galads/icehrm
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Allow non admin users to ad own attendance entries via api

Browse Source
This commit is contained in:
Thilina Hasantha
2019-02-03 14:14:37 +01:00
parent a55c56215a
commit 2ade4d9a4a
3 changed files with 27 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
core/src/Attendance/Rest/AttendanceRestEndPoint.php
View File

@@ -48,6 +48,19 @@ class AttendanceRestEndPoint extends RestEndPoint
public function listEmployeeAttendance(User $user, $parameter) public function listEmployeeAttendance(User $user, $parameter)
{ {
if ($user->user_level !== 'Admin' && $user->employee != $parameter) {
$employee = new Employee();
$employee->Load('id = ?', [$parameter]);
if ($employee->supervisor != $user->employee) {
return new IceResponse(
IceResponse::ERROR,
self::RESPONSE_ERR_PERMISSION_DENIED,
401
);
}
}
$query = new DataQuery('Attendance'); $query = new DataQuery('Attendance');
$query->addColumn('id'); $query->addColumn('id');
$query->addColumn('employee'); $query->addColumn('employee');
@@ -107,8 +120,8 @@ class AttendanceRestEndPoint extends RestEndPoint
if ($permissionResponse->getStatus() !== IceResponse::SUCCESS) { if ($permissionResponse->getStatus() !== IceResponse::SUCCESS) {
return $permissionResponse; return $permissionResponse;
} }
$body['employee'] = (String)$body['employee'];
$response = BaseService::getInstance()->addElement(self::ELEMENT_NAME, $body); $response = BaseService::getInstance()->addElement(self::ELEMENT_NAME, $body, $body);
if ($response->getStatus() === IceResponse::SUCCESS) { if ($response->getStatus() === IceResponse::SUCCESS) {
$response = $this->get($user, $response->getData()->id); $response = $this->get($user, $response->getData()->id);
$response->setCode(201); $response->setCode(201);

11
core/src/Classes/BaseService.php
View File

@@ -669,7 +669,7 @@ class BaseService
* @return {Object} newly added or updated element of type $table * @return {Object} newly added or updated element of type $table
*/ */
public function addElement($table, $obj) public function addElement($table, $obj, $postObject = null)
{ {
$customFields = array(); $customFields = array();
@@ -728,7 +728,12 @@ class BaseService
} }
} }
if ($postObject === null) {
$this->checkSecureAccess("save", $ele, $table, $_POST); $this->checkSecureAccess("save", $ele, $table, $_POST);
} else {
$this->checkSecureAccess("save", $ele, $table, $postObject);
}
$resp = $ele->validateSave($ele); $resp = $ele->validateSave($ele);
if ($resp->getStatus() != IceResponse::SUCCESS) { if ($resp->getStatus() != IceResponse::SUCCESS) {
@@ -760,12 +765,12 @@ class BaseService
if ($isAdd) { if ($isAdd) {
$this->audit( $this->audit(
IceConstants::AUDIT_ERROR, IceConstants::AUDIT_ERROR,
"Error occured while adding an object to ".$table." \ Error: ".$error "Error occurred while adding an object to ".$table." \ Error: ".$error
); );
} else { } else {
$this->audit( $this->audit(
IceConstants::AUDIT_ERROR, IceConstants::AUDIT_ERROR,
"Error occured while editing an object in ".$table." [id:".$ele->id."] \ Error: ".$error "Error occurred while editing an object in ".$table." [id:".$ele->id."] \ Error: ".$error
); );
} }
return new IceResponse(IceResponse::ERROR, $this->findError($error)); return new IceResponse(IceResponse::ERROR, $this->findError($error));

1
core/src/Classes/RestEndPoint.php
View File

@@ -50,7 +50,6 @@ class RestEndPoint
} elseif ($user->user_level !== 'Employee' && $user->user_level !== 'Manager') { } elseif ($user->user_level !== 'Employee' && $user->user_level !== 'Manager') {
return new IceResponse(IceResponse::ERROR, self::RESPONSE_ERR_PERMISSION_DENIED, 403); return new IceResponse(IceResponse::ERROR, self::RESPONSE_ERR_PERMISSION_DENIED, 403);
} }
return new IceResponse(IceResponse::ERROR, "Permission denied", 403);
} }
return new IceResponse(IceResponse::SUCCESS); return new IceResponse(IceResponse::SUCCESS);