aconnect/src/main/java/com/mfsys/aconnect/usermanagement/constant/UserManagementURI.java

@@ -8,6 +8,10 @@ public interface UserManagementURI {
   String DELETE_USER = "/deleteUser";
   String GET_ALL_USERS = "/getAllUsers";
 
+  String GET_USER_PERMISSIONS = "/getPermissions";
+  String SAVE_USER_PERMISSIONS = "/savePermissions";
+  String UPDATE_USER_PERMISSIONS = "/updatePermissions";
+
   String USER_SUBSCRIPTION = "/userSubscription";
   String GET_USER_SUBSCRIPTION = "/getUserSubscription";
   String CREATE_USER_SUBSCRIPTION = "/createUserSubscription";

aconnect/src/main/java/com/mfsys/aconnect/usermanagement/controller/UserController.java

@@ -1,6 +1,7 @@
 package com.mfsys.aconnect.usermanagement.controller;
 
 import com.mfsys.aconnect.usermanagement.constant.UserManagementURI;
+import com.mfsys.aconnect.usermanagement.dto.PermissionDTO;
 import com.mfsys.aconnect.usermanagement.dto.UserDTOs;
 import com.mfsys.aconnect.usermanagement.service.UserService;
 import jakarta.persistence.EntityNotFoundException;
@@ -61,4 +62,27 @@ public class UserController {
       return new ResponseEntity<>(HttpStatus.NOT_FOUND);
     }
   }
+
+  @PostMapping(UserManagementURI.SAVE_USER_PERMISSIONS)
+  public ResponseEntity<UserDTOs.UserResponse> saveUserPermissions(
+          @RequestBody PermissionDTO permissionDTO) {
+
+      UserDTOs.UserResponse response = userService.saveUserPermissions(permissionDTO);
+      return new ResponseEntity<>(response, HttpStatus.OK);
+  }
+
+  @GetMapping(UserManagementURI.GET_USER_PERMISSIONS)
+  public ResponseEntity<PermissionDTO> getUserPermissions(@RequestParam String userId) {
+      PermissionDTO dto = userService.getUserPermissions(userId);
+      return new ResponseEntity<>(dto, HttpStatus.OK);
+  }
+
+  @PutMapping(UserManagementURI.UPDATE_USER_PERMISSIONS)
+  public ResponseEntity<UserDTOs.UserResponse> updateUserPermissions(
+          @RequestBody PermissionDTO permissionDTO) {
+
+     UserDTOs.UserResponse response = userService.updateUserPermissions(permissionDTO);
+     return new ResponseEntity<>(response, HttpStatus.OK);
+  }
+
 }

aconnect/src/main/java/com/mfsys/aconnect/usermanagement/dto/PermissionDTO.java

@@ -0,0 +1,10 @@
+package com.mfsys.aconnect.usermanagement.dto;
+
+import lombok.Data;
+import java.util.List;
+
+@Data
+public class PermissionDTO {
+    private List<String> permissions;
+    private String userId;
+}

aconnect/src/main/java/com/mfsys/aconnect/usermanagement/model/User.java

@@ -35,6 +35,9 @@ public class User {
   @Column(name = "role", nullable = false)
   private Role role = Role.USER;
 
+  @Column(name = "permissions", columnDefinition = "TEXT")
+  private String permissions;
+
   @Column(name = "is_first_login")
   private Boolean isFirstLogin = true;
 

aconnect/src/main/java/com/mfsys/aconnect/usermanagement/service/UserService.java

@@ -2,6 +2,7 @@ package com.mfsys.aconnect.usermanagement.service;
 
 import com.mfsys.common.configuration.service.PasswordEncryptionService;
 import com.mfsys.aconnect.usermanagement.dto.UserDTOs;
+import com.mfsys.aconnect.usermanagement.dto.PermissionDTO;
 import com.mfsys.aconnect.usermanagement.model.User;
 import com.mfsys.aconnect.usermanagement.repository.UserRepository;
 import jakarta.persistence.EntityNotFoundException;
@@ -87,4 +88,45 @@ public class UserService {
     response.setUpdatedAt(user.getUpdatedAt());
     return response;
   }
+
+  @Transactional
+  public UserDTOs.UserResponse saveUserPermissions(PermissionDTO permissionDTO) {
+      User user = userRepository.findById(permissionDTO.getUserId())
+              .orElseThrow(() -> new EntityNotFoundException("User not found with ID: " + permissionDTO.getUserId()));
+
+      // Convert list of permissions to comma-separated string
+      String permissions = String.join(",", permissionDTO.getPermissions());
+      user.setPermissions(permissions);
+      User updatedUser = userRepository.save(user);
+
+      return mapToResponseDTO(updatedUser);
+  }
+
+  public PermissionDTO getUserPermissions(String userId) {
+      User user = userRepository.findById(userId)
+              .orElseThrow(() -> new EntityNotFoundException("User not found with ID: " + userId));
+
+      PermissionDTO dto = new PermissionDTO();
+      dto.setUserId(userId);
+      if (user.getPermissions() != null && !user.getPermissions().isEmpty()) {
+          dto.setPermissions(java.util.Arrays.asList(user.getPermissions().split(",")));
+      }
+      return dto;
+  }
+
+  @Transactional
+  public UserDTOs.UserResponse updateUserPermissions(PermissionDTO permissionDTO) {
+
+      User user = userRepository.findById(permissionDTO.getUserId())
+              .orElseThrow(() ->
+                      new EntityNotFoundException("User not found with ID: " + permissionDTO.getUserId())
+              );
+
+      String permissions = String.join(",", permissionDTO.getPermissions());
+      user.setPermissions(permissions);
+
+      User updatedUser = userRepository.save(user);
+      return mapToResponseDTO(updatedUser);
+  }
+
 }