From 000af89fd7a9a3a48bfba6f6e77c829ff3f0f990 Mon Sep 17 00:00:00 2001
From: mahan <mahanch83@gmail.com>
Date: Mon, 15 Dec 2025 13:49:41 +0330
Subject: [PATCH] feat: add permission checking and task assignment handling in
 ProjectBoardHub

---
 0_Framework/Application/AuthHelper.cs         |  5 ++
 0_Framework/Application/IAuthHelper.cs        |  1 +
 DadmehrGostar.sln                             |  3 +
 .../Constants/ProgramManagerPermissionCode.cs | 26 +++++++
 .../Repositories/ITaskSectionRepository.cs    |  2 +
 .../Hubs/ProgramManager/ProjectBoardHub.cs    | 67 ++++++++++++++++---
 .../SignalRBoardNotificationPublisher.cs      | 15 ++++-
 ServiceHost/Properties/launchSettings.json    |  2 +-
 8 files changed, 109 insertions(+), 12 deletions(-)
 create mode 100644 ProgramManager/src/Application/GozareshgirProgramManager.Application/_Common/Constants/ProgramManagerPermissionCode.cs

diff --git a/0_Framework/Application/AuthHelper.cs b/0_Framework/Application/AuthHelper.cs
index 41e6efa2..2af2188f 100644
--- a/0_Framework/Application/AuthHelper.cs
+++ b/0_Framework/Application/AuthHelper.cs
@@ -56,6 +56,11 @@ public class AuthHelper : IAuthHelper
 		return Tools.DeserializeFromBsonList<int>(permissions); //Mahan
 	}
 
+	public bool HasPermission(int permission)
+	{
+		return GetPermissions().Any(x => x == permission);
+	}
+
 	public long CurrentAccountId()
 	{
 		return IsAuthenticated()
diff --git a/0_Framework/Application/IAuthHelper.cs b/0_Framework/Application/IAuthHelper.cs
index ab9cf572..d43ac069 100644
--- a/0_Framework/Application/IAuthHelper.cs
+++ b/0_Framework/Application/IAuthHelper.cs
@@ -12,6 +12,7 @@ public interface IAuthHelper
     string CurrentAccountRole();
     AuthViewModel CurrentAccountInfo();
     List<int> GetPermissions();
+    bool HasPermission(int permission);
     long CurrentAccountId();
     string CurrentAccountMobile();
 
diff --git a/DadmehrGostar.sln b/DadmehrGostar.sln
index f31d5bcb..342cf0ef 100644
--- a/DadmehrGostar.sln
+++ b/DadmehrGostar.sln
@@ -106,6 +106,8 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "GozareshgirProgramManager.I
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Shared.Contracts", "Shared.Contracts\Shared.Contracts.csproj", "{08B234B6-783B-44E9-9961-4F97EAD16308}"
 EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Shared", "Shared", "{F61F77F5-9B14-49CC-870B-1C61D2636586}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -275,6 +277,7 @@ Global
 		{B57EB542-C028-4A77-9386-9DFF1E60FDCB} = {9D85672B-D48E-40B5-9804-0CE220E0E64C}
 		{D2B4F1D7-6336-4B30-910C-219F4119303F} = {D74D1E3B-3BE3-47EE-9914-785A8AD536E5}
 		{408281FE-615F-4CBE-BD95-2E86F5ACC6C3} = {C0AE9368-D4E7-450B-9713-929D319DE690}
+		{08B234B6-783B-44E9-9961-4F97EAD16308} = {F61F77F5-9B14-49CC-870B-1C61D2636586}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {E6CFB3A7-A7C8-4E82-8F06-F750408F0BA9}
diff --git a/ProgramManager/src/Application/GozareshgirProgramManager.Application/_Common/Constants/ProgramManagerPermissionCode.cs b/ProgramManager/src/Application/GozareshgirProgramManager.Application/_Common/Constants/ProgramManagerPermissionCode.cs
new file mode 100644
index 00000000..ea171972
--- /dev/null
+++ b/ProgramManager/src/Application/GozareshgirProgramManager.Application/_Common/Constants/ProgramManagerPermissionCode.cs
@@ -0,0 +1,26 @@
+namespace GozareshgirProgramManager.Application._Common.Constants;
+
+public static class ProgramManagerPermissionCode
+{
+    public const int Code = 99;
+
+    /// <summary>
+    ///بخش اجرا 
+    /// </summary>
+    public static class Board
+    {
+        public const int Code = 991;
+/// <summary>
+/// تب همه
+/// </summary>
+        public static class All
+        {
+            public const int Code = 99101;
+            /// <summary>
+            /// دیدن همه تسک ها
+            /// </summary>
+            public const int ViewAll = 9910101;
+        }
+
+    }
+}
diff --git a/ProgramManager/src/Domain/GozareshgirProgramManager.Domain/ProjectAgg/Repositories/ITaskSectionRepository.cs b/ProgramManager/src/Domain/GozareshgirProgramManager.Domain/ProjectAgg/Repositories/ITaskSectionRepository.cs
index bedf59bf..d9c11d75 100644
--- a/ProgramManager/src/Domain/GozareshgirProgramManager.Domain/ProjectAgg/Repositories/ITaskSectionRepository.cs
+++ b/ProgramManager/src/Domain/GozareshgirProgramManager.Domain/ProjectAgg/Repositories/ITaskSectionRepository.cs
@@ -9,4 +9,6 @@ public interface ITaskSectionRepository: IRepository<Guid,TaskSection>
     
 
     Task<TaskSection?> GetByIdWithFullDataAsync(Guid id, CancellationToken cancellationToken = default);
+
+    Task<List<TaskSection>> GetAssignedToUserAsync(long userId);
 }
\ No newline at end of file
diff --git a/ServiceHost/Hubs/ProgramManager/ProjectBoardHub.cs b/ServiceHost/Hubs/ProgramManager/ProjectBoardHub.cs
index 5c262095..c7870a62 100644
--- a/ServiceHost/Hubs/ProgramManager/ProjectBoardHub.cs
+++ b/ServiceHost/Hubs/ProgramManager/ProjectBoardHub.cs
@@ -1,19 +1,70 @@
+using _0_Framework.Application;
+using GozareshgirProgramManager.Application._Common.Constants;
 using Microsoft.AspNetCore.SignalR;
+using GozareshgirProgramManager.Domain.ProjectAgg.Repositories;
+using System.Collections.Generic;
+using System.Linq;
+using System;
 
 namespace ServiceHost.Hubs.ProgramManager;
 
-public class ProjectBoardHub:Hub
+public class ProjectBoardHub : Hub
 {
+    private readonly IAuthHelper _authHelper;
+    private readonly ITaskSectionRepository _taskSectionRepository;
+
+    public ProjectBoardHub(IAuthHelper authHelper, ITaskSectionRepository taskSectionRepository)
+    {
+        _authHelper = authHelper;
+        _taskSectionRepository = taskSectionRepository;
+    }
+
     public override async Task OnConnectedAsync()
     {
-        var user = Context.User?.FindFirst("pm.userId")?.Value;
-
-        if (user != null && user !="0")
+        // Rule 4: Determine all group memberships server-side.
+        if (!_authHelper.IsAuthenticated())
         {
-            await Groups.AddToGroupAsync(
-                Context.ConnectionId,
-                $"pm.user-{user}"
-            );
+            await base.OnConnectedAsync();
+            return;
+        }
+
+        var connectionId = Context.ConnectionId;
+
+        // Rule 2: Add to all permission-based groups based on user's claims.
+        var permissionGroups = _authHelper.GetPermissions() ?? new List<int>();
+
+        // Rule 3: Add to task-specific groups for all tasks assigned to the user (by accountId claim).
+        var userId =Convert.ToInt32(Context.User?.FindFirst("pm.userId")?.Value);
+        
+        var taskGroups = new List<string>();
+        if (userId > 0)
+        {
+            var assignedTasks = await _taskSectionRepository.GetAssignedToUserAsync(userId);
+            if (assignedTasks is { Count: > 0 })
+            {
+                taskGroups = assignedTasks
+                    .Select(t => $"pm.task:{t.Id}")
+                    .ToList();
+            }
+        }
+
+        // Build the full, de-duplicated set of groups to join.
+        var groupsToJoin = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
+
+        // Permission-based groups
+        foreach (var perm in permissionGroups)
+            groupsToJoin.Add($"pm.perm:{perm}");
+
+        // Task-based groups
+        foreach (var tg in taskGroups)
+            groupsToJoin.Add(tg);
+
+        // Rule 5: Avoid duplicate joins; join all needed groups concurrently.
+        if (groupsToJoin.Count > 0)
+        {
+            var joinTasks = groupsToJoin
+                .Select(group => Groups.AddToGroupAsync(connectionId, group));
+            await Task.WhenAll(joinTasks);
         }
 
         await base.OnConnectedAsync();
diff --git a/ServiceHost/Notifications/ProgramManager/SignalRBoardNotificationPublisher.cs b/ServiceHost/Notifications/ProgramManager/SignalRBoardNotificationPublisher.cs
index 130d8f09..87a0c539 100644
--- a/ServiceHost/Notifications/ProgramManager/SignalRBoardNotificationPublisher.cs
+++ b/ServiceHost/Notifications/ProgramManager/SignalRBoardNotificationPublisher.cs
@@ -1,3 +1,4 @@
+using GozareshgirProgramManager.Application._Common.Constants;
 using GozareshgirProgramManager.Application.Interfaces;
 using GozareshgirProgramManager.Domain.ProjectAgg.Enums;
 using Microsoft.AspNetCore.SignalR;
@@ -19,12 +20,20 @@ public class SignalRBoardNotificationPublisher:IBoardNotificationPublisher
     {
         var payload = new
         {
-            UserId = userId,
+            UserId= userId,
             OldStatus = oldStatus,
             NewStatus = newStatus,
             SectionId = sectionId
         };
-        _hubContext.Clients.Group($"pm.user-{userId}").SendAsync("ReceiveProjectStatusChanged",payload);
-        return Task.CompletedTask;
+
+        // گروه task-specific (برای همه assigneeهای واقعی)
+        var taskGroup = $"pm.task:{sectionId}";
+
+        // گروه permission-based (مثلاً برای Admin ها)
+        var permissionGroup = $"pm.perm:{ProgramManagerPermissionCode.Board.All.ViewAll}";
+
+        // ارسال به هر دو گروه؛ SignalR خودش duplicate connection رو هندل می‌کنه
+        return _hubContext.Clients.Groups(taskGroup, permissionGroup)
+            .SendAsync("ReceiveProjectStatusChanged", payload);
     }
 }
\ No newline at end of file
diff --git a/ServiceHost/Properties/launchSettings.json b/ServiceHost/Properties/launchSettings.json
index fd650415..d7381591 100644
--- a/ServiceHost/Properties/launchSettings.json
+++ b/ServiceHost/Properties/launchSettings.json
@@ -19,7 +19,7 @@
       "sqlDebugging": true,
       "dotnetRunMessages": "true",
       "nativeDebugging": true,
-      "applicationUrl": "https://localhost:5004;http://localhost:5003",
+      "applicationUrl": "https://localhost:5004;http://localhost:5003;https://192.168.0.117:5006",
       "jsWebView2Debugging": false,
       "hotReloadEnabled": true
     },