Fixed a check whether a user is a manager when requesting employee data

AnalogIO · Oct 11, 2022 · c5070e9 · c5070e9
1 parent 9c647ed
commit c5070e9
Show file tree

Hide file tree

Showing 6 changed files with 9 additions and 18 deletions.
diff --git a/API/ShiftPlanning.WebApi/Controllers/EmployeesController.cs b/API/ShiftPlanning.WebApi/Controllers/EmployeesController.cs
@@ -176,7 +176,8 @@ public IActionResult Get()
 
             var employees = _employeeService.GetEmployees(organization.Id);
             if (employees == null) return NotFound();
-            if(_authManager.IsManager(Request.Headers))
+            //get claims of the Role type
+            if(User.IsInRole("Manager"))
             {
                 return Ok(Mapper.Map(employees.OrderBy(e => e.FirstName).ThenBy(e => e.LastName)));
             }

diff --git a/API/ShiftPlanning.WebApi/Helpers/Authorization/AuthManager.cs b/API/ShiftPlanning.WebApi/Helpers/Authorization/AuthManager.cs
@@ -1,8 +1,5 @@
 using System.Collections.Generic;
-using System.Linq;
-using System.Net.Http.Headers;
 using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.Primitives;
 using ShiftPlanning.Model.Models;
 using ShiftPlanning.WebApi.Exceptions;
 using ShiftPlanning.WebApi.Repositories;
@@ -46,16 +43,6 @@ public Employee GetEmployeeByHeader(IHeaderDictionary headers)
             return _employeeRepository.Read(tokenHash);
         }
 
-        public bool IsManager(IHeaderDictionary headers)
-        {
-            headers.TryGetValue("Authorization", out var token);
-            if (token.ToString() == null) throw new ObjectNotFoundException("Could not find a manager corresponding to the given 'Authorization' header");
-            var employee = _employeeRepository.Read(token);
-            if (employee == null) return false;
-            if (employee.Role_.Any(r => r.Name == "Manager")) return true;
-            return false;
-        }
-
         public IEnumerable<Role> GetRoles(string token)
         {
             var employee = _employeeRepository.Read(token);

diff --git a/API/ShiftPlanning.WebApi/Helpers/Authorization/IAuthManager.cs b/API/ShiftPlanning.WebApi/Helpers/Authorization/IAuthManager.cs
@@ -11,6 +11,5 @@ public interface IAuthManager
         Employee GetEmployeeByHeader(IHeaderDictionary headers);
         bool ValidateOrganizationApiKey(string apiKey);
         IEnumerable<Role> GetRoles(string token);
-        bool IsManager(IHeaderDictionary headers);
     }
 }
diff --git a/API/ShiftPlanning.WebApi/Repositories/EmployeeRepository.cs b/API/ShiftPlanning.WebApi/Repositories/EmployeeRepository.cs
@@ -60,7 +60,8 @@ public IEnumerable<Employee> ReadFromOrganization(int organizationId)
         {
             return _context.Employees
                 .Where(e => e.Organization.Id == organizationId).OrderBy(x => x.Id)
-                .Include(x => x.Role_);
+                .Include(x => x.Role_)
+                .Include(x => x.CheckIns);
         }
 
         public IEnumerable<Employee> ReadFromOrganization(string shortKey)

diff --git a/API/ShiftPlanning.WebApi/Repositories/ScheduleRepository.cs b/API/ShiftPlanning.WebApi/Repositories/ScheduleRepository.cs
@@ -43,6 +43,7 @@ public Schedule Read(int id, int organizationId)
         {
             return _context.Schedules
                 .Where(x => x.Id == id && x.Organization.Id == organizationId)
+                .Include(x => x.Shifts)
                 .Include(x => x.ScheduledShifts)
                 .ThenInclude(shift => shift.EmployeeAssignments)
                 .ThenInclude(assignment => assignment.Employee)
@@ -82,7 +83,9 @@ public int Update(Schedule schedule)
 
         public void DeleteScheduledShift(int scheduleId, int scheduledShiftId, int organizationId)
         {
-            var schedule = _context.Schedules.SingleOrDefault(x => x.Id == scheduleId && x.Organization.Id == organizationId);
+            var schedule = _context.Schedules
+                .Include(x => x.ScheduledShifts)
+                .SingleOrDefault(x => x.Id == scheduleId && x.Organization.Id == organizationId);
             if (schedule == null) throw new ObjectNotFoundException("Could not find a schedule corresponding to the given id");
 
             var scheduledShift = schedule.ScheduledShifts.SingleOrDefault(x => x.Id == scheduledShiftId);

diff --git a/API/ShiftPlanning.WebApi/Repositories/ShiftRepository.cs b/API/ShiftPlanning.WebApi/Repositories/ShiftRepository.cs
@@ -37,7 +37,7 @@ public void Delete(IEnumerable<Shift> shifts)
 
         public void Delete(int id, int organizationId)
         {
-            var shift = _context.Shifts.FirstOrDefault(x => x.Id == id && x.Organization.Id == organizationId);
+            var shift = _context.Shifts.Include(x => x.CheckIns).FirstOrDefault(x => x.Id == id && x.Organization.Id == organizationId);
             if (shift == null) throw new ObjectNotFoundException("Could not find a shift corresponding to the given id");
 
             if(shift.CheckIns.Any()) throw new ForbiddenException("You cannot delete a shift that contains checked in employees");