Solved #1 and ordering in EmployeesController, added some authentication
This commit is contained in:
Sockenklaus
@@ -4,13 +4,20 @@ import UpdateEmployeeValidator from 'App/Validators/UpdateEmployeeValidator'
|
||||
import CreateEmployeeValidator from 'App/Validators/CreateEmployeeValidator'
|
||||
|
||||
import Database from '@ioc:Adonis/Lucid/Database'
|
||||
import Logger from '@ioc:Adonis/Core/Logger'
|
||||
|
||||
// TODO: #1 Implement paginator for Employee-Index
|
||||
export default class EmployeesController {
|
||||
public async index ({bouncer}: HttpContextContract) {
|
||||
public async index ({bouncer, request}: HttpContextContract) {
|
||||
await bouncer.authorize('employees.index')
|
||||
|
||||
return await Database.from('employees').select('*')
|
||||
const limit: number = request.qs().limit ?? 10
|
||||
const page: number = request.qs().page ?? 1
|
||||
const sort_by = await this.sort_by(request.qs().sort_by)
|
||||
|
||||
const employees = await Database.from('employees').orderBy(sort_by).paginate(page, limit)
|
||||
|
||||
return employees
|
||||
}
|
||||
|
||||
public async store ({request}: HttpContextContract) {
|
||||
@@ -36,36 +43,62 @@ export default class EmployeesController {
|
||||
public async show ({params, bouncer}: HttpContextContract) {
|
||||
const emp = await Employee.findOrFail(params.id)
|
||||
|
||||
if (await bouncer.denies('employees.show', emp)){
|
||||
return 'Not admin or wrong user'
|
||||
}
|
||||
await bouncer.authorize('employees.show', emp)
|
||||
|
||||
return emp
|
||||
}
|
||||
|
||||
public async update ({params, request}: HttpContextContract) {
|
||||
public async update ({params, bouncer, response, request}: HttpContextContract) {
|
||||
|
||||
const employee : Employee = await Employee.findOrFail(params.id)
|
||||
const editContractHours : boolean = employee.contractHours !== request.input('contractHours')
|
||||
|
||||
await bouncer.authorize('employees.update', editContractHours, employee)
|
||||
|
||||
try {
|
||||
const payload = await request.validate(UpdateEmployeeValidator)
|
||||
|
||||
if (editContractHours){
|
||||
employee.contractHours = payload.contractHours ?? 0
|
||||
}
|
||||
|
||||
employee.firstName = payload.firstName
|
||||
employee.lastName = payload.lastName ?? ''
|
||||
employee.shorthand = payload.shorthand
|
||||
employee.email = payload.email ?? ''
|
||||
employee.phone = payload.phone ?? ''
|
||||
employee.mobile = payload.mobile ?? ''
|
||||
employee.contractHours = payload.contractHours ?? 0
|
||||
|
||||
return await employee.save()
|
||||
await employee.save()
|
||||
|
||||
} catch(error) {
|
||||
return error
|
||||
}
|
||||
return response.ok({
|
||||
status: 200,
|
||||
message: "Employee updated successfully"
|
||||
})
|
||||
}
|
||||
|
||||
public async destroy ({params}: HttpContextContract) {
|
||||
public async destroy ({params, bouncer}: HttpContextContract) {
|
||||
await bouncer.authorize('employees.destroy')
|
||||
|
||||
return await Database.from('employees').where('id', params.id).delete()
|
||||
}
|
||||
|
||||
private async sort_by(qs: string): Promise<{column : string, order?: 'asc' | 'desc' | undefined}[]> {
|
||||
const regex : RegExp = /(asc|desc)\((\w+)\)/gi
|
||||
const client = Database.connection()
|
||||
let result: {
|
||||
column: string,
|
||||
order?: 'asc' | 'desc' | undefined
|
||||
}[] = []
|
||||
|
||||
const columns = await client.columnsInfo('employees')
|
||||
const match = qs?.matchAll(regex) ?? []
|
||||
|
||||
for (const item of match) {
|
||||
if( columns.hasOwnProperty(item[2]) && (item[1] === 'asc' || item[1] === 'desc')) result.push({column: item[2], order: item[1]})
|
||||
}
|
||||
|
||||
if(result.length === 0) result.push({column: 'last_name'})
|
||||
|
||||
return result
|
||||
}
|
||||
}
|
||||
|
||||
@@ -34,11 +34,34 @@ import Employee from 'App/Models/Employee'
|
||||
export const { actions } = Bouncer
|
||||
|
||||
.define('employees.index', (user: User) => {
|
||||
return user.role === 'admin'
|
||||
if(user.role !== 'admin') return Bouncer.deny('You are not allowed to view all employees')
|
||||
return true
|
||||
})
|
||||
|
||||
.define('employees.show', (user: User, employee : Employee) => {
|
||||
return user.role === 'admin' || user.id === employee.userId
|
||||
if(user.role !== 'admin' && user.id !== employee.userId){
|
||||
return Bouncer.deny('You are not allowd to view employees other than yourself')
|
||||
}
|
||||
return true
|
||||
})
|
||||
|
||||
.define('employees.store', (user: User) => {
|
||||
if(user.role !== 'admin') return Bouncer.deny('You are not allowd to create any employees')
|
||||
return true
|
||||
})
|
||||
|
||||
.define('employees.destroy', (user: User) => {
|
||||
if(user.role !== 'admin') return Bouncer.deny('You are not allowed to delete any employees')
|
||||
return true
|
||||
})
|
||||
|
||||
.define('employees.update', (user: User, editContractHours : boolean, employee: Employee) => {
|
||||
if(user.id !== employee.userId && user.role !== 'admin'){
|
||||
return Bouncer.deny('You are not allowed to edit employees other than yourself.')
|
||||
} else if (editContractHours && user.role !== 'admin'){
|
||||
return Bouncer.deny('You are not allowed to edit your contract hours.')
|
||||
}
|
||||
return true
|
||||
})
|
||||
|
||||
/*
|
||||
|
||||
Reference in New Issue
Block a user