Fixed a check whether a user is a manager when requesting employee data

TTA777 · TTA777 · commit c5070e96efed · 2022-10-11T13:07:50.000+02:00
diff --git a/API/ShiftPlanning.WebApi/Controllers/EmployeesController.cs b/API/ShiftPlanning.WebApi/Controllers/EmployeesController.cs
@@ -176,7 +176,8 @@ public IActionResult Get()
 
             var employees = _employeeService.GetEmployees(organization.Id);
             if (employees == null) return NotFound();
-            if(_authManager.IsManager(Request.Headers))
+            //get claims of the Role type
+            if(User.IsInRole("Manager"))
             {
                 return Ok(Mapper.Map(employees.OrderBy(e => e.FirstName).ThenBy(e => e.LastName)));
             }
diff --git a/API/ShiftPlanning.WebApi/Helpers/Authorization/AuthManager.cs b/API/ShiftPlanning.WebApi/Helpers/Authorization/AuthManager.cs
@@ -1,8 +1,5 @@
 ﻿using System.Collections.Generic;
-using System.Linq;
-using System.Net.Http.Headers;
 using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.Primitives;
 using ShiftPlanning.Model.Models;
 using ShiftPlanning.WebApi.Exceptions;
 using ShiftPlanning.WebApi.Repositories;
@@ -46,16 +43,6 @@ public Employee GetEmployeeByHeader(IHeaderDictionary headers)
             return _employeeRepository.Read(tokenHash);
         }
 
-        public bool IsManager(IHeaderDictionary headers)
-        {
-            headers.TryGetValue("Authorization", out var token);
-            if (token.ToString() == null) throw new ObjectNotFoundException("Could not find a manager corresponding to the given 'Authorization' header");
-            var employee = _employeeRepository.Read(token);
-            if (employee == null) return false;
-            if (employee.Role_.Any(r => r.Name == "Manager")) return true;
-            return false;
-        }
-
         public IEnumerable<Role> GetRoles(string token)
         {
             var employee = _employeeRepository.Read(token);
diff --git a/API/ShiftPlanning.WebApi/Helpers/Authorization/IAuthManager.cs b/API/ShiftPlanning.WebApi/Helpers/Authorization/IAuthManager.cs
@@ -11,6 +11,5 @@ public interface IAuthManager
         Employee GetEmployeeByHeader(IHeaderDictionary headers);
         bool ValidateOrganizationApiKey(string apiKey);
         IEnumerable<Role> GetRoles(string token);
-        bool IsManager(IHeaderDictionary headers);
     }
 }
diff --git a/API/ShiftPlanning.WebApi/Repositories/EmployeeRepository.cs b/API/ShiftPlanning.WebApi/Repositories/EmployeeRepository.cs
@@ -60,7 +60,8 @@ public IEnumerable<Employee> ReadFromOrganization(int organizationId)
         {
             return _context.Employees
                 .Where(e => e.Organization.Id == organizationId).OrderBy(x => x.Id)
-                .Include(x => x.Role_);
+                .Include(x => x.Role_)
+                .Include(x => x.CheckIns);
         }
 
         public IEnumerable<Employee> ReadFromOrganization(string shortKey)
diff --git a/API/ShiftPlanning.WebApi/Repositories/ScheduleRepository.cs b/API/ShiftPlanning.WebApi/Repositories/ScheduleRepository.cs
@@ -43,6 +43,7 @@ public Schedule Read(int id, int organizationId)
         {
             return _context.Schedules
                 .Where(x => x.Id == id && x.Organization.Id == organizationId)
+                .Include(x => x.Shifts)
                 .Include(x => x.ScheduledShifts)
                 .ThenInclude(shift => shift.EmployeeAssignments)
                 .ThenInclude(assignment => assignment.Employee)
@@ -82,7 +83,9 @@ public int Update(Schedule schedule)
 
         public void DeleteScheduledShift(int scheduleId, int scheduledShiftId, int organizationId)
         {
-            var schedule = _context.Schedules.SingleOrDefault(x => x.Id == scheduleId && x.Organization.Id == organizationId);
+            var schedule = _context.Schedules
+                .Include(x => x.ScheduledShifts)
+                .SingleOrDefault(x => x.Id == scheduleId && x.Organization.Id == organizationId);
             if (schedule == null) throw new ObjectNotFoundException("Could not find a schedule corresponding to the given id");
 
             var scheduledShift = schedule.ScheduledShifts.SingleOrDefault(x => x.Id == scheduledShiftId);
diff --git a/API/ShiftPlanning.WebApi/Repositories/ShiftRepository.cs b/API/ShiftPlanning.WebApi/Repositories/ShiftRepository.cs
@@ -37,7 +37,7 @@ public void Delete(IEnumerable<Shift> shifts)
 
         public void Delete(int id, int organizationId)
         {
-            var shift = _context.Shifts.FirstOrDefault(x => x.Id == id && x.Organization.Id == organizationId);
+            var shift = _context.Shifts.Include(x => x.CheckIns).FirstOrDefault(x => x.Id == id && x.Organization.Id == organizationId);
             if (shift == null) throw new ObjectNotFoundException("Could not find a shift corresponding to the given id");
 
             if(shift.CheckIns.Any()) throw new ForbiddenException("You cannot delete a shift that contains checked in employees");

Original file line number	Diff line number	Diff line change
`@@ -176,7 +176,8 @@ public IActionResult Get()`
`176`	`176`
`177`	`177`	`var employees = _employeeService.GetEmployees(organization.Id);`
`178`	`178`	`if (employees == null) return NotFound();`
`179`		`- if(_authManager.IsManager(Request.Headers))`
	`179`	`+ //get claims of the Role type`
	`180`	`+ if(User.IsInRole("Manager"))`
`180`	`181`	`{`
`181`	`182`	`return Ok(Mapper.Map(employees.OrderBy(e => e.FirstName).ThenBy(e => e.LastName)));`
`182`	`183`	`}`
Original file line number	Diff line number	Diff line change
`@@ -11,6 +11,5 @@ public interface IAuthManager`
`11`	`11`	`Employee GetEmployeeByHeader(IHeaderDictionary headers);`
`12`	`12`	`bool ValidateOrganizationApiKey(string apiKey);`
`13`	`13`	`IEnumerable<Role> GetRoles(string token);`
`14`		`- bool IsManager(IHeaderDictionary headers);`
`15`	`14`	`}`
`16`	`15`	`}`
Original file line number	Diff line number	Diff line change
`@@ -60,7 +60,8 @@ public IEnumerable<Employee> ReadFromOrganization(int organizationId)`
`60`	`60`	`{`
`61`	`61`	`return _context.Employees`
`62`	`62`	`.Where(e => e.Organization.Id == organizationId).OrderBy(x => x.Id)`
`63`		`- .Include(x => x.Role_);`
	`63`	`+ .Include(x => x.Role_)`
	`64`	`+ .Include(x => x.CheckIns);`
`64`	`65`	`}`
`65`	`66`
`66`	`67`	`public IEnumerable<Employee> ReadFromOrganization(string shortKey)`
Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,7 @@ public void Delete(IEnumerable<Shift> shifts)`
`37`	`37`
`38`	`38`	`public void Delete(int id, int organizationId)`
`39`	`39`	`{`
`40`		`- var shift = _context.Shifts.FirstOrDefault(x => x.Id == id && x.Organization.Id == organizationId);`
	`40`	`+ var shift = _context.Shifts.Include(x => x.CheckIns).FirstOrDefault(x => x.Id == id && x.Organization.Id == organizationId);`
`41`	`41`	`if (shift == null) throw new ObjectNotFoundException("Could not find a shift corresponding to the given id");`
`42`	`42`
`43`	`43`	`if(shift.CheckIns.Any()) throw new ForbiddenException("You cannot delete a shift that contains checked in employees");`