public IList <LeaveRequestWithNames> ListByPerson(Guid personId) { if (!User.IsAdminOrHr() && User.PersonId() != personId) { throw new UnauthorizedAccessException( "You're only allowed to list your leave requests unless you're hr"); } return(_leaveService.ListByPersonId(personId)); }
public IList <PersonAndLeaveDetails> PeopleWithLeave(bool listAll = false) { if (listAll && !User.IsAdminOrHr()) { throw new UnauthorizedAccessException("Only admin and hr users are allowed to see all leave"); } return(_leaveService.PeopleWithLeave(listAll ? (Guid?)null : (User.PersonId() ?? throw new AuthenticationException("If user isn't admin or hr they must have a personId")))); }
public IActionResult Delete(Guid id) { if (User.IsAdminOrHr() || (User.PersonId() != null && _leaveService.GetLeavePersonId(id) == User.PersonId())) { _leaveService.DeleteLeaveRequest(id); } else { throw new UnauthorizedAccessException("Logged in user isn't allowed to delete this leave request"); } return(Ok()); }
public Task <ActionResult <Person> > RequestLeave([FromBody] LeaveRequest leaveRequest) { return(TryExecute(MyPolicies.canRequestLeave, leaveRequest, () => { if (!User.IsAdminOrHr()) { _leaveService.ThrowIfHrRequiredForUpdate(leaveRequest); } return _leaveService.RequestLeave(leaveRequest); })); }
public LeaveRequest Update([FromBody] LeaveRequest updatedLeaveRequest) { if (updatedLeaveRequest.Id == Guid.Empty && !User.IsAdminOrHr()) { throw new Exception("Trying to create a new request with the update action, use post instead"); } if (!User.IsAdminOrHr()) { _leaveService.ThrowIfHrRequiredForUpdate(updatedLeaveRequest, User.PersonId()); } _leaveService.UpdateLeave(updatedLeaveRequest); return(updatedLeaveRequest); }
public async Task <IActionResult> RequestLeave([FromBody] LeaveRequest leaveRequest) { if (!_leaveService.CanRequestLeave(User, leaveRequest)) { throw new UnauthorizedAccessException("Logged in user isn't allowed to request leave for this person"); } if (!User.IsAdminOrHr()) { _leaveService.ThrowIfHrRequiredForUpdate(leaveRequest, User.PersonId()); } Person notified = await _leaveService.RequestLeave(leaveRequest); return(Json(notified)); }
public Task <ActionResult <LeaveRequest> > Update([FromBody] LeaveRequest updatedLeaveRequest) { return(TryExecute(MyPolicies.canRequestLeave, updatedLeaveRequest, () => { if (!User.IsAdminOrHr()) { _leaveService.ThrowIfHrRequiredForUpdate(updatedLeaveRequest); } _leaveService.UpdateLeave(updatedLeaveRequest); return updatedLeaveRequest; })); }