Esempio n. 1
0
 public IList <LeaveRequestWithNames> ListByPerson(Guid personId)
 {
     if (!User.IsAdminOrHr() && User.PersonId() != personId)
     {
         throw new UnauthorizedAccessException(
                   "You're only allowed to list your leave requests unless you're hr");
     }
     return(_leaveService.ListByPersonId(personId));
 }
Esempio n. 2
0
 public IList <PersonAndLeaveDetails> PeopleWithLeave(bool listAll = false)
 {
     if (listAll && !User.IsAdminOrHr())
     {
         throw new UnauthorizedAccessException("Only admin and hr users are allowed to see all leave");
     }
     return(_leaveService.PeopleWithLeave(listAll
         ? (Guid?)null
         : (User.PersonId() ??
            throw new AuthenticationException("If user isn't admin or hr they must have a personId"))));
 }
Esempio n. 3
0
        public IActionResult Delete(Guid id)
        {
            if (User.IsAdminOrHr() ||
                (User.PersonId() != null && _leaveService.GetLeavePersonId(id) == User.PersonId()))
            {
                _leaveService.DeleteLeaveRequest(id);
            }
            else
            {
                throw new UnauthorizedAccessException("Logged in user isn't allowed to delete this leave request");
            }

            return(Ok());
        }
Esempio n. 4
0
        public Task <ActionResult <Person> > RequestLeave([FromBody] LeaveRequest leaveRequest)
        {
            return(TryExecute(MyPolicies.canRequestLeave,
                              leaveRequest,
                              () =>
            {
                if (!User.IsAdminOrHr())
                {
                    _leaveService.ThrowIfHrRequiredForUpdate(leaveRequest);
                }

                return _leaveService.RequestLeave(leaveRequest);
            }));
        }
Esempio n. 5
0
        public LeaveRequest Update([FromBody] LeaveRequest updatedLeaveRequest)
        {
            if (updatedLeaveRequest.Id == Guid.Empty && !User.IsAdminOrHr())
            {
                throw new Exception("Trying to create a new request with the update action, use post instead");
            }
            if (!User.IsAdminOrHr())
            {
                _leaveService.ThrowIfHrRequiredForUpdate(updatedLeaveRequest, User.PersonId());
            }

            _leaveService.UpdateLeave(updatedLeaveRequest);

            return(updatedLeaveRequest);
        }
Esempio n. 6
0
        public async Task <IActionResult> RequestLeave([FromBody] LeaveRequest leaveRequest)
        {
            if (!_leaveService.CanRequestLeave(User, leaveRequest))
            {
                throw new UnauthorizedAccessException("Logged in user isn't allowed to request leave for this person");
            }

            if (!User.IsAdminOrHr())
            {
                _leaveService.ThrowIfHrRequiredForUpdate(leaveRequest, User.PersonId());
            }

            Person notified = await _leaveService.RequestLeave(leaveRequest);

            return(Json(notified));
        }
Esempio n. 7
0
        public Task <ActionResult <LeaveRequest> > Update([FromBody] LeaveRequest updatedLeaveRequest)
        {
            return(TryExecute(MyPolicies.canRequestLeave,
                              updatedLeaveRequest,
                              () =>
            {
                if (!User.IsAdminOrHr())
                {
                    _leaveService.ThrowIfHrRequiredForUpdate(updatedLeaveRequest);
                }

                _leaveService.UpdateLeave(updatedLeaveRequest);

                return updatedLeaveRequest;
            }));
        }