diff --git a/API/ShiftPlanning.WebApi/Controllers/EmployeesController.cs b/API/ShiftPlanning.WebApi/Controllers/EmployeesController.cs index c1a8e6b..a4cb0a3 100644 --- a/API/ShiftPlanning.WebApi/Controllers/EmployeesController.cs +++ b/API/ShiftPlanning.WebApi/Controllers/EmployeesController.cs @@ -176,7 +176,8 @@ public IActionResult Get() var employees = _employeeService.GetEmployees(organization.Id); if (employees == null) return NotFound(); - if(_authManager.IsManager(Request.Headers)) + //get claims of the Role type + if(User.IsInRole("Manager")) { return Ok(Mapper.Map(employees.OrderBy(e => e.FirstName).ThenBy(e => e.LastName))); } diff --git a/API/ShiftPlanning.WebApi/Helpers/Authorization/AuthManager.cs b/API/ShiftPlanning.WebApi/Helpers/Authorization/AuthManager.cs index 35c27c7..bd87c97 100644 --- a/API/ShiftPlanning.WebApi/Helpers/Authorization/AuthManager.cs +++ b/API/ShiftPlanning.WebApi/Helpers/Authorization/AuthManager.cs @@ -1,8 +1,5 @@ using System.Collections.Generic; -using System.Linq; -using System.Net.Http.Headers; using Microsoft.AspNetCore.Http; -using Microsoft.Extensions.Primitives; using ShiftPlanning.Model.Models; using ShiftPlanning.WebApi.Exceptions; using ShiftPlanning.WebApi.Repositories; @@ -46,16 +43,6 @@ public Employee GetEmployeeByHeader(IHeaderDictionary headers) return _employeeRepository.Read(tokenHash); } - public bool IsManager(IHeaderDictionary headers) - { - headers.TryGetValue("Authorization", out var token); - if (token.ToString() == null) throw new ObjectNotFoundException("Could not find a manager corresponding to the given 'Authorization' header"); - var employee = _employeeRepository.Read(token); - if (employee == null) return false; - if (employee.Role_.Any(r => r.Name == "Manager")) return true; - return false; - } - public IEnumerable GetRoles(string token) { var employee = _employeeRepository.Read(token); diff --git a/API/ShiftPlanning.WebApi/Helpers/Authorization/IAuthManager.cs b/API/ShiftPlanning.WebApi/Helpers/Authorization/IAuthManager.cs index 07ba5aa..0ee13df 100644 --- a/API/ShiftPlanning.WebApi/Helpers/Authorization/IAuthManager.cs +++ b/API/ShiftPlanning.WebApi/Helpers/Authorization/IAuthManager.cs @@ -11,6 +11,5 @@ public interface IAuthManager Employee GetEmployeeByHeader(IHeaderDictionary headers); bool ValidateOrganizationApiKey(string apiKey); IEnumerable GetRoles(string token); - bool IsManager(IHeaderDictionary headers); } } \ No newline at end of file diff --git a/API/ShiftPlanning.WebApi/Repositories/EmployeeRepository.cs b/API/ShiftPlanning.WebApi/Repositories/EmployeeRepository.cs index 6b2c819..bac7885 100644 --- a/API/ShiftPlanning.WebApi/Repositories/EmployeeRepository.cs +++ b/API/ShiftPlanning.WebApi/Repositories/EmployeeRepository.cs @@ -60,7 +60,8 @@ public IEnumerable ReadFromOrganization(int organizationId) { return _context.Employees .Where(e => e.Organization.Id == organizationId).OrderBy(x => x.Id) - .Include(x => x.Role_); + .Include(x => x.Role_) + .Include(x => x.CheckIns); } public IEnumerable ReadFromOrganization(string shortKey) diff --git a/API/ShiftPlanning.WebApi/Repositories/ScheduleRepository.cs b/API/ShiftPlanning.WebApi/Repositories/ScheduleRepository.cs index 8ace1d9..39cda23 100644 --- a/API/ShiftPlanning.WebApi/Repositories/ScheduleRepository.cs +++ b/API/ShiftPlanning.WebApi/Repositories/ScheduleRepository.cs @@ -43,6 +43,7 @@ public Schedule Read(int id, int organizationId) { return _context.Schedules .Where(x => x.Id == id && x.Organization.Id == organizationId) + .Include(x => x.Shifts) .Include(x => x.ScheduledShifts) .ThenInclude(shift => shift.EmployeeAssignments) .ThenInclude(assignment => assignment.Employee) @@ -82,7 +83,9 @@ public int Update(Schedule schedule) public void DeleteScheduledShift(int scheduleId, int scheduledShiftId, int organizationId) { - var schedule = _context.Schedules.SingleOrDefault(x => x.Id == scheduleId && x.Organization.Id == organizationId); + var schedule = _context.Schedules + .Include(x => x.ScheduledShifts) + .SingleOrDefault(x => x.Id == scheduleId && x.Organization.Id == organizationId); if (schedule == null) throw new ObjectNotFoundException("Could not find a schedule corresponding to the given id"); var scheduledShift = schedule.ScheduledShifts.SingleOrDefault(x => x.Id == scheduledShiftId); diff --git a/API/ShiftPlanning.WebApi/Repositories/ShiftRepository.cs b/API/ShiftPlanning.WebApi/Repositories/ShiftRepository.cs index 15545f7..8dffd58 100644 --- a/API/ShiftPlanning.WebApi/Repositories/ShiftRepository.cs +++ b/API/ShiftPlanning.WebApi/Repositories/ShiftRepository.cs @@ -37,7 +37,7 @@ public void Delete(IEnumerable shifts) public void Delete(int id, int organizationId) { - var shift = _context.Shifts.FirstOrDefault(x => x.Id == id && x.Organization.Id == organizationId); + var shift = _context.Shifts.Include(x => x.CheckIns).FirstOrDefault(x => x.Id == id && x.Organization.Id == organizationId); if (shift == null) throw new ObjectNotFoundException("Could not find a shift corresponding to the given id"); if(shift.CheckIns.Any()) throw new ForbiddenException("You cannot delete a shift that contains checked in employees");