roles"" r ON ur.""RoleId"" = r.""Id""
             INNER JOIN ""RolePermissions"" rp ON r.""Id"" = rp.""RoleId""
@@ -106,6 +145,7 @@ page_operations AS (
                 FROM ""Pages"" p
                 CROSS JOIN ""Operations"" o
                 LEFT JOIN ""Permissions"" perm ON p.""Id"" = perm.""PageId"" AND o.""Id"" = perm.""OperationId""
+                -- Removed the WHERE clause to include ALL combinations
             ),
             role_permissions AS (
                 -- Get permissions assigned to the role
@@ -114,13 +154,14 @@ role_permissions AS (
                     po.""PageName"",
                     po.""OperationId"",
                     po.""OperationName"",
+                    -- Only mark as selected if both permission exists AND role has it assigned
                     CASE 
-                        WHEN rp.""Id"" IS NOT NULL THEN TRUE
+                        WHEN po.""PermissionId"" IS NOT NULL AND rp.""Id"" IS NOT NULL THEN TRUE
                         ELSE FALSE
                     END as ""IsSelected""
                 FROM page_operations po
-                LEFT JOIN ""RolePermissions"" rp ON po.""PermissionId"" = rp.""PermissionId"" AND rp.""RoleId"" = @RoleId
-                WHERE po.""PermissionId"" IS NOT NULL -- Only include valid permission combinations
+                -- Modified LEFT JOIN to handle NULL permission IDs
+                LEFT JOIN ""RolePermissions"" rp ON po.""PermissionId"" = rp.""PermissionId"" AND rp.""RoleId"" = @RoleId AND po.""PermissionId"" IS NOT NULL
             )
             
             -- Final result combining role info with permissions
@@ -142,10 +183,6 @@ CROSS JOIN role_permissions rp
         // Dictionary to hold the pages already added to the response
         var pagesDict = new Dictionary<Guid, PageOperationMappings>();
 
-        // Role information values
-        Guid? responseRoleId = null;
-        string? responseRoleName = null;
-
         // Create the response using Dapper's multi-mapping capabilities
         var response = await _dapperHelper.GetAll<dynamic>(query, parameters, CommandType.Text, transaction);
 
@@ -221,7 +258,8 @@ private async Task<List<PageOperationMappings>> GetAllPagesWithOperations(IDbTra
                 false as ""IsSelected""
             FROM ""Pages"" p
             CROSS JOIN ""Operations"" o
-            INNER JOIN ""Permissions"" perm ON p.""Id"" = perm.""PageId"" AND o.""Id"" = perm.""OperationId""
+            LEFT JOIN ""Permissions"" perm ON p.""Id"" = perm.""PageId"" AND o.""Id"" = perm.""OperationId""
+            -- Removed INNER JOIN to include all combinations
             ORDER BY p.""Name"", o.""Name""";
 
         var result = await _dapperHelper.GetAll<dynamic>(query, dbTransaction);

backend/src/Contact.Infrastructure/Persistence/Repositories/UserRepository.cs

@@ -51,17 +51,19 @@ public async Task<IEnumerable<User>> CheckUniqueUsers(string email, string usern
             dbPara);
     }
 
-    public async Task<List<Role>> FindRolesById(Guid id)
+    public async Task<IEnumerable<Role>> FindRolesById(Guid id)
     {
         var dbPara = new DynamicParameters();
         dbPara.Add("UserId", id);
         var sql = @"
-            SELECT r.""*""
+            SELECT r.""Id"",
+                r.""Name"",
+                r.""Description""
             FROM ""UserRoles"" ur
             INNER JOIN ""Roles"" r ON ur.""RoleId"" = r.""Id""
             INNER JOIN ""Users"" u ON u.""Id"" = ur.""UserId""
             WHERE ur.""UserId"" = @UserId";
-        return (List<Role>)await _dapperHelper.GetAll<string>(sql, dbPara);
+        return await _dapperHelper.GetAll<Role>(sql, dbPara);
     }
 
     public async Task<User> FindByUserName(string userName)