public async Task <IActionResult> CreateAsync([FromRoute] int orgId, [FromRoute] int empId, [FromRoute] int performanceReviewId, [FromBody] CreatePerformanceReviewFeedbackRequest request)
{
if (!(await OrganizationRepository.ExistsAsync(orgId)))
{
return(NotFound());
}
if (!(await EmployeeRepository.ExistsAsync(empId)))
{
return(NotFound());
}
var performanceReview = await PerformanceReviewRepository.GetByIdAsync(performanceReviewId);
if (performanceReview == null)
{
return(NotFound());
}
var fromEmpId = AuthenticationService.GetLoggedInUserId();
var performanceReviewFeedback = new PerformanceReviewFeedback()
{
OrganizationId = orgId,
FromEmployeeId = fromEmpId,
ForEmployeeId = performanceReview.EmployeeId,
Comment = request.Comment,
Rating = request.Rating,
};
await PerformanceReviewFeedbackRepository.CreateAsync(performanceReviewFeedback);
return(CreatedAtAction(nameof(GetById), new { id = performanceReview.Id }, Mapper.Map <PerformanceReviewFeedbackDto>(performanceReview)));
}
public async Task <IActionResult> PermitAsync([FromRoute] int orgId, [FromRoute] int empId, [FromRoute] int performanceReviewId)
{
var performanceReview = await PerformanceReviewRepository.GetByIdAsync(performanceReviewId);
if (performanceReview == null || !DoesOwnPerformanceReview(performanceReview))
{
return(NotFound());
}
if (performanceReview.EmployeeId == empId)
{
throw new BadRequestException("Can't allow employee to provide feedback for himself/herself");
}
if (await PerformanceReviewRepository.PermitAsync(performanceReviewId, empId))
{
var performanceReviewFeedback = new PerformanceReviewFeedback()
{
Name = "",
ForEmployeeId = performanceReview.EmployeeId,
FromEmployeeId = empId,
OrganizationId = orgId,
PerformanceReviewId = performanceReviewId,
};
await PerformanceReviewFeedbackRepository.CreateAsync(performanceReviewFeedback);
var performanceReviewFeedbackDto = this.Mapper.Map <PerformanceReviewFeedbackDto>(performanceReviewFeedback);
return(Ok(performanceReviewFeedbackDto));
}
return(BadRequest());
}
private bool CanUserAccessPerformanceReviewFeedback(PerformanceReviewFeedback review)
{
var userRole = AuthenticationService.GetLoggedInUserRole();
var userId = AuthenticationService.GetLoggedInUserId();
var userOrgId = AuthenticationService.GetLoggedInUserOrgId();
if (userRole == UserRole.SuperAdmin)
{
return(true);
}
if (userRole == UserRole.Admin && userOrgId == review.OrganizationId)
{
return(true);
}
if (userRole == UserRole.Employee && userOrgId == review.OrganizationId && userId == review.FromEmployeeId)
{
return(true);
}
return(false);
}
