Addressed Michael's review, updating Permissions. Migration versions and sendNotification function remain outstanding issues.

Author: thelenw

server/src/main/java/com/objectcomputing/checkins/services/feedback_request/FeedbackRequestServicesImpl.java

@@ -11,6 +11,7 @@
 import com.objectcomputing.checkins.services.memberprofile.MemberProfileUtils;
 import com.objectcomputing.checkins.services.memberprofile.MemberProfileServices;
 import com.objectcomputing.checkins.services.memberprofile.currentuser.CurrentUserServices;
+import com.objectcomputing.checkins.services.permissions.Permission;
 import com.objectcomputing.checkins.services.reviews.ReviewAssignment;
 import com.objectcomputing.checkins.services.reviews.ReviewAssignmentRepository;
 import com.objectcomputing.checkins.services.reviews.ReviewPeriod;
@@ -170,6 +171,15 @@ public FeedbackRequest update(FeedbackRequestUpdateDTO feedbackRequestUpdateDTO)
             throw new BadArgException("Cannot update feedback request that does not exist");
         }
 
+        if (feedbackRequest.isDenied()) {
+            UUID currentUserId = currentUserServices.getCurrentUser().getId();
+            if (!currentUserId.equals(originalFeedback.getRecipientId())) {
+                if (!currentUserServices.hasPermission(Permission.CAN_ADMINISTER_FEEDBACK_REQUESTS)) {
+                    throw new PermissionException(NOT_AUTHORIZED_MSG);
+                }
+            }
+        }
+
         validateMembers(originalFeedback);
 
         Set<ReviewAssignment> reviewAssignmentsSet = Set.of();

server/src/main/java/com/objectcomputing/checkins/services/memberprofile/currentuser/CurrentUserServices.java

@@ -2,6 +2,8 @@
 
 import com.objectcomputing.checkins.services.memberprofile.MemberProfile;
 import com.objectcomputing.checkins.services.role.RoleType;
+import com.objectcomputing.checkins.services.permissions.Permission;
+import com.objectcomputing.checkins.exceptions.PermissionException;
 
 public interface CurrentUserServices {
 
@@ -13,4 +15,6 @@ public interface CurrentUserServices {
 
     MemberProfile getCurrentUser();
 
+    boolean hasPermission(Permission permission);
+
 }

server/src/main/java/com/objectcomputing/checkins/services/memberprofile/currentuser/CurrentUserServicesImpl.java

@@ -4,6 +4,7 @@
 import com.objectcomputing.checkins.exceptions.NotFoundException;
 import com.objectcomputing.checkins.services.memberprofile.MemberProfile;
 import com.objectcomputing.checkins.services.memberprofile.MemberProfileRepository;
+import com.objectcomputing.checkins.services.permissions.Permission;
 import com.objectcomputing.checkins.services.role.Role;
 import com.objectcomputing.checkins.services.role.RoleServices;
 import com.objectcomputing.checkins.services.role.RoleType;
@@ -84,4 +85,10 @@ private MemberProfile saveNewUser(String firstName, String lastName, String work
 
         return createdMember;
     }
+
+    @Override
+    public boolean hasPermission(Permission permission) {
+        // TODO Auto-generated method stub
+        throw new UnsupportedOperationException("Unimplemented method 'hasPermission'");
+    }
 }

server/src/main/java/com/objectcomputing/checkins/services/notification/NotificationController.java

@@ -37,7 +37,7 @@ public NotificationController(NotificationService notificationService) {
      * @return {@link HttpResponse} with status indicating success or error
      */
     @Post("/send")
-    @RequiredPermission(Permission.CAN_SEND_NOTIFICATION)
+    @RequiredPermission(Permission.CAN_SEND_NOTIFICATIONS)
     public HttpResponse<Void> sendNotification(@Body @Valid @NotNull NotificationDTO notificationDTO) {
         notificationService.sendNotification(notificationDTO.getUserId(), notificationDTO.getMessage());
         return HttpResponse.ok();

server/src/main/java/com/objectcomputing/checkins/services/permissions/Permission.java

@@ -14,8 +14,8 @@ public enum Permission {
   CAN_CREATE_KUDOS("Create kudos", "Feedback"),
   CAN_ADMINISTER_KUDOS("Administer kudos", "Feedback"),
   CAN_VIEW_FEEDBACK_ANSWER("View feedback answers", "Feedback"),
-  CAN_SEND_EMAIL("Send email", "Feedback"),
-  CAN_SEND_NOTIFICATION("Send notification", "Feedback"),
+  CAN_SEND_EMAIL("Send email", "Notifications"),
+  CAN_SEND_NOTIFICATIONS("Send notifications", "Notifications"),
   CAN_DELETE_ORGANIZATION_MEMBERS("Delete organization members", "User Management"),
   CAN_CREATE_ORGANIZATION_MEMBERS("Create organization members", "User Management"),
   CAN_IMPERSONATE_MEMBERS("Impersonate organization members", "Security"),
@@ -61,7 +61,9 @@ public enum Permission {
   CAN_ADMINISTER_VOLUNTEERING_ORGANIZATIONS("Update volunteering organizations", "Volunteering"),
   CAN_ADMINISTER_VOLUNTEERING_RELATIONSHIPS("Update volunteering relationships", "Volunteering"),
   CAN_ADMINISTER_VOLUNTEERING_EVENTS("Update volunteering events", "Volunteering"),
-  CAN_ADMINISTER_DOCUMENTATION("Administer documentation and role documentation", "Documentation");
+  CAN_ADMINISTER_DOCUMENTATION("Administer documentation and role documentation", "Documentation"),
+  CAN_ADMINISTER_FEEDBACK_REQUESTS("Administer feedback requests", "Feedback");
+  
 
   private final String description;
   private final String category;

server/src/main/resources/db/dev/R__Load_testing_data.sql

@@ -898,6 +898,11 @@ insert into role_permissions
 values
     ('e8a4fff8-e984-4e59-be84-a713c9fa8d23', 'CAN_SEND_EMAIL');
 
+insert into role_permissions
+    (roleid, permission)
+values
+    ('e8a4fff8-e984-4e59-be84-a713c9fa8d23', 'CAN_ADMINISTER_FEEDBACK_REQUESTS');
+
 -- PDL Permissions
 insert into role_permissions
     (roleid, permission)

server/src/test/java/com/objectcomputing/checkins/services/fixture/PermissionFixture.java

@@ -94,6 +94,7 @@ public interface PermissionFixture extends RolePermissionFixture {
         Permission.CAN_ADMINISTER_VOLUNTEERING_RELATIONSHIPS,
         Permission.CAN_ADMINISTER_VOLUNTEERING_EVENTS,
         Permission.CAN_ADMINISTER_DOCUMENTATION,
+        Permission.CAN_ADMINISTER_FEEDBACK_REQUESTS,
         Permission.CAN_ADMINISTER_KUDOS,
         Permission.CAN_CREATE_KUDOS,
         Permission.CAN_IMPERSONATE_MEMBERS,