public Task <ActionResult> Approve(Guid leaveRequestId)
{
var personId = User.PersonId();
if (personId == null)
{
throw new UnauthorizedAccessException(
"Logged in user must be connected to a person, talk to HR about this issue");
}
LeaveRequest leaveRequest = null;
return(TryExecute <Func <Guid> >(MyPolicies.peopleEdit,
() =>
{
leaveRequest = _leaveService.GetById(leaveRequestId);
return leaveRequest?.PersonId ??
throw new UserError("Unable to find leave request, it may have been deleted");
},
async() =>
{
//lambda above may not be called, so we need to fetch the request if not
leaveRequest = leaveRequest ?? _leaveService.GetById(leaveRequestId);
var(_, requester, notified) =
await _leaveService.ApproveLeaveRequest(leaveRequest, personId.Value);
if (notified)
{
return this.ShowFrontendMessage(
$"Leave request approved{Environment.NewLine}{requester.PreferredName ?? requester.FirstName} has been notified");
}
return this.ShowFrontendMessage(
$"Leave request approved{Environment.NewLine}{requester.PreferredName ?? requester.FirstName} does not have an email and has not been notified");
}));
}
public IList <LeaveRequestWithNames> Supervisor()
{
var groupId = User.LeaveDelegateGroupId() ?? User.SupervisorGroupId() ??
throw new UnauthorizedAccessException(
"Logged in user must be a supervisor or leave delegate");
return(_leaveService.ListUnderOrgGroup(groupId, User.PersonId()));
}
public IList <LeaveRequestWithNames> ListByPerson(Guid personId)
{
if (!User.IsAdminOrHr() && User.PersonId() != personId)
{
throw new UnauthorizedAccessException(
"You're only allowed to list your leave requests unless you're hr");
}
return(_leaveService.ListByPersonId(personId));
}
public IActionResult UpdateSelf([FromBody] PersonWithOthers person)
{
if (User.PersonId() != person.Id)
{
throw new UnauthorizedAccessException("You're only allowed to modify your own details ");
}
_personService.Save(person);
return(Json(person));
}
public PersonWithOthers Get()
{
var personId = User.PersonId() ?? Guid.Empty;
if (personId == Guid.Empty)
{
return(new PersonWithOthers());
}
return(_personService.GetById(personId));
}
public IList <PersonAndLeaveDetails> PeopleWithLeave(bool listAll = false)
{
if (listAll && !User.IsAdminOrHr())
{
throw new UnauthorizedAccessException("Only admin and hr users are allowed to see all leave");
}
return(_leaveService.PeopleWithLeave(listAll
? (Guid?)null
: (User.PersonId() ??
throw new AuthenticationException("If user isn't admin or hr they must have a personId"))));
}
public IList <PersonAndLeaveDetails> MyLeaveDetails(int year)
{
var personId = User.PersonId() ??
throw new AuthenticationException("User must be a person to request leave");
var people = new List <PersonAndLeaveDetails>
{
_leaveService.PersonWithLeave(personId, year)
};
return(people);
}
public IActionResult Approve(Guid leaveRequestId)
{
//todo validate that logged in user is HR/ADMIN or is the supervisor of the person who created the leave request
var personId = User.PersonId();
if (personId == null)
{
throw new UnauthorizedAccessException(
"Logged in user must be connected to a person, talk to HR about this issue");
}
_leaveService.ApproveLeaveRequest(leaveRequestId, personId.Value);
return(this.ShowFrontendMessage("Leave request approved"));
}
public IActionResult Delete(Guid id)
{
if (User.IsAdminOrHr() ||
(User.PersonId() != null && _leaveService.GetLeavePersonId(id) == User.PersonId()))
{
_leaveService.DeleteLeaveRequest(id);
}
else
{
throw new UnauthorizedAccessException("Logged in user isn't allowed to delete this leave request");
}
return(Ok());
}
public LeaveRequest Update([FromBody] LeaveRequest updatedLeaveRequest)
{
if (updatedLeaveRequest.Id == Guid.Empty && !User.IsAdminOrHr())
{
throw new Exception("Trying to create a new request with the update action, use post instead");
}
if (!User.IsAdminOrHr())
{
_leaveService.ThrowIfHrRequiredForUpdate(updatedLeaveRequest, User.PersonId());
}
_leaveService.UpdateLeave(updatedLeaveRequest);
return(updatedLeaveRequest);
}
public IList <PersonAndLeaveDetails> MyPeopleWithLeave(int year)
{
var groupId = User.LeaveDelegateGroupId() ?? User.SupervisorGroupId() ??
throw new UnauthorizedAccessException(
"Logged in user must be a supervisor or leave delegate");
var people = _leaveService.PeopleInGroupWithLeave(groupId, year);
var personId = User.PersonId();
if (personId != null && people.All(details => details.Person.Id != personId))
{
people.Insert(0, _leaveService.PersonWithLeave(personId.Value, year));
}
return(people);
}
public async Task <IActionResult> RequestLeave([FromBody] LeaveRequest leaveRequest)
{
if (!_leaveService.CanRequestLeave(User, leaveRequest))
{
throw new UnauthorizedAccessException("Logged in user isn't allowed to request leave for this person");
}
if (!User.IsAdminOrHr())
{
_leaveService.ThrowIfHrRequiredForUpdate(leaveRequest, User.PersonId());
}
Person notified = await _leaveService.RequestLeave(leaveRequest);
return(Json(notified));
}
public IList <LeaveRequestWithNames> ListMyLeave()
{
return(_leaveService.ListByPersonId(User.PersonId() ??
throw new UnauthorizedAccessException(
"Logged in user must be connected to a person, talk to HR about this issue")));
}
