diff --git a/app/api/.htaccess b/app/api/.htaccess new file mode 100644 index 00000000..166e0251 --- /dev/null +++ b/app/api/.htaccess @@ -0,0 +1,12 @@ + + Options +FollowSymlinks + RewriteEngine On + + # Explicitly disable rewriting for front controllers + RewriteRule ^index.php - [L] + + RewriteCond %{REQUEST_FILENAME} !-f + + # Change below before deploying to production + RewriteRule ^(.*)$ index.php [QSA,L] + diff --git a/app/api/index.php b/app/api/index.php new file mode 100644 index 00000000..04b20b4c --- /dev/null +++ b/app/api/index.php @@ -0,0 +1,3 @@ +getFieldNameMappings("Employee"); $customFields = \Classes\BaseService::getInstance()->getCustomFields("Employee"); + +if (\Classes\SettingsManager::getInstance()->getSetting("Api: REST Api Enabled") == "1") { + $user = \Classes\BaseService::getInstance()->getCurrentUser(); + if (empty($user)) { + return; + } + $dbUser = new \Users\Common\Model\User(); + $dbUser->Load("id = ?", array($user->id)); + $resp = \Classes\RestApiManager::getInstance()->getAccessTokenForUser($dbUser); + if ($resp->getStatus() != \Classes\IceResponse::SUCCESS) { + \Utils\LogManager::getInstance()->error( + "Error occurred while creating REST Api access token for ".$user->username + ); + } +} ?> @@ -56,6 +71,9 @@ path.link {
@@ -70,6 +88,17 @@ path.link {
+ getSetting("Api: REST Api Enabled") == "1") { ?> +
+
+
+

Api Access Token

+
+ getData()?> +
+
+
+
@@ -79,6 +108,7 @@ modJsList['tabEmployee'] = new EmployeeAdapter('Employee'); modJsList['tabEmployee'].setFieldNameMap(); modJsList['tabEmployee'].setCustomFields(); modJsList['tabCompanyGraph'] = new CompanyGraphAdapter('CompanyStructure'); +modJsList['tabApiAccess'] = new ApiAccessAdapter('ApiAccess'); var modJs = modJsList['tabEmployee']; diff --git a/modules/employees/lib.js b/modules/employees/lib.js index e796a8c8..cccb69dc 100644 --- a/modules/employees/lib.js +++ b/modules/employees/lib.js @@ -710,3 +710,36 @@ CompanyGraphAdapter.method('fixCyclicParent', function(sourceData) { }); + + +/* + * Api Access + */ + +function ApiAccessAdapter(endPoint) { + this.initAdapter(endPoint); +} + +ApiAccessAdapter.inherits(AdapterBase); + + + +ApiAccessAdapter.method('getDataMapping', function() { + return [ + ]; +}); + +ApiAccessAdapter.method('getHeaders', function() { + return [ + + ]; +}); + +ApiAccessAdapter.method('getFormFields', function() { + return [ + ]; +}); + +ApiAccessAdapter.method('get', function() { + +}); diff --git a/rest.php b/rest.php index 2c4ab871..4f705bfc 100644 --- a/rest.php +++ b/rest.php @@ -11,7 +11,7 @@ if(\Classes\SettingsManager::getInstance()->getSetting('Api: REST Api Enabled') if (defined('SYM_CLIENT')) { define('REST_API_PATH', '/'.SYM_CLIENT.'/'); } else { - define('REST_API_PATH', '/Api/'); + define('REST_API_PATH', '/'); } diff --git a/scripts/icehrm_master_data.sql b/scripts/icehrm_master_data.sql index 132d2430..1a053f67 100644 --- a/scripts/icehrm_master_data.sql +++ b/scripts/icehrm_master_data.sql @@ -1449,17 +1449,8 @@ INSERT INTO `ExpensesCategories` (`name`) VALUES ('Utility'); -INSERT INTO `PayrollColumns` (`id`,`name`,`calculation_hook`,`salary_components`,`deductions`,`add_columns`,`sub_columns`,`editable`,`enabled`,`default_value`,`calculation_columns`,`calculation_function`) VALUES - (1,'Total Hours','AttendanceUtil_getTimeWorkedHours','','','','','No','Yes','0.00',NULL,NULL), - (2,'Regular Hours','AttendanceUtil_getRegularWorkedHours','','','','','No','Yes','0.00',NULL,NULL), - (3,'Overtime Hours','AttendanceUtil_getOverTimeWorkedHours','','','','','No','Yes','0.00',NULL,NULL), - (4,'Leave Hours','LeaveUtil_getLeaveHours','','','','','No','Yes','0.00',NULL,NULL); -INSERT INTO `PayrollColumnTemplates` (`name`,`columns`) VALUES - ('All Columns','[\"1\",\"2\",\"3\",\"4\"]'), - ('All Time Management Columns','[\"1\",\"2\",\"3\"]'); - INSERT INTO `DataImport` (`name`, `dataType`, `details`, `columns`, `updated`, `created`) VALUES diff --git a/service.php b/service.php index 3f967fb9..2addf8b1 100644 --- a/service.php +++ b/service.php @@ -78,11 +78,12 @@ if($action == 'get'){ }else if($action == 'delete'){ - $ret['object'] = \Classes\BaseService::getInstance()->deleteElement($_REQUEST['t'],$_REQUEST['id']); - if($ret['object'] == null){ - $ret['status'] = "SUCCESS"; + /* @var \Classes\IceResponse $response */ + $response = \Classes\BaseService::getInstance()->deleteElement($_REQUEST['t'],$_REQUEST['id']); + if($response->getStatus() == \Classes\IceResponse::SUCCESS){ + $ret['status'] = \Classes\IceResponse::SUCCESS; }else{ - $ret['status'] = "ERROR"; + $ret['status'] = \Classes\IceResponse::ERROR; } }else if($action == 'getFieldValues'){ diff --git a/src/Attendance/Admin/Api/AttendanceAdminManager.php b/src/Attendance/Admin/Api/AttendanceAdminManager.php index 90f7c865..42f0c178 100644 --- a/src/Attendance/Admin/Api/AttendanceAdminManager.php +++ b/src/Attendance/Admin/Api/AttendanceAdminManager.php @@ -2,6 +2,7 @@ namespace Attendance\Admin\Api; use Attendance\Common\Model\Attendance; +use Attendance\Rest\AttendanceRestEndPoint; use Classes\AbstractModuleManager; use Classes\UIManager; @@ -26,6 +27,49 @@ class AttendanceAdminManager extends AbstractModuleManager $this->addModelClass('AttendanceStatus'); } + public function setupRestEndPoints() + { + \Classes\Macaw::get(REST_API_PATH.'attendance/(:num)', function ($pathParams) { + $restEndPoint = new AttendanceRestEndPoint(); + $restEndPoint->process('get', $pathParams); + }); + + \Classes\Macaw::get(REST_API_PATH.'attendance', function ($pathParams) { + $restEndPoint = new AttendanceRestEndPoint(); + $restEndPoint->process('list', $pathParams); + }); + + \Classes\Macaw::get(REST_API_PATH.'employee/(:num)/attendance', function ($pathParams) { + $restEndPoint = new AttendanceRestEndPoint(); + $restEndPoint->process('listEmployeeAttendance', $pathParams); + }); + + \Classes\Macaw::post(REST_API_PATH.'attendance', function ($pathParams) { + $restEndPoint = new AttendanceRestEndPoint(); + $restEndPoint->process('post', $pathParams); + }); + + \Classes\Macaw::delete(REST_API_PATH.'attendance/(:num)', function ($pathParams) { + $restEndPoint = new AttendanceRestEndPoint(); + $restEndPoint->process('delete', $pathParams); + }); + + \Classes\Macaw::post(REST_API_PATH.'attendance/punch-in', function ($pathParams) { + $restEndPoint = new AttendanceRestEndPoint(); + $restEndPoint->process('punchIn', $pathParams); + }); + + \Classes\Macaw::get(REST_API_PATH.'employee/(:num)/open-punch-in/(:any)', function ($employeeId, $date) { + $restEndPoint = new AttendanceRestEndPoint(); + $restEndPoint->process('getOpenPunch', [$employeeId, $date]); + }); + + \Classes\Macaw::post(REST_API_PATH.'attendance/punch-out', function ($pathParams) { + $restEndPoint = new AttendanceRestEndPoint(); + $restEndPoint->process('punchOut', $pathParams); + }); + } + public function getDashboardItemData() { $data = array(); diff --git a/src/Attendance/User/Api/AttendanceActionManager.php b/src/Attendance/User/Api/AttendanceActionManager.php index 39730f65..07407134 100644 --- a/src/Attendance/User/Api/AttendanceActionManager.php +++ b/src/Attendance/User/Api/AttendanceActionManager.php @@ -32,8 +32,8 @@ class AttendanceActionManager extends SubActionManager //Find any open punch $attendance = new Attendance(); $attendance->Load( - "employee = ? and DATE_FORMAT( in_time, '%Y-%m-%d' ) = ? - and (out_time is NULL or out_time = '0000-00-00 00:00:00')", + "employee = ? and DATE_FORMAT( in_time, '%Y-%m-%d' ) = ? and (out_time is NULL + or out_time = '0000-00-00 00:00:00')", array($employee->id,$date) ); @@ -135,6 +135,7 @@ class AttendanceActionManager extends SubActionManager $this->baseService->audit(IceConstants::AUDIT_ACTION, "Punch Out \ time:".$openPunch->out_time); } else { $openPunch->in_time = $dateTime; + //$openPunch->out_time = '0000-00-00 00:00:00'; $openPunch->note = $req->note; $openPunch->image_in = $req->image; $openPunch->employee = $employee->id; diff --git a/src/Classes/BaseService.php b/src/Classes/BaseService.php index 1d8f2316..c3afc669 100644 --- a/src/Classes/BaseService.php +++ b/src/Classes/BaseService.php @@ -72,6 +72,7 @@ class BaseService public $customFieldManager = null; public $migrationManager = null; public $modelClassMap = array(); + public $currentProfileId = false; private static $me = null; @@ -187,6 +188,14 @@ class BaseService return $this->getFullQualifiedModelClassName($name); } + /** + * @param boolean $currentProfileId + */ + public function setCurrentProfileId($currentProfileId) + { + $this->currentProfileId = $currentProfileId; + } + public function buildDefaultFilterQuery($filter) { $query = ""; @@ -755,9 +764,7 @@ class BaseService } return new IceResponse(IceResponse::ERROR, $this->findError($error)); } - LogManager::getInstance()->error("Element:".json_encode($ele)); - LogManager::getInstance()->error("Obj:".json_encode($obj)); - LogManager::getInstance()->error("Obj Keys:".json_encode($objectKeys)); + $customFields = $ele->getCustomFields($obj); LogManager::getInstance()->error("Custom:".json_encode($customFields)); foreach ($obj as $k => $v) { @@ -792,6 +799,13 @@ class BaseService $ele = new $nsTable(); $ele->Load('id = ?', array($id)); + if (empty($ele->id) || $ele->id !== $id) { + return new IceResponse( + IceResponse::ERROR, + "Item not found" + ); + } + $this->checkSecureAccess("delete", $ele); @@ -800,7 +814,10 @@ class BaseService if (!empty($nonDeletableTable)) { foreach ($nonDeletableTable as $field => $value) { if ($ele->$field == $value) { - return "This item can not be deleted"; + return new IceResponse( + IceResponse::ERROR, + "This item can not be deleted" + ); } } } @@ -818,7 +835,10 @@ class BaseService if (!$ok) { $error = $ele->ErrorMsg(); LogManager::getInstance()->info($error); - return $this->findError($error); + return new IceResponse( + IceResponse::ERROR, + $this->findError($error) + ); } else { //Backup if ($table == ucfirst(SIGN_IN_ELEMENT_MAPPING_FIELD_NAME)) { @@ -845,7 +865,10 @@ class BaseService $cf->Delete(); } - return null; + return new IceResponse( + IceResponse::SUCCESS, + null + ); } /** @@ -974,6 +997,9 @@ class BaseService */ public function getCurrentProfileId() { + if ($this->currentProfileId) { + return $this->currentProfileId; + } $adminEmpId = SessionUtils::getSessionObject('admin_current_profile'); $user = SessionUtils::getSessionObject('user'); if (empty($adminEmpId) && !empty($user)) { @@ -1035,6 +1061,7 @@ class BaseService public function cleanUpAdoDB($obj) { + unset($obj->table); unset($obj->_table); unset($obj->_dbat); unset($obj->_tableat); diff --git a/src/Classes/CustomFieldManager.php b/src/Classes/CustomFieldManager.php index 035643ce..b68463c3 100644 --- a/src/Classes/CustomFieldManager.php +++ b/src/Classes/CustomFieldManager.php @@ -14,6 +14,10 @@ class CustomFieldManager { public function addCustomField($type, $id, $name, $value) { + if ($name[0] === '/') { + return; + } + $customFieldValue = new CustomFieldValue(); $customFieldValue->Load( "type = ? and name = ? and object_id = ?", diff --git a/src/Classes/IceResponse.php b/src/Classes/IceResponse.php index 8a85c325..b1db319e 100644 --- a/src/Classes/IceResponse.php +++ b/src/Classes/IceResponse.php @@ -49,4 +49,28 @@ class IceResponse { return array("status"=>$this->status,"data"=>$this->data); } + + /** + * @param mixed $status + */ + public function setStatus($status) + { + $this->status = $status; + } + + /** + * @param null $data + */ + public function setData($data) + { + $this->data = $data; + } + + /** + * @param null $code + */ + public function setCode($code) + { + $this->code = $code; + } } diff --git a/src/Classes/RestApiManager.php b/src/Classes/RestApiManager.php index 0158b638..b0ed8584 100644 --- a/src/Classes/RestApiManager.php +++ b/src/Classes/RestApiManager.php @@ -85,8 +85,7 @@ class RestApiManager LogManager::getInstance()->info("AT Hash Object:".json_encode($accessTokenObj)); if (!empty($accessTokenObj->id) && $accessTokenObj->hash == $hash) { //No need to do user based validation for now - //return $this->validateAccessTokenInner($accessTokenObj->token); - return new IceResponse(IceResponse::SUCCESS, true); + return $this->validateAccessTokenInner($accessTokenObj->token); } return new IceResponse(IceResponse::ERROR, "Authorization bearer token not found or invalid", 401); @@ -107,7 +106,8 @@ class RestApiManager $data = json_decode($accessToken, true); if ($data['userId'] == $user->id) { - return new IceResponse(IceResponse::SUCCESS, true); + unset($user->password); + return new IceResponse(IceResponse::SUCCESS, $user); } return new IceResponse(IceResponse::ERROR, false); diff --git a/src/Classes/RestEndPoint.php b/src/Classes/RestEndPoint.php index 6a9a9400..e10a68d9 100644 --- a/src/Classes/RestEndPoint.php +++ b/src/Classes/RestEndPoint.php @@ -1,24 +1,74 @@ Load("id = ?", array($employeeId)); + if (empty($employee->id) || $employee->id !== $employeeId . '') { + return new IceResponse(IceResponse::ERROR, self::RESPONSE_ERR_EMPLOYEE_NOT_FOUND, 422); + } + + if ($user->user_level !== 'Admin') { + if ($user->user_level === 'Manager') { + if (!PermissionManager::manipulationAllowed( + BaseService::getInstance()->getCurrentProfileId(), + $employee + ) + ) { + return new IceResponse(IceResponse::ERROR, self::RESPONSE_ERR_PERMISSION_DENIED, 403); + } + } elseif ($user->user_level === 'Employee' + && $employeeId != BaseService::getInstance()->getCurrentProfileId()) { + return new IceResponse(IceResponse::ERROR, self::RESPONSE_ERR_PERMISSION_DENIED, 403); + } elseif ($user->user_level !== 'Employee' && $user->user_level !== 'Manager') { + return new IceResponse(IceResponse::ERROR, self::RESPONSE_ERR_PERMISSION_DENIED, 403); + } + return new IceResponse(IceResponse::ERROR, "Permission denied", 403); + } + + return new IceResponse(IceResponse::SUCCESS); + } + + public function process($type, $parameters = []) + { + if (!is_array($parameters)) { + $parameters = [$parameters]; + } $accessTokenValidation = $this->validateAccessToken(); if (!empty($accessTokenValidation) && $accessTokenValidation->getStatus() == IceResponse::ERROR) { $resp = $accessTokenValidation; } else { - $resp = $this->$type($parameter); + BaseService::getInstance()->setCurrentUser($accessTokenValidation->getData()); + SessionUtils::saveSessionObject('user', $accessTokenValidation->getData()); + array_unshift($parameters, $accessTokenValidation->getData()); + $resp = call_user_func_array(array($this, $type), $parameters); } header('Content-Type: application/json'); @@ -39,33 +89,177 @@ class RestEndPoint "code" => $resp->getCode(), "message" => $resp->getObject() ); - $this->printResponse(array("error",[$messages])); + $this->printResponse(array("error" => [$messages])); } } - public function get($parameter) + protected function enrichElement($obj, $map) + { + if (!empty($map)) { + foreach ($map as $k => $v) { + if ($obj->$k !== null) { + $obj->$k = [ + 'type' => $v[0], + $v[1] => $obj->$k, + 'display' => $obj->{$k . '_Name'} + ]; + } else { + unset($obj->$k); + } + unset($obj->{$k . '_Name'}); + } + } + return $obj; + } + + protected function cleanObject($obj) + { + $obj = BaseService::getInstance()->cleanUpAdoDB($obj); + unset($obj->keysToIgnore); + unset($obj->historyFieldsToTrack); + unset($obj->historyUpdateList); + unset($obj->oldObjOrig); + unset($obj->oldObj); + + return $obj; + } + + protected function removeNullFields($obj) + { + foreach ($obj as $k => $v) { + if ($obj->$k === null) { + unset($obj->$k); + } + } + + return $obj; + } + + public function list(User $user) { return new IceResponse(IceResponse::ERROR, "Method not Implemented", 404); } - public function post($parameter) + protected function listByQuery(DataQuery $query) + { + $page = 1; + if (isset($_GET['page']) && intval($_GET['page']) > 0) { + $page = intval($_GET['page']); + } + + $limit = static::DEFAULT_LIMIT; + if (isset($_GET['limit']) && intval($_GET['limit']) > 0) { + $limit = intval($_GET['limit']); + } + + $query->setStartPage(($page - 1) * $limit); + $query->setLength($limit); + + $data = DataReader::getData($query); + $output = array(); + $columns = $query->getColumns(); + foreach ($data as $item) { + if (!empty($columns)) { + $obj = new \stdClass(); + foreach ($columns as $column) { + $obj->$column = $item->$column; + } + } else { + $obj = $this->cleanObject($item); + } + $output[] = $obj; + } + + return new IceResponse( + IceResponse::SUCCESS, + [ + 'data' => $output, + 'nextPage' => $page + 1, + ] + ); + } + + protected function listData( + $object, + $limit, + $page = 1, + $fieldsToRemove = array(), + $customQuery = null, + $params = [] + ) { + if (!isset($limit) || $limit <= 0) { + $limit = self::DEFAULT_LIMIT; + } + + if ($customQuery) { + $query = $customQuery.' order by id limit ?,?'; + $params[] = ($page - 1) * $limit; + $params[] = $limit + 1; + } else { + $query = '1=1 order by id limit ?,?'; + $params = array(($page - 1) * $limit, ($limit + 1)); + } + + $allObjects = $object->Find($query, $params); + $count = 0; + $hasMore = 0; + $newObjects = array(); + foreach ($allObjects as $object) { + $object = $this->cleanObject($object); + $object = $this->removeNullFields($object); + if (!empty($fieldsToRemove)) { + foreach ($fieldsToRemove as $field) { + unset($object->$field); + } + } + $newObjects[] = $object; + $count++; + if ($count === $limit) { + $hasMore = true; + break; + } + } + + return new IceResponse( + IceResponse::SUCCESS, + [ + 'data' => $newObjects, + 'prevPage' => ($page > 1) ? $page - 1 : '', + 'nextPage' => $hasMore ? $page + 1 : '', + 'limit' => $limit, + ] + ); + } + + public function get(User $user, $parameter) { return new IceResponse(IceResponse::ERROR, "Method not Implemented", 404); } - public function put($parameter) + public function post(User $user) { return new IceResponse(IceResponse::ERROR, "Method not Implemented", 404); } - public function delete($parameter) + public function put(User $user, $parameter) { return new IceResponse(IceResponse::ERROR, "Method not Implemented", 404); } - public function clearObject($obj) + public function delete(User $user, $parameter) { - return BaseService::getInstance()->cleanUpAdoDB($obj); + if ($user->user_level !== 'Admin') { + return new IceResponse(IceResponse::ERROR, "Permission denied", 403); + } + + $response = BaseService::getInstance()->deleteElement( + static::ELEMENT_NAME, + $parameter + ); + if ($response->getStatus() === IceResponse::SUCCESS) { + return new IceResponse(IceResponse::SUCCESS, ['id' => $parameter], 200); + } + return new IceResponse(IceResponse::ERROR, $response->getData(), 400); } public function validateAccessToken() @@ -75,12 +269,6 @@ class RestEndPoint return $accessTokenValidation; } - public function cleanDBObject($obj) - { - unset($obj->keysToIgnore); - return $obj; - } - public function printResponse($response) { echo json_encode($response, JSON_PRETTY_PRINT); @@ -129,4 +317,10 @@ class RestEndPoint } return null; } + + protected function getRequestBody() + { + $inputJSON = file_get_contents('php://input'); + return json_decode($inputJSON, true); + } } diff --git a/src/Employees/Admin/Api/EmployeesAdminManager.php b/src/Employees/Admin/Api/EmployeesAdminManager.php index aa629ad8..1e1dc95f 100644 --- a/src/Employees/Admin/Api/EmployeesAdminManager.php +++ b/src/Employees/Admin/Api/EmployeesAdminManager.php @@ -26,10 +26,35 @@ class EmployeesAdminManager extends AbstractModuleManager public function setupRestEndPoints() { - \Classes\Macaw::get(REST_API_PATH.'employee/(:any)', function ($pathParams) { + \Classes\Macaw::get(REST_API_PATH.'employees/me', function () { + $empRestEndPoint = new EmployeeRestEndPoint(); + $empRestEndPoint->process('get', 'me'); + }); + + \Classes\Macaw::get(REST_API_PATH.'employees/(:num)', function ($pathParams) { $empRestEndPoint = new EmployeeRestEndPoint(); $empRestEndPoint->process('get', $pathParams); }); + + \Classes\Macaw::get(REST_API_PATH.'employees', function () { + $empRestEndPoint = new EmployeeRestEndPoint(); + $empRestEndPoint->process('list'); + }); + + \Classes\Macaw::post(REST_API_PATH.'employees', function () { + $empRestEndPoint = new EmployeeRestEndPoint(); + $empRestEndPoint->process('post'); + }); + + \Classes\Macaw::put(REST_API_PATH.'employees/(:num)', function ($pathParams) { + $empRestEndPoint = new EmployeeRestEndPoint(); + $empRestEndPoint->process('put', $pathParams); + }); + + \Classes\Macaw::delete(REST_API_PATH.'employees/(:num)', function ($pathParams) { + $empRestEndPoint = new EmployeeRestEndPoint(); + $empRestEndPoint->process('delete', $pathParams); + }); } public function initializeDatabaseErrorMappings() diff --git a/src/Employees/Rest/EmployeeRestEndPoint.php b/src/Employees/Rest/EmployeeRestEndPoint.php index 970c7d40..891b578a 100644 --- a/src/Employees/Rest/EmployeeRestEndPoint.php +++ b/src/Employees/Rest/EmployeeRestEndPoint.php @@ -1,51 +1,140 @@ Load("id = ?", array($id)); + return $obj; + } + + public function list(User $user) + { + $query = new DataQuery('Employee'); + + $limit = self::DEFAULT_LIMIT; + if (isset($_GET['limit']) && intval($_GET['limit']) > 0) { + $limit = intval($_GET['limit']); + } + $query->setLength($limit); + + if ($user->user_level !== 'Admin') { + $query->setIsSubOrdinates(true); } - if ($parameter === 'list') { - $emp = new Employee(); - $emps = $emp->Find("1=1"); - $newEmps = array(); - foreach ($emps as $emp) { - $emp = BaseService::getInstance()->cleanUpAdoDB($emp); - $emp = Employee::cleanEmployeeData($emp); - $newEmps[] = $emp; - } - return new IceResponse(IceResponse::SUCCESS, $newEmps); - } else { - $mapping = '{"nationality":["Nationality","id","name"],"ethnicity":["Ethnicity","id","name"],' - .'"immigration_status":["ImmigrationStatus","id","name"],' - .'"employment_status":["EmploymentStatus","id","name"],' - .'"job_title":["JobTitle","id","name"],"pay_grade":["PayGrade","id","name"],' - .'"country":["Country","code","name"],"province":["Province","id","name"],' - .'"department":["CompanyStructure","id","title"],' - .'"supervisor":["Employee","id","first_name+last_name"]}'; - $emp = BaseService::getInstance()->getElement('Employee', $parameter, $mapping, true); - if (!empty($emp)) { - $emp = Employee::cleanEmployeeData($emp); - return new IceResponse(IceResponse::SUCCESS, $emp); - } + return $this->listByQuery($query); + } + + public function get(User $user, $parameter) + { + if (empty($parameter)) { return new IceResponse(IceResponse::ERROR, "Employee not found", 404); } + + if ($parameter === 'me') { + $parameter = BaseService::getInstance()->getCurrentProfileId(); + } + + if ($user->user_level !== 'Admin' && !PermissionManager::manipulationAllowed( + BaseService::getInstance()->getCurrentProfileId(), + $this->getModelObject($parameter) + ) + ) { + return new IceResponse(IceResponse::ERROR, "Permission denied", 403); + } + + $mapping = [ + "nationality" => ["Nationality","id","name"], + "ethnicity" => ["Ethnicity","id","name"], + "immigration_status" => ["ImmigrationStatus","id","name"], + "employment_status" => ["EmploymentStatus","id","name"], + "job_title" => ["JobTitle","id","name"], + "pay_grade" => ["PayGrade","id","name"], + "country" => ["Country","code","name"], + "province" => ["Province","id","name"], + "department" => ["CompanyStructure","id","title"], + "supervisor" => [self::ELEMENT_NAME,"id","first_name+last_name"], + ]; + + $emp = BaseService::getInstance()->getElement( + self::ELEMENT_NAME, + $parameter, + json_encode($mapping), + true + ); + + $emp = $this->enrichElement($emp, $mapping); + if (!empty($emp)) { + $emp = $this->cleanObject($emp); + $emp = $this->removeNullFields($emp); + return new IceResponse(IceResponse::SUCCESS, $emp); + } + return new IceResponse(IceResponse::ERROR, "Employee not found", 404); + } + + public function post(User $user) + { + if ($user->user_level !== 'Admin') { + return new IceResponse(IceResponse::ERROR, "Permission denied", 403); + } + $body = $this->getRequestBody(); + $response = BaseService::getInstance()->addElement(self::ELEMENT_NAME, $body); + if ($response->getStatus() === IceResponse::SUCCESS) { + $response = $this->get($user, $response->getData()->id); + $response->setCode(201); + return $response; + } + + return new IceResponse(IceResponse::ERROR, $response->getData(), 400); + } + + public function put(User $user, $parameter) + { + + if ($user->user_level !== 'Admin' && + !PermissionManager::manipulationAllowed( + BaseService::getInstance()->getCurrentProfileId(), + $this->getModelObject($parameter) + ) + ) { + return new IceResponse(IceResponse::ERROR, "Permission denied", 403); + } + + $body = $this->getRequestBody(); + $body['id'] = $parameter; + $response = BaseService::getInstance()->addElement(self::ELEMENT_NAME, $body); + if ($response->getStatus() === IceResponse::SUCCESS) { + return $this->get($user, $response->getData()->id); + } + + return new IceResponse(IceResponse::ERROR, 'Error modifying employee', 400); + } + + public function delete(User $user, $parameter) + { + if ($user->user_level !== 'Admin') { + return new IceResponse(IceResponse::ERROR, "Permission denied", 403); + } + + $response = BaseService::getInstance()->deleteElement( + self::ELEMENT_NAME, + $parameter + ); + if ($response->getStatus() === IceResponse::SUCCESS) { + return new IceResponse(IceResponse::SUCCESS, ['id' => $parameter], 200); + } + return new IceResponse(IceResponse::ERROR, $response->getData(), 400); } }