public Task <ActionResult> Approve(Guid leaveRequestId) { var personId = User.PersonId(); if (personId == null) { throw new UnauthorizedAccessException( "Logged in user must be connected to a person, talk to HR about this issue"); } LeaveRequest leaveRequest = null; return(TryExecute <Func <Guid> >(MyPolicies.peopleEdit, () => { leaveRequest = _leaveService.GetById(leaveRequestId); return leaveRequest?.PersonId ?? throw new UserError("Unable to find leave request, it may have been deleted"); }, async() => { //lambda above may not be called, so we need to fetch the request if not leaveRequest = leaveRequest ?? _leaveService.GetById(leaveRequestId); var(_, requester, notified) = await _leaveService.ApproveLeaveRequest(leaveRequest, personId.Value); if (notified) { return this.ShowFrontendMessage( $"Leave request approved{Environment.NewLine}{requester.PreferredName ?? requester.FirstName} has been notified"); } return this.ShowFrontendMessage( $"Leave request approved{Environment.NewLine}{requester.PreferredName ?? requester.FirstName} does not have an email and has not been notified"); })); }
public IList <LeaveRequestWithNames> Supervisor() { var groupId = User.LeaveDelegateGroupId() ?? User.SupervisorGroupId() ?? throw new UnauthorizedAccessException( "Logged in user must be a supervisor or leave delegate"); return(_leaveService.ListUnderOrgGroup(groupId, User.PersonId())); }
public IList <LeaveRequestWithNames> ListByPerson(Guid personId) { if (!User.IsAdminOrHr() && User.PersonId() != personId) { throw new UnauthorizedAccessException( "You're only allowed to list your leave requests unless you're hr"); } return(_leaveService.ListByPersonId(personId)); }
public IActionResult UpdateSelf([FromBody] PersonWithOthers person) { if (User.PersonId() != person.Id) { throw new UnauthorizedAccessException("You're only allowed to modify your own details "); } _personService.Save(person); return(Json(person)); }
public PersonWithOthers Get() { var personId = User.PersonId() ?? Guid.Empty; if (personId == Guid.Empty) { return(new PersonWithOthers()); } return(_personService.GetById(personId)); }
public IList <PersonAndLeaveDetails> PeopleWithLeave(bool listAll = false) { if (listAll && !User.IsAdminOrHr()) { throw new UnauthorizedAccessException("Only admin and hr users are allowed to see all leave"); } return(_leaveService.PeopleWithLeave(listAll ? (Guid?)null : (User.PersonId() ?? throw new AuthenticationException("If user isn't admin or hr they must have a personId")))); }
public IList <PersonAndLeaveDetails> MyLeaveDetails(int year) { var personId = User.PersonId() ?? throw new AuthenticationException("User must be a person to request leave"); var people = new List <PersonAndLeaveDetails> { _leaveService.PersonWithLeave(personId, year) }; return(people); }
public IActionResult Approve(Guid leaveRequestId) { //todo validate that logged in user is HR/ADMIN or is the supervisor of the person who created the leave request var personId = User.PersonId(); if (personId == null) { throw new UnauthorizedAccessException( "Logged in user must be connected to a person, talk to HR about this issue"); } _leaveService.ApproveLeaveRequest(leaveRequestId, personId.Value); return(this.ShowFrontendMessage("Leave request approved")); }
public IActionResult Delete(Guid id) { if (User.IsAdminOrHr() || (User.PersonId() != null && _leaveService.GetLeavePersonId(id) == User.PersonId())) { _leaveService.DeleteLeaveRequest(id); } else { throw new UnauthorizedAccessException("Logged in user isn't allowed to delete this leave request"); } return(Ok()); }
public LeaveRequest Update([FromBody] LeaveRequest updatedLeaveRequest) { if (updatedLeaveRequest.Id == Guid.Empty && !User.IsAdminOrHr()) { throw new Exception("Trying to create a new request with the update action, use post instead"); } if (!User.IsAdminOrHr()) { _leaveService.ThrowIfHrRequiredForUpdate(updatedLeaveRequest, User.PersonId()); } _leaveService.UpdateLeave(updatedLeaveRequest); return(updatedLeaveRequest); }
public IList <PersonAndLeaveDetails> MyPeopleWithLeave(int year) { var groupId = User.LeaveDelegateGroupId() ?? User.SupervisorGroupId() ?? throw new UnauthorizedAccessException( "Logged in user must be a supervisor or leave delegate"); var people = _leaveService.PeopleInGroupWithLeave(groupId, year); var personId = User.PersonId(); if (personId != null && people.All(details => details.Person.Id != personId)) { people.Insert(0, _leaveService.PersonWithLeave(personId.Value, year)); } return(people); }
public async Task <IActionResult> RequestLeave([FromBody] LeaveRequest leaveRequest) { if (!_leaveService.CanRequestLeave(User, leaveRequest)) { throw new UnauthorizedAccessException("Logged in user isn't allowed to request leave for this person"); } if (!User.IsAdminOrHr()) { _leaveService.ThrowIfHrRequiredForUpdate(leaveRequest, User.PersonId()); } Person notified = await _leaveService.RequestLeave(leaveRequest); return(Json(notified)); }
public IList <LeaveRequestWithNames> ListMyLeave() { return(_leaveService.ListByPersonId(User.PersonId() ?? throw new UnauthorizedAccessException( "Logged in user must be connected to a person, talk to HR about this issue"))); }