TourmalineCore · fpandyz · Sep 12, 2025 · Aug 28, 2025 · Sep 12, 2025
diff --git a/.github/workflows/prod-docker-publish.yml b/.github/workflows/prod-docker-publish.yml
@@ -48,6 +48,7 @@ jobs:
             --set "extraSecretEnvVars.InnerCircleServiceUrls__MailServiceUrl=${{ secrets.DEV_MAIL_SERVICE_URL }}" \
             --set "extraSecretEnvVars.InnerCircleServiceUrls__AuthUIServiceUrl=${{ secrets.DEV_AUTH_UI_SERVICE_URL }}" \
             --set "extraSecretEnvVars.InnerCircleServiceUrls__AccountsServiceUrl=${{ secrets.DEV_ACCOUNTS_SERVICE_URL }}" \
+            --set "extraSecretEnvVars.InnerCircleServiceUrls__EmployeesServiceUrl=${{ secrets.DEV_EMPLOYEES_SERVICE_URL }}" \
             "${RELEASE_NAME}" \
             bitnami/aspnet-core --version 4.4.7
           kubeconfig: "${{ secrets.DEV_KUBECONFIG }}"
diff --git a/Api/Services/IInnerCircleHttpClient.cs b/Api/Services/IInnerCircleHttpClient.cs
@@ -1,3 +1,5 @@
+using DataAccess.Models;
+
 namespace Api.Services;
 
 public interface IInnerCircleHttpClient
@@ -6,4 +8,5 @@ public interface IInnerCircleHttpClient
     Task SendPasswordResetLink(string email, string token);
     Task<List<string>> GetPermissions(long accountId);
     Task<long> GetTenantId(long accountId);
+    Task<Employee> GetEmployeeAsync(string corporateEmail);
 }
diff --git a/Api/Services/InnerCircleHttpClient.cs b/Api/Services/InnerCircleHttpClient.cs
@@ -1,6 +1,7 @@
 using System.Text.Json;
 using System.Web;
 using Api.Services.Options;
+using DataAccess.Models;
 using Microsoft.Extensions.Options;
 
 namespace Api.Services
@@ -56,5 +57,12 @@ public async Task<long> GetTenantId(long accountId)
             var response = await _client.GetStringAsync(link);
             return JsonSerializer.Deserialize<long>(response);
         }
+
+        public async Task<Employee> GetEmployeeAsync(string corporateEmail)
+        {
+            var link = $"{_urls.EmployeesServiceUrl}/internal/get-employee?corporateEmail={corporateEmail}";
+            var response = await _client.GetStringAsync(link);
+            return Newtonsoft.Json.JsonConvert.DeserializeObject<Employee>(response);
+        }
     }
 }
diff --git a/Api/Services/Options/InnerCircleServiceUrl.cs b/Api/Services/Options/InnerCircleServiceUrl.cs
@@ -5,5 +5,6 @@ public class InnerCircleServiceUrls
         public string MailServiceUrl { get; set; }
         public string AuthUIServiceUrl { get; set; }
         public string AccountsServiceUrl { get; set; }
+        public string EmployeesServiceUrl { get; set; }
     }
 }
diff --git a/Api/Services/Users/UserClaimsProvider.cs b/Api/Services/Users/UserClaimsProvider.cs
@@ -18,6 +18,8 @@ public class UserClaimsProvider : IUserClaimsProvider
 
         private const string CorporateEmailClaimType = "corporateEmail";
 
+        private const string EmployeeIdClaimType = "employeeId";
+
         public UserClaimsProvider(
             IFindUserQuery userQuery,
             ILogger<UserClaimsProvider> logger,
@@ -33,13 +35,14 @@ public async Task<List<Claim>> GetUserClaimsAsync(string login)
             var user = await _userQuery.FindUserByCorporateEmailAsync(login);
             var privileges = await _innerCircleHttpClient.GetPermissions(user.AccountId);
             var tenantId = await _innerCircleHttpClient.GetTenantId(user.AccountId);
+            var employee = await _innerCircleHttpClient.GetEmployeeAsync(login);
 
             var claims = new List<Claim>
             {
                 new (NameIdentifierClaimType, login),
                 new (CorporateEmailClaimType, user.UserName),
-                new (TenantIdClaimType, tenantId.ToString())
-
+                new (TenantIdClaimType, tenantId.ToString()),
+                new (EmployeeIdClaimType, employee.Id.ToString())
             };
             privileges.ForEach(x => claims.Add(new Claim(PermissionsClaimType, x.ToString())));
 

diff --git a/Api/appsettings.LocalEnvForDevelopment.json b/Api/appsettings.LocalEnvForDevelopment.json
@@ -17,6 +17,7 @@
   "InnerCircleServiceUrls": {
     "MailServiceUrl": "http://inner-circle.local.tourmalinecore.internal/api",
     "AuthUIServiceUrl": "http://inner-circle.local.tourmalinecore.internal",
-    "AccountsServiceUrl": "http://inner-circle.local.tourmalinecore.internal"
+    "AccountsServiceUrl": "http://inner-circle.local.tourmalinecore.internal",
+    "EmployeesServiceUrl": "http://inner-circle.local.tourmalinecore.internal"
   }
 }
diff --git a/Api/appsettings.MockForDevelopment.json b/Api/appsettings.MockForDevelopment.json
@@ -17,6 +17,7 @@
   "InnerCircleServiceUrls": {
     "MailServiceUrl": "http://localhost:5005/api",
     "AuthUIServiceUrl": "https://localhost:3000",
-    "AccountsServiceUrl": "http://localhost:5001"
+    "AccountsServiceUrl": "http://localhost:5001",
+    "EmployeesServiceUrl": "http://localhost:5006"
   }
 }
diff --git a/Api/appsettings.MockForPullRequest.json b/Api/appsettings.MockForPullRequest.json
@@ -17,6 +17,7 @@
   "InnerCircleServiceUrls": {
     "MailServiceUrl": "http://mockServer:1080/api",
     "AuthUIServiceUrl": "https://localhost:3000",
-    "AccountsServiceUrl": "http://mockServer:1080"
+    "AccountsServiceUrl": "http://mockServer:1080",
+    "EmployeesServiceUrl": "http://mockServer:1080"
   }
 }
diff --git a/Api/appsettings.ProdForDeployment.json b/Api/appsettings.ProdForDeployment.json
@@ -17,6 +17,7 @@
   "InnerCircleServiceUrls": {
     "MailServiceUrl": "**secret**",
     "AuthUIServiceUrl": "**secret**",
-    "AccountsServiceUrl": "**secret**"
+    "AccountsServiceUrl": "**secret**",
+    "EmployeesServiceUrl": "**secret**"
   }
 }
diff --git a/Api/appsettings.ProdForDevelopment.json b/Api/appsettings.ProdForDevelopment.json
@@ -17,6 +17,7 @@
   "InnerCircleServiceUrls": {
     "MailServiceUrl": "not_completed_yet",
     "AuthUIServiceUrl": "not_completed_yet",
-    "AccountsServiceUrl": "not_completed_yet"
+    "AccountsServiceUrl": "not_completed_yet",
+    "EmployeesServiceUrl": "not_completed_yet"
   }
 }
diff --git a/DataAccess/Models/Employee.cs b/DataAccess/Models/Employee.cs
@@ -0,0 +1,6 @@
+namespace DataAccess.Models;
+
+public class Employee
+{
+    public long Id { get; set; }
+}