diff --git a/.env b/.env index 9ffda1d..bddf09d 100644 --- a/.env +++ b/.env @@ -1 +1,2 @@ -DATABASE_URL=sqlite:./localdb.sqlite3 +DATABASE_URL=sqlite:/home/neosam/programming/rust/projects/shifty-backend/localdb.sqlite3 +APP_URL=https://.goller.tech \ No newline at end of file diff --git a/app/src/main.rs b/app/src/main.rs index 941d3dd..857bf35 100644 --- a/app/src/main.rs +++ b/app/src/main.rs @@ -52,6 +52,7 @@ type WorkingHoursService = service_impl::working_hours::WorkingHoursServiceImpl< type ExtraHoursService = service_impl::extra_hours::ExtraHoursServiceImpl< dao_impl::extra_hours::ExtraHoursDaoImpl, PermissionService, + SalesPersonService, ClockService, UuidService, >; @@ -173,6 +174,7 @@ impl RestStateImpl { let extra_hours_service = Arc::new(service_impl::extra_hours::ExtraHoursServiceImpl::new( extra_hours_dao, permission_service.clone(), + sales_person_service.clone(), clock_service, uuid_service, )); diff --git a/service/src/sales_person.rs b/service/src/sales_person.rs index 2bbbd29..05c10a3 100644 --- a/service/src/sales_person.rs +++ b/service/src/sales_person.rs @@ -103,4 +103,9 @@ pub trait SalesPersonService { &self, context: Authentication, ) -> Result, ServiceError>; + async fn verify_user_is_sales_person( + &self, + sales_person_id: Uuid, + context: Authentication, + ) -> Result<(), ServiceError>; } diff --git a/service_impl/src/extra_hours.rs b/service_impl/src/extra_hours.rs index 82e6d1c..562dab6 100644 --- a/service_impl/src/extra_hours.rs +++ b/service_impl/src/extra_hours.rs @@ -7,37 +7,49 @@ use service::{ permission::{Authentication, HR_PRIVILEGE}, ServiceError, }; +use tokio::join; use uuid::Uuid; pub struct ExtraHoursServiceImpl< ExtraHoursDao: dao::extra_hours::ExtraHoursDao, PermissionService: service::PermissionService, + SalesPersonService: service::sales_person::SalesPersonService, ClockService: service::clock::ClockService, UuidService: service::uuid_service::UuidService, > { extra_hours_dao: Arc, permission_service: Arc, + sales_person_service: Arc, clock_service: Arc, uuid_service: Arc, } -impl - ExtraHoursServiceImpl +impl + ExtraHoursServiceImpl< + ExtraHoursDao, + PermissionService, + SalesPersonService, + ClockService, + UuidService, + > where ExtraHoursDao: dao::extra_hours::ExtraHoursDao + Sync + Send, PermissionService: service::PermissionService + Sync + Send, + SalesPersonService: service::sales_person::SalesPersonService + Sync + Send, ClockService: service::clock::ClockService + Sync + Send, UuidService: service::uuid_service::UuidService + Sync + Send, { pub fn new( extra_hours_dao: Arc, permission_service: Arc, + sales_person_service: Arc, clock_service: Arc, uuid_service: Arc, ) -> Self { Self { extra_hours_dao, permission_service, + sales_person_service, clock_service, uuid_service, } @@ -48,10 +60,19 @@ where impl< ExtraHoursDao: dao::extra_hours::ExtraHoursDao + Sync + Send, PermissionService: service::PermissionService + Sync + Send, + SalesPersonService: service::sales_person::SalesPersonService + + Sync + + Send, ClockService: service::clock::ClockService + Sync + Send, UuidService: service::uuid_service::UuidService + Sync + Send, > service::extra_hours::ExtraHoursService - for ExtraHoursServiceImpl + for ExtraHoursServiceImpl< + ExtraHoursDao, + PermissionService, + SalesPersonService, + ClockService, + UuidService, + > { type Context = PermissionService::Context; @@ -64,14 +85,19 @@ impl< ) -> Result, ServiceError> { unimplemented!() } + async fn create( &self, extra_hours: &ExtraHours, context: Authentication, ) -> Result { - self.permission_service - .check_permission(HR_PRIVILEGE, context) - .await?; + let (hr_permission, sales_person_permission) = join!( + self.permission_service + .check_permission(HR_PRIVILEGE, context.clone()), + self.sales_person_service + .verify_user_is_sales_person(extra_hours.sales_person_id, context), + ); + hr_permission.or(sales_person_permission)?; let mut extra_hours = extra_hours.to_owned(); if !extra_hours.id.is_nil() { diff --git a/service_impl/src/sales_person.rs b/service_impl/src/sales_person.rs index f61be41..224e7f0 100644 --- a/service_impl/src/sales_person.rs +++ b/service_impl/src/sales_person.rs @@ -337,4 +337,23 @@ where .get_sales_person_for_user(current_user, Authentication::Full) .await?) } + + async fn verify_user_is_sales_person( + &self, + sales_person_id: Uuid, + context: Authentication, + ) -> Result<(), ServiceError> { + let (Some(username), Some(sales_person_username)) = ( + self.permission_service.current_user_id(context).await?, + self.get_assigned_user(sales_person_id, Authentication::Full) + .await?, + ) else { + return Err(ServiceError::Forbidden); + }; + if username == sales_person_username { + Ok(()) + } else { + Err(ServiceError::Forbidden) + } + } }