Added permissions to upload hours, and edit/delete skills. Partially modified Kudos Services to work based on permissions, instead of Admin.

Author: ocielliottc

server/src/main/java/com/objectcomputing/checkins/services/employee_hours/EmployeeHoursController.java

@@ -1,5 +1,7 @@
 package com.objectcomputing.checkins.services.employee_hours;
 
+import com.objectcomputing.checkins.services.permissions.Permission;
+import com.objectcomputing.checkins.services.permissions.RequiredPermission;
 import com.objectcomputing.checkins.exceptions.NotFoundException;
 import io.micronaut.core.annotation.Nullable;
 import io.micronaut.http.MediaType;
@@ -39,25 +41,13 @@ public Set<EmployeeHours> findEmployeeHours(@Nullable String employeeId) {
     }
 
 
-    /**
-     * @param id
-     * @return
-     */
-    @Get("/{id}")
-    public EmployeeHours readEmployeeHours(@NotNull UUID id) {
-        EmployeeHours result = employeeHoursServices.read(id);
-        if (result == null) {
-            throw new NotFoundException("No employee hours for employee id");
-        }
-        return result;
-    }
-
     /**
      * Parse the CSV file and store it to employee hours table
      * @param file
      * @{@link HttpResponse<EmployeeHoursResponseDTO>}
      */
     @Post(uri="/upload" , consumes = MediaType.MULTIPART_FORM_DATA)
+    @RequiredPermission(Permission.CAN_UPLOAD_HOURS)
     public EmployeeHoursResponseDTO upload(CompletedFileUpload file){
         return employeeHoursServices.save(file);
     }

server/src/main/java/com/objectcomputing/checkins/services/employee_hours/EmployeeHoursServices.java

@@ -9,8 +9,6 @@ public interface EmployeeHoursServices {
 
     EmployeeHoursResponseDTO save(CompletedFileUpload file);
 
-    EmployeeHours read(UUID id);
-
     Set<EmployeeHours> findByFields(String employeeId);
 
 }

server/src/main/java/com/objectcomputing/checkins/services/employee_hours/EmployeeHoursServicesImpl.java

@@ -40,7 +40,6 @@ public EmployeeHoursResponseDTO save(CompletedFileUpload file) {
         List<EmployeeHours> employeeHoursList = new ArrayList<>();
         Set<EmployeeHours> employeeHours = new HashSet<>();
         EmployeeHoursResponseDTO responseDTO = new EmployeeHoursResponseDTO();
-        validate(!isAdmin, NOT_AUTHORIZED_MSG);
         responseDTO.setRecordCountDeleted(employeehourRepo.count());
         employeehourRepo.deleteAll();
         try {
@@ -58,11 +57,6 @@ public EmployeeHoursResponseDTO save(CompletedFileUpload file) {
     }
 
 
-    @Override
-    public EmployeeHours read(UUID id) {
-        return employeehourRepo.findById(id).orElse(null);
-    }
-
     @Override
     public Set<EmployeeHours> findByFields(String employeeId) {
         MemberProfile currentUser = currentUserServices.getCurrentUser();

server/src/main/java/com/objectcomputing/checkins/services/kudos/KudosServicesImpl.java

@@ -121,10 +121,6 @@ public Kudos save(KudosCreateDTO kudosDTO) {
 
     @Override
     public Kudos approve(Kudos kudos) {
-        if (!currentUserServices.isAdmin()) {
-            throw new PermissionException(NOT_AUTHORIZED_MSG);
-        }
-
         UUID kudosId = kudos.getId();
         Kudos existingKudos = kudosRepository.findById(kudosId).orElseThrow(() ->
                 new BadArgException(KUDOS_DOES_NOT_EXIST_MSG.formatted(kudosId)));
@@ -173,10 +169,6 @@ public KudosResponseDTO getById(UUID id) {
 
     @Override
     public void delete(UUID id) {
-        if (!currentUserServices.isAdmin()) {
-            throw new PermissionException(NOT_AUTHORIZED_MSG);
-        }
-
         Kudos kudos = kudosRepository.findById(id).orElseThrow(() ->
                 new NotFoundException(KUDOS_DOES_NOT_EXIST_MSG.formatted(id)));
 

server/src/main/java/com/objectcomputing/checkins/services/memberprofile/MemberProfileController.java

@@ -111,7 +111,7 @@ public HttpResponse<MemberProfileResponseDTO> save(@Body @Valid MemberProfileCre
      */
     @Put
     public HttpResponse<MemberProfileResponseDTO> update(@Body @Valid MemberProfileUpdateDTO memberProfile) {
-        MemberProfile savedProfile = memberProfileServices.saveProfile(fromDTO(memberProfile));
+        MemberProfile savedProfile = memberProfileServices.updateProfile(fromDTO(memberProfile));
         return HttpResponse.ok(fromEntity(savedProfile))
                 .headers(headers -> headers.location(location(savedProfile.getId())));
     }

server/src/main/java/com/objectcomputing/checkins/services/memberprofile/MemberProfileServices.java

@@ -27,4 +27,6 @@ Set<MemberProfile> findByValues(String firstName, String lastName, String title,
     List<MemberProfile> getSubordinatesForId(UUID id);
 
     MemberProfile updateProfile(MemberProfile memberProfile);
+
+    MemberProfile updateCurrentUserProfile(MemberProfile memberProfile);
 }

server/src/main/java/com/objectcomputing/checkins/services/memberprofile/MemberProfileServicesImpl.java

@@ -25,6 +25,7 @@
 import java.util.*;
 
 import static com.objectcomputing.checkins.util.Util.nullSafeUUIDToString;
+import static com.objectcomputing.checkins.services.validate.PermissionsValidation.NOT_AUTHORIZED_MSG;
 
 @Singleton
 @CacheConfig("member-cache")
@@ -110,27 +111,9 @@ public MemberProfile saveProfile(MemberProfile memberProfile) {
             emailAssignment(createdMemberProfile, true); // PDL
             emailAssignment(createdMemberProfile, false); // Supervisor
             return createdMemberProfile;
-        }
-
-        Optional<MemberProfile> existingProfileOpt = memberProfileRepository.findById(memberProfile.getId());
-        MemberProfile updatedMemberProfile = memberProfileRepository.update(memberProfile);
-        if (existingProfileOpt.isEmpty()) {
-            LOG.error("MemberProfile with id {} not found", memberProfile.getId());
         } else {
-            MemberProfile existingProfile = existingProfileOpt.get();
-
-            boolean pdlChanged = !Objects.equals(existingProfile.getPdlId(), memberProfile.getPdlId());
-            boolean supervisorChanged = !Objects.equals(existingProfile.getSupervisorid(), memberProfile.getSupervisorid());
-
-            if (pdlChanged) {
-                emailAssignment(updatedMemberProfile, true); // PDL
-            }
-            if (supervisorChanged) {
-                emailAssignment(updatedMemberProfile, false); // Supervisor
-            }
+            throw new BadArgException("New member created with an id");
         }
-
-        return updatedMemberProfile;
     }
 
     public void emailAssignment(MemberProfile member, boolean isPDL) {
@@ -165,9 +148,6 @@ public void emailAssignment(MemberProfile member, boolean isPDL) {
     @Override
     @CacheInvalidate(cacheNames = {"member-cache"})
     public boolean deleteProfile(@NotNull UUID id) {
-        if (!currentUserServices.isAdmin()) {
-            throw new PermissionException("Requires admin privileges");
-        }
         MemberProfile memberProfile = memberProfileRepository.findById(id).orElse(null);
         Set<Role> userRoles = (memberProfile != null) ? roleServices.findUserRoles(memberProfile.getId()) : Collections.emptySet();
 
@@ -237,6 +217,47 @@ public List<MemberProfile> getSubordinatesForId(UUID id) {
     @Override
     @CacheInvalidate(cacheNames = {"member-cache"})
     public MemberProfile updateProfile(MemberProfile memberProfile) {
+        if (memberProfile.getId() == null) {
+            throw new BadArgException("Null profile id in update");
+        }
+
+        MemberProfile currentUser = currentUserServices.getCurrentUser();
+        boolean isAdmin = currentUserServices.isAdmin();
+        if (!isAdmin && (currentUser == null || !currentUser.getId().equals(memberProfile.getId()))) {
+             throw new PermissionException(NOT_AUTHORIZED_MSG);
+        }
+
+        MemberProfile emailProfile = memberProfileRepository.findByWorkEmail(memberProfile.getWorkEmail()).orElse(null);
+
+        if (emailProfile != null && emailProfile.getId() != null && !Objects.equals(memberProfile.getId(), emailProfile.getId())) {
+            throw new AlreadyExistsException(String.format("Email %s already exists in database",
+                    memberProfile.getWorkEmail()));
+        }
+
+        Optional<MemberProfile> existingProfileOpt = memberProfileRepository.findById(memberProfile.getId());
+        MemberProfile updatedMemberProfile = memberProfileRepository.update(memberProfile);
+        if (existingProfileOpt.isEmpty()) {
+            LOG.error("MemberProfile with id {} not found", memberProfile.getId());
+        } else {
+            MemberProfile existingProfile = existingProfileOpt.get();
+
+            boolean pdlChanged = !Objects.equals(existingProfile.getPdlId(), memberProfile.getPdlId());
+            boolean supervisorChanged = !Objects.equals(existingProfile.getSupervisorid(), memberProfile.getSupervisorid());
+
+            if (pdlChanged) {
+                emailAssignment(updatedMemberProfile, true); // PDL
+            }
+            if (supervisorChanged) {
+                emailAssignment(updatedMemberProfile, false); // Supervisor
+            }
+        }
+
+        return updatedMemberProfile;
+    }
+
+    @Override
+    @CacheInvalidate(cacheNames = {"member-cache"})
+    public MemberProfile updateCurrentUserProfile(MemberProfile memberProfile) {
         return memberProfileRepository.update(memberProfile);
     }
 }

server/src/main/java/com/objectcomputing/checkins/services/memberprofile/currentuser/CurrentUserController.java

@@ -64,7 +64,7 @@ public HttpResponse<CurrentUserDTO> currentUser(@Nullable Authentication authent
         MemberProfile user = currentUserServices.findOrSaveUser(firstName, lastName, workEmail);
 
         user.setLastSeen(LocalDate.now());
-        memberProfileServices.updateProfile(user);
+        memberProfileServices.updateCurrentUserProfile(user);
         List<Permission> permissions = rolePermissionServices.findUserPermissions(user.getId());
 
         Set<Role> roles = roleServices.findUserRoles(user.getId());

server/src/main/java/com/objectcomputing/checkins/services/permissions/Permission.java

@@ -27,6 +27,7 @@ public enum Permission {
   CAN_VIEW_PROFILE_REPORT("View profile report", "Reporting"),
   CAN_VIEW_CHECKINS_REPORT("View checkins report", "Reporting"),
   CAN_CREATE_MERIT_REPORT("Create Merit Reports", "Reporting"),
+  CAN_UPLOAD_HOURS("Upload Hours", "Reporting"),
   CAN_CREATE_CHECKINS("Create check-ins", "Check-ins"),
   CAN_VIEW_CHECKINS("View check-ins", "Check-ins"),
   CAN_UPDATE_CHECKINS("Update check-ins", "Check-ins"),
@@ -41,6 +42,7 @@ public enum Permission {
   CAN_VIEW_ALL_CHECKINS("View all check-ins", "Check-ins"),
   CAN_UPDATE_ALL_CHECKINS("Update all check-ins, including completed check-ins", "Check-ins"),
   CAN_EDIT_SKILL_CATEGORIES("Edit skill categories", "Skill Categories"),
+  CAN_EDIT_SKILLS("Edit skills", "Skills"),
   CAN_CREATE_REVIEW_ASSIGNMENTS("Create review assignments", "Reviews"),
   CAN_VIEW_REVIEW_ASSIGNMENTS("View review assignments", "Reviews"),
   CAN_UPDATE_REVIEW_ASSIGNMENTS("Update review assignments", "Reviews"),

server/src/main/java/com/objectcomputing/checkins/services/skills/SkillController.java

@@ -1,5 +1,7 @@
 package com.objectcomputing.checkins.services.skills;
 
+import com.objectcomputing.checkins.services.permissions.Permission;
+import com.objectcomputing.checkins.services.permissions.RequiredPermission;
 import com.objectcomputing.checkins.exceptions.NotFoundException;
 import io.micronaut.core.annotation.Nullable;
 import io.micronaut.http.HttpRequest;
@@ -84,6 +86,7 @@ public Set<Skill> findByValue(@Nullable String name, @Nullable Boolean pending)
      * @return {@link HttpResponse<Skill>}
      */
     @Put
+    @RequiredPermission(Permission.CAN_EDIT_SKILLS)
     public HttpResponse<Skill> update(@Body @Valid Skill skill, HttpRequest<?> request) {
         Skill updatedSkill = skillServices.update(skill);
         return HttpResponse.ok(updatedSkill)
@@ -97,7 +100,8 @@ public HttpResponse<Skill> update(@Body @Valid Skill skill, HttpRequest<?> reque
      */
     @Delete("/{id}")
     @Status(HttpStatus.OK)
+    @RequiredPermission(Permission.CAN_EDIT_SKILLS)
     public void deleteSkill(@NotNull UUID id) {
         skillServices.delete(id);
     }
-}
+}