Skip to content

Commit e4c8d54

Browse files
ManulMaxManulMax
authored
OHRM5X-2109: Change admin - enabled modules API read permission (orangehrm#1645)
* OHRM5X-1964: Develop pim - my info API
1 parent b9f1d9b commit e4c8d54

File tree

8 files changed

+413
-0
lines changed

8 files changed

+413
-0
lines changed

installer/Migration/V5_4_0/Migration.php

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -107,6 +107,7 @@ public function up(): void
107107
$this->cleanClaimScreens();
108108
$this->getDataGroupHelper()->insertScreenPermissions(__DIR__ . '/permission/screens.yaml');
109109
$this->changeClaimEventTableStatusToBoolean();
110+
$this->changePermissionForModulesAPI();
110111

111112
if (!$this->getSchemaHelper()->tableExists(['ohrm_expense_type'])) {
112113
$this->getSchemaHelper()->createTable('ohrm_expense_type')
@@ -866,4 +867,17 @@ private function deleteClaimWorkflowStates(): void
866867
->setParameter('workflow', 'CLAIM')
867868
->executeQuery();
868869
}
870+
871+
private function changePermissionForModulesAPI(): void
872+
{
873+
$this->getDataGroupHelper()->addDataGroupPermissions(
874+
'apiv2_admin_modules',
875+
'ESS',
876+
true,
877+
false,
878+
false,
879+
false,
880+
false
881+
);
882+
}
869883
}

installer/Migration/V5_4_0/permission/api.yaml

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -79,3 +79,16 @@ apiv2_claim_attachment:
7979
permissions:
8080
- { role: Admin, permission: { read: true, create: true, update: true, delete: true } }
8181
- { role: ESS, permission: { read: true, create: true, update: true, delete: true } }
82+
83+
apiv2_pim_my_info:
84+
description: "PIM - Logged In User Details"
85+
api: OrangeHRM\Pim\Api\MyInfoAPI
86+
module: pim
87+
allowed:
88+
read: true
89+
create: false
90+
update: false
91+
delete: false
92+
permissions:
93+
- { role: Admin, permission: { read: true, create: false, update: false, delete: false } }
94+
- { role: ESS, permission: { read: true, create: false, update: false, delete: false } }

src/plugins/orangehrmPimPlugin/Api/Model/EmployeeDetailedModel.php

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,48 @@
2323
use OrangeHRM\Core\Api\V2\Serializer\Normalizable;
2424
use OrangeHRM\Entity\Employee;
2525

26+
/**
27+
* @OA\Schema(
28+
* schema="Pim-EmployeeDetailedModel",
29+
* type="object",
30+
* @OA\Property(property="empNumber", type="string"),
31+
* @OA\Property(property="lastName", type="string"),
32+
* @OA\Property(property="firstName", type="string"),
33+
* @OA\Property(property="middleName", type="string"),
34+
* @OA\Property(property="employeeId", type="string"),
35+
* @OA\Property(property="terminationId", type="integer", nullable=true),
36+
* @OA\Property(
37+
* property="jobTitle",
38+
* type="object",
39+
* @OA\Property(property="id", type="integer"),
40+
* @OA\Property(property="title", type="string"),
41+
* @OA\Property(property="isDeleted", type="boolean")
42+
* ),
43+
* @OA\Property(
44+
* property="subunit",
45+
* type="object",
46+
* @OA\Property(property="id", type="integer"),
47+
* @OA\Property(property="name", type="string")
48+
* ),
49+
* @OA\Property(
50+
* property="empStatus",
51+
* type="object",
52+
* @OA\Property(property="id", type="integer"),
53+
* @OA\Property(property="name", type="string")
54+
* ),
55+
* @OA\Property(
56+
* property="supervisors",
57+
* type="array",
58+
* @OA\Items(
59+
* type="object",
60+
* @OA\Property(property="empNumber", type="string"),
61+
* @OA\Property(property="lastName", type="string"),
62+
* @OA\Property(property="firstName", type="string"),
63+
* @OA\Property(property="middleName", type="string")
64+
* )
65+
* )
66+
* )
67+
*/
2668
class EmployeeDetailedModel implements Normalizable
2769
{
2870
use ModelTrait;

src/plugins/orangehrmPimPlugin/Api/MyInfoAPI.php

Lines changed: 156 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,156 @@
1+
<?php
2+
/**
3+
* OrangeHRM is a comprehensive Human Resource Management (HRM) System that captures
4+
* all the essential functionalities required for any enterprise.
5+
* Copyright (C) 2006 OrangeHRM Inc., http://www.orangehrm.com
6+
*
7+
* OrangeHRM is free software; you can redistribute it and/or modify it under the terms of
8+
* the GNU General Public License as published by the Free Software Foundation; either
9+
* version 2 of the License, or (at your option) any later version.
10+
*
11+
* OrangeHRM is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
12+
* without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
13+
* See the GNU General Public License for more details.
14+
*
15+
* You should have received a copy of the GNU General Public License along with this program;
16+
* if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
17+
* Boston, MA 02110-1301, USA
18+
*/
19+
20+
namespace OrangeHRM\Pim\Api;
21+
22+
use OpenApi\Annotations as OA;
23+
use OrangeHRM\Core\Api\CommonParams;
24+
use OrangeHRM\Core\Api\V2\Endpoint;
25+
use OrangeHRM\Core\Api\V2\EndpointResourceResult;
26+
use OrangeHRM\Core\Api\V2\EndpointResult;
27+
use OrangeHRM\Core\Api\V2\RequestParams;
28+
use OrangeHRM\Core\Api\V2\ResourceEndpoint;
29+
use OrangeHRM\Core\Api\V2\Validator\ParamRule;
30+
use OrangeHRM\Core\Api\V2\Validator\ParamRuleCollection;
31+
use OrangeHRM\Core\Api\V2\Validator\Rule;
32+
use OrangeHRM\Core\Api\V2\Validator\Rules;
33+
use OrangeHRM\Core\Traits\Auth\AuthUserTrait;
34+
use OrangeHRM\Entity\Employee;
35+
use OrangeHRM\Pim\Api\Model\EmployeeDetailedModel;
36+
use OrangeHRM\Pim\Api\Model\EmployeeModel;
37+
use OrangeHRM\Pim\Traits\Service\EmployeeServiceTrait;
38+
39+
class MyInfoAPI extends Endpoint implements ResourceEndpoint
40+
{
41+
use AuthUserTrait;
42+
use EmployeeServiceTrait;
43+
44+
public const FILTER_MODEL = 'model';
45+
public const MODEL_DEFAULT = 'default';
46+
public const MODEL_DETAILED = 'detailed';
47+
public const MODEL_MAP = [
48+
self::MODEL_DEFAULT => EmployeeModel::class,
49+
self::MODEL_DETAILED => EmployeeDetailedModel::class,
50+
];
51+
52+
/**
53+
* @OA\Get(
54+
* path="/api/v2/pim/myself",
55+
* tags={"Pim/My Self"},
56+
* @OA\Parameter(
57+
* name="model",
58+
* in="query",
59+
* required=false,
60+
* @OA\Schema(
61+
* type="string",
62+
* enum={OrangeHRM\Pim\Api\MyInfoAPI::MODEL_DEFAULT, OrangeHRM\Pim\Api\MyInfoAPI::MODEL_DETAILED},
63+
* default=OrangeHRM\Pim\Api\MyInfoAPI::MODEL_DEFAULT
64+
* )
65+
* ),
66+
* @OA\Response(
67+
* response="200",
68+
* description="Success",
69+
* @OA\JsonContent(
70+
* @OA\Property(
71+
* property="data",
72+
* oneOf={
73+
* @OA\Schema(ref="#/components/schemas/Pim-EmployeeModel"),
74+
* @OA\Schema(ref="#/components/schemas/Pim-EmployeeDetailedModel"),
75+
* }
76+
* ),
77+
* )
78+
* )
79+
* )
80+
*
81+
* @inheritDoc
82+
*/
83+
public function getOne(): EndpointResult
84+
{
85+
$empNumber = $this->getAuthUser()->getEmpNumber();
86+
$employee = $this->getEmployeeService()->getEmployeeByEmpNumber($empNumber);
87+
$this->throwRecordNotFoundExceptionIfNotExist($employee, Employee::class);
88+
89+
return new EndpointResourceResult(
90+
$this->getModelClass(),
91+
$employee,
92+
);
93+
}
94+
95+
/**
96+
* @inheritDoc
97+
*/
98+
public function getValidationRuleForGetOne(): ParamRuleCollection
99+
{
100+
$paramRules = new ParamRuleCollection(
101+
$this->getValidationDecorator()->notRequiredParamRule(
102+
new ParamRule(
103+
self::FILTER_MODEL,
104+
new Rule(Rules::IN, [array_keys(self::MODEL_MAP)])
105+
)
106+
),
107+
);
108+
$paramRules->addExcludedParamKey(CommonParams::PARAMETER_ID);
109+
return $paramRules;
110+
}
111+
112+
/**
113+
* @return string
114+
*/
115+
protected function getModelClass(): string
116+
{
117+
$model = $this->getRequestParams()->getString(
118+
RequestParams::PARAM_TYPE_QUERY,
119+
self::FILTER_MODEL,
120+
self::MODEL_DEFAULT
121+
);
122+
return self::MODEL_MAP[$model];
123+
}
124+
125+
/**
126+
* @inheritDoc
127+
*/
128+
public function update(): EndpointResult
129+
{
130+
throw $this->getNotImplementedException();
131+
}
132+
133+
/**
134+
* @inheritDoc
135+
*/
136+
public function getValidationRuleForUpdate(): ParamRuleCollection
137+
{
138+
throw $this->getNotImplementedException();
139+
}
140+
141+
/**
142+
* @inheritDoc
143+
*/
144+
public function delete(): EndpointResult
145+
{
146+
throw $this->getNotImplementedException();
147+
}
148+
149+
/**
150+
* @inheritDoc
151+
*/
152+
public function getValidationRuleForDelete(): ParamRuleCollection
153+
{
154+
throw $this->getNotImplementedException();
155+
}
156+
}

src/plugins/orangehrmPimPlugin/config/routes.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -508,6 +508,14 @@ apiv2_pim_validate_employee_other_email:
508508
requirements:
509509
empNumber: '\d+'
510510

511+
apiv2_pim_my_info:
512+
path: /api/v2/pim/myself
513+
controller: OrangeHRM\Core\Controller\Rest\V2\GenericRestController::handle
514+
methods: [ GET ]
515+
defaults:
516+
id: 0
517+
_api: OrangeHRM\Pim\Api\MyInfoAPI
518+
511519
##########################
512520
# Files
513521
##########################

src/plugins/orangehrmPimPlugin/test/Api/MyInfoAPITest.php

Lines changed: 78 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,78 @@
1+
<?php
2+
/**
3+
* OrangeHRM is a comprehensive Human Resource Management (HRM) System that captures
4+
* all the essential functionalities required for any enterprise.
5+
* Copyright (C) 2006 OrangeHRM Inc., http://www.orangehrm.com
6+
*
7+
* OrangeHRM is free software; you can redistribute it and/or modify it under the terms of
8+
* the GNU General Public License as published by the Free Software Foundation; either
9+
* version 2 of the License, or (at your option) any later version.
10+
*
11+
* OrangeHRM is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
12+
* without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
13+
* See the GNU General Public License for more details.
14+
*
15+
* You should have received a copy of the GNU General Public License along with this program;
16+
* if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
17+
* Boston, MA 02110-1301, USA
18+
*/
19+
20+
namespace OrangeHRM\Tests\Pim\Api;
21+
22+
use OrangeHRM\Framework\Services;
23+
use OrangeHRM\Pim\Api\MyInfoAPI;
24+
use OrangeHRM\Tests\Util\EndpointIntegrationTestCase;
25+
use OrangeHRM\Tests\Util\Integration\TestCaseParams;
26+
27+
/**
28+
* @group Pim
29+
* @group APIv2
30+
*/
31+
class MyInfoAPITest extends EndpointIntegrationTestCase
32+
{
33+
/**
34+
* @dataProvider dataProviderForTestGetOne
35+
*/
36+
public function testGetOne(TestCaseParams $testCaseParams): void
37+
{
38+
$this->populateFixtures('MyInfoAPITest.yml');
39+
$this->createKernelWithMockServices([Services::AUTH_USER => $this->getMockAuthUser($testCaseParams)]);
40+
41+
$this->registerServices($testCaseParams);
42+
$api = $this->getApiEndpointMock(MyInfoAPI::class, $testCaseParams);
43+
$this->assertValidTestCase($api, 'getOne', $testCaseParams);
44+
}
45+
46+
public function dataProviderForTestGetOne(): array
47+
{
48+
return $this->getTestCases('MyInfoAPITestCases.yml', 'GetOne');
49+
}
50+
51+
public function testUpdate(): void
52+
{
53+
$api = new MyInfoAPI($this->getRequest());
54+
$this->expectNotImplementedException();
55+
$api->update();
56+
}
57+
58+
public function testGetValidationRuleForUpdate(): void
59+
{
60+
$api = new MyInfoAPI($this->getRequest());
61+
$this->expectNotImplementedException();
62+
$api->getValidationRuleForUpdate();
63+
}
64+
65+
public function testDelete(): void
66+
{
67+
$api = new MyInfoAPI($this->getRequest());
68+
$this->expectNotImplementedException();
69+
$api->delete();
70+
}
71+
72+
public function testGetValidationRuleForDelete(): void
73+
{
74+
$api = new MyInfoAPI($this->getRequest());
75+
$this->expectNotImplementedException();
76+
$api->getValidationRuleForDelete();
77+
}
78+
}

0 commit comments

Comments
 (0)