Feature 2834/move required permission to services

server/src/main/java/com/objectcomputing/checkins/services/action_item/ActionItemController.java

@@ -1,7 +1,5 @@
 package com.objectcomputing.checkins.services.action_item;
 
-import com.objectcomputing.checkins.services.permissions.Permission;
-import com.objectcomputing.checkins.services.permissions.RequiredPermission;
 import io.micronaut.core.annotation.Nullable;
 import io.micronaut.http.HttpRequest;
 import io.micronaut.http.HttpResponse;
@@ -35,7 +33,6 @@ public ActionItemController(ActionItemServices actionItemServices) {
      * @return {@link HttpResponse <ActionItem>}
      */
     @Post
-    @RequiredPermission(Permission.CAN_CREATE_CHECKINS)
     public HttpResponse<ActionItem> createActionItem(@Body @Valid ActionItemCreateDTO actionItem,
                                                      HttpRequest<?> request) {
         ActionItem newActionItem = actionItemServices.save(new ActionItem(actionItem.getCheckinid(),
@@ -53,7 +50,6 @@ public HttpResponse<ActionItem> createActionItem(@Body @Valid ActionItemCreateDT
      * @return {@link HttpResponse< ActionItem >}
      */
     @Put
-    @RequiredPermission(Permission.CAN_UPDATE_CHECKINS)
     public HttpResponse<?> updateActionItem(@Body @Valid ActionItem actionItem, HttpRequest<?> request) {
         ActionItem updatedActionItem = actionItemServices.update(actionItem);
         return HttpResponse
@@ -70,7 +66,6 @@ public HttpResponse<?> updateActionItem(@Body @Valid ActionItem actionItem, Http
      * @param id, id of {@link ActionItem} to delete
      */
     @Delete("/{id}")
-    @RequiredPermission(Permission.CAN_UPDATE_CHECKINS)
     public HttpResponse<?> deleteActionItem(UUID id) {
         actionItemServices.delete(id);
         return HttpResponse
@@ -84,7 +79,6 @@ public HttpResponse<?> deleteActionItem(UUID id) {
      * @return {@link ActionItem}
      */
     @Get("/{id}")
-    @RequiredPermission(Permission.CAN_VIEW_CHECKINS)
     public ActionItem readActionItem(UUID id) {
         return actionItemServices.read(id);
     }
@@ -97,7 +91,6 @@ public ActionItem readActionItem(UUID id) {
      * @return {@link List < CheckIn > list of checkins}
      */
     @Get("/{?checkinid,createdbyid}")
-    @RequiredPermission(Permission.CAN_VIEW_CHECKINS)
     public Set<ActionItem> findActionItems(@Nullable UUID checkinid,
                                            @Nullable UUID createdbyid) {
         return actionItemServices.findByFields(checkinid, createdbyid);

server/src/main/java/com/objectcomputing/checkins/services/action_item/ActionItemServicesImpl.java

@@ -1,5 +1,7 @@
 package com.objectcomputing.checkins.services.action_item;
 
+import com.objectcomputing.checkins.services.permissions.Permission;
+import com.objectcomputing.checkins.services.permissions.RequiredPermission;
 import com.objectcomputing.checkins.services.validate.crud.CRUDValidator;
 import jakarta.inject.Named;
 import jakarta.inject.Singleton;
@@ -24,6 +26,7 @@ public ActionItemServicesImpl(ActionItemRepository actionItemRepo,
         this.crudValidator = crudValidator;
     }
 
+    @RequiredPermission(Permission.CAN_CREATE_CHECKINS)
     public ActionItem save(@Valid @NotNull ActionItem actionItem) {
         ActionItem actionItemRet;
 
@@ -45,6 +48,7 @@ public ActionItem save(@Valid @NotNull ActionItem actionItem) {
 
     }
 
+    @RequiredPermission(Permission.CAN_VIEW_CHECKINS)
     public ActionItem read(@NotNull UUID id) {
 
         ActionItem actionItemResult = actionItemRepo.findById(id).orElse(null);
@@ -56,6 +60,7 @@ public ActionItem read(@NotNull UUID id) {
 
     }
 
+    @RequiredPermission(Permission.CAN_UPDATE_CHECKINS)
     public ActionItem update(@Valid @NotNull ActionItem actionItem) {
         ActionItem actionItemRet = null;
 
@@ -68,6 +73,7 @@ public ActionItem update(@Valid @NotNull ActionItem actionItem) {
 
     }
 
+    @RequiredPermission(Permission.CAN_VIEW_CHECKINS)
     public Set<ActionItem> findByFields(UUID checkinid, UUID createdbyid) {
 
         crudValidator.validatePermissionsFindByFields(checkinid, createdbyid);
@@ -79,6 +85,7 @@ public Set<ActionItem> findByFields(UUID checkinid, UUID createdbyid) {
 
     }
 
+    @RequiredPermission(Permission.CAN_UPDATE_CHECKINS)
     public void delete(@NotNull UUID id) {
         ActionItem actionItemResult = actionItemRepo.findById(id).orElse(null);
 

server/src/main/java/com/objectcomputing/checkins/services/agenda_item/AgendaItemController.java

@@ -2,8 +2,6 @@
 
 import com.objectcomputing.checkins.exceptions.NotFoundException;
 import com.objectcomputing.checkins.services.checkins.CheckIn;
-import com.objectcomputing.checkins.services.permissions.Permission;
-import com.objectcomputing.checkins.services.permissions.RequiredPermission;
 import io.micronaut.core.annotation.Nullable;
 import io.micronaut.http.HttpResponse;
 import io.micronaut.http.HttpStatus;
@@ -46,7 +44,6 @@ class AgendaItemController {
      * @return {@link HttpResponse <AgendaItem>}
      */
     @Post("/")
-    @RequiredPermission(Permission.CAN_CREATE_CHECKINS)
     HttpResponse<AgendaItem> createAgendaItem(@Body @Valid AgendaItemCreateDTO agendaItem) {
         AgendaItem createAgendaItem = agendaItemServices.save(new AgendaItem(agendaItem.getCheckinid(), agendaItem.getCreatedbyid(), agendaItem.getDescription()));
         URI location = UriBuilder.of(PATH).path(createAgendaItem.getId().toString()).build();
@@ -61,7 +58,6 @@ HttpResponse<AgendaItem> createAgendaItem(@Body @Valid AgendaItemCreateDTO agend
      * @return {@link HttpResponse<AgendaItem>}
      */
     @Put("/")
-    @RequiredPermission(Permission.CAN_UPDATE_CHECKINS)
     HttpResponse<?> updateAgendaItem(@Body @Valid AgendaItem agendaItem) {
         if (agendaItem == null) {
             return HttpResponse.ok();
@@ -81,7 +77,6 @@ HttpResponse<?> updateAgendaItem(@Body @Valid AgendaItem agendaItem) {
      * @return a Set of {@link CheckIn}
      */
     @Get("/{?checkinid,createdbyid}")
-    @RequiredPermission(Permission.CAN_VIEW_CHECKINS)
     Set<AgendaItem> findAgendaItems(@Nullable UUID checkinid, @Nullable UUID createdbyid) {
         return agendaItemServices.findByFields(checkinid, createdbyid);
     }
@@ -93,7 +88,6 @@ Set<AgendaItem> findAgendaItems(@Nullable UUID checkinid, @Nullable UUID created
      * @return {@link AgendaItem}
      */
     @Get("/{id}")
-    @RequiredPermission(Permission.CAN_VIEW_CHECKINS)
     AgendaItem readAgendaItem(UUID id) {
         AgendaItem read = agendaItemServices.read(id);
         if (read == null) {
@@ -112,4 +106,4 @@ AgendaItem readAgendaItem(UUID id) {
     void deleteAgendaItem(UUID id) {
         agendaItemServices.delete(id);
     }
-}
+}

server/src/main/java/com/objectcomputing/checkins/services/agenda_item/AgendaItemServicesImpl.java

@@ -1,5 +1,7 @@
 package com.objectcomputing.checkins.services.agenda_item;
 
+import com.objectcomputing.checkins.services.permissions.Permission;
+import com.objectcomputing.checkins.services.permissions.RequiredPermission;
 import com.objectcomputing.checkins.exceptions.BadArgException;
 import com.objectcomputing.checkins.exceptions.PermissionException;
 import com.objectcomputing.checkins.services.checkins.CheckIn;
@@ -44,6 +46,7 @@ public AgendaItemServicesImpl(CheckInRepository checkinRepo,
     }
     // todo remove manual validations throughout class in favor of jakarta validations at api level.
     @Override
+    @RequiredPermission(Permission.CAN_CREATE_CHECKINS)
     public AgendaItem save(AgendaItem agendaItem) {
         AgendaItem agendaItemRet = null;
         if (agendaItem != null) {
@@ -82,6 +85,7 @@ public AgendaItem save(AgendaItem agendaItem) {
     }
 
     @Override
+    @RequiredPermission(Permission.CAN_VIEW_CHECKINS)
     public AgendaItem read(@NotNull UUID id) {
         final UUID currentUserId = currentUserServices.getCurrentUser().getId();
         boolean canViewAllCheckins = checkInServices.canViewAllCheckins(currentUserId);
@@ -102,6 +106,7 @@ public AgendaItem read(@NotNull UUID id) {
 
 
     @Override
+    @RequiredPermission(Permission.CAN_UPDATE_CHECKINS)
     public AgendaItem update(AgendaItem agendaItem) {
         AgendaItem agendaItemRet = null;
 
@@ -138,6 +143,7 @@ public AgendaItem update(AgendaItem agendaItem) {
     }
 
     @Override
+    @RequiredPermission(Permission.CAN_VIEW_CHECKINS)
     public Set<AgendaItem> findByFields(@Nullable UUID checkinId, @Nullable UUID createdById) {
         MemberProfile currentUser = currentUserServices.getCurrentUser();
         if(!checkInServices.doesUserHaveViewAccess(currentUser.getId(), checkinId, createdById)){
@@ -174,4 +180,4 @@ private void validate(boolean isError, String message, Object... args) {
             throw new BadArgException(String.format(message, args));
         }
     }
-}
+}

server/src/main/java/com/objectcomputing/checkins/services/certification/CertificationController.java

@@ -1,7 +1,5 @@
 package com.objectcomputing.checkins.services.certification;
 
-import com.objectcomputing.checkins.services.permissions.Permission;
-import com.objectcomputing.checkins.services.permissions.RequiredPermission;
 import io.micronaut.http.HttpStatus;
 import io.micronaut.http.annotation.Body;
 import io.micronaut.http.annotation.Controller;
@@ -68,7 +66,6 @@ Certification create(@Body @Valid CertificationDTO certification) {
      * @return the updated {@link Certification}
      */
     @Put("/{id}")
-    @RequiredPermission(Permission.CAN_MANAGE_CERTIFICATIONS)
     Certification update(@NotNull UUID id, @Body @Valid CertificationDTO certification) {
         return certificationService.updateCertification(new Certification(
                 id,
@@ -86,7 +83,6 @@ Certification update(@NotNull UUID id, @Body @Valid CertificationDTO certificati
      * @return the merged {@link Certification}
      */
     @Post("/merge")
-    @RequiredPermission(Permission.CAN_MANAGE_CERTIFICATIONS)
     Certification mergeCertifications(@Valid @Body CertificationMergeDTO certificationMergeDTO) {
         return certificationService.mergeCertifications(certificationMergeDTO.getSourceId(), certificationMergeDTO.getTargetId());
     }

server/src/main/java/com/objectcomputing/checkins/services/certification/CertificationServiceImpl.java

@@ -4,6 +4,7 @@
 import com.objectcomputing.checkins.services.memberprofile.MemberProfileRepository;
 import com.objectcomputing.checkins.services.memberprofile.currentuser.CurrentUserServices;
 import com.objectcomputing.checkins.services.permissions.Permission;
+import com.objectcomputing.checkins.services.permissions.RequiredPermission;
 import com.objectcomputing.checkins.services.role.role_permissions.RolePermissionServices;
 import io.micronaut.core.annotation.Nullable;
 import jakarta.transaction.Transactional;
@@ -59,6 +60,7 @@ public Certification saveCertification(Certification certification) {
     }
 
     @Override
+    @RequiredPermission(Permission.CAN_MANAGE_CERTIFICATIONS)
     public Certification updateCertification(Certification certification) {
         // Fail if a certification with the same name already exists (but it's not this one)
         validate(certificationRepository.getByName(certification.getName())
@@ -109,6 +111,7 @@ public void deleteEarnedCertification(UUID id) {
 
     @Override
     @Transactional
+    @RequiredPermission(Permission.CAN_MANAGE_CERTIFICATIONS)
     public Certification mergeCertifications(UUID sourceId, UUID targetId) {
         Optional<Certification> target = certificationRepository.findById(targetId);
         Optional<Certification> source = certificationRepository.findById(sourceId);

server/src/main/java/com/objectcomputing/checkins/services/checkin_notes/CheckinNoteController.java

@@ -1,7 +1,5 @@
 package com.objectcomputing.checkins.services.checkin_notes;
 
-import com.objectcomputing.checkins.services.permissions.Permission;
-import com.objectcomputing.checkins.services.permissions.RequiredPermission;
 import io.micronaut.core.annotation.Nullable;
 import io.micronaut.http.HttpRequest;
 import io.micronaut.http.HttpResponse;
@@ -38,7 +36,6 @@ public CheckinNoteController(CheckinNoteServices checkinNoteServices) {
      * @return
      */
     @Post
-    @RequiredPermission(Permission.CAN_CREATE_CHECKINS)
     public HttpResponse<CheckinNote> createCheckinNote(@Body @Valid CheckinNoteCreateDTO checkinNote, HttpRequest<?> request) {
         CheckinNote newCheckinNote = checkinNoteServices.save(new CheckinNote(checkinNote.getCheckinid(), checkinNote.getCreatedbyid()
                 , checkinNote.getDescription()));
@@ -55,7 +52,6 @@ public HttpResponse<CheckinNote> createCheckinNote(@Body @Valid CheckinNoteCreat
      * @return
      */
     @Put
-    @RequiredPermission(Permission.CAN_UPDATE_CHECKINS)
     public HttpResponse<CheckinNote> updateCheckinNote(@Body @Valid CheckinNote checkinNote, HttpRequest<?> request) {
         CheckinNote updateCheckinNote = checkinNoteServices.update(checkinNote);
         return HttpResponse.ok().headers(headers -> headers.location(
@@ -72,7 +68,6 @@ public HttpResponse<CheckinNote> updateCheckinNote(@Body @Valid CheckinNote chec
      * @return
      */
     @Get("/{?checkinid,createdbyid}")
-    @RequiredPermission(Permission.CAN_VIEW_CHECKINS)
     public Set<CheckinNote> findCheckinNote(@Nullable UUID checkinid, @Nullable UUID createdbyid) {
         return checkinNoteServices.findByFields(checkinid, createdbyid);
     }
@@ -84,9 +79,8 @@ public Set<CheckinNote> findCheckinNote(@Nullable UUID checkinid, @Nullable UUID
      * @return
      */
     @Get("/{id}")
-    @RequiredPermission(Permission.CAN_VIEW_CHECKINS)
     public CheckinNote readCheckinNote(@NotNull UUID id) {
         return checkinNoteServices.read(id);
     }
 
-}
+}

server/src/main/java/com/objectcomputing/checkins/services/checkin_notes/CheckinNoteServicesImpl.java

@@ -1,5 +1,7 @@
 package com.objectcomputing.checkins.services.checkin_notes;
 
+import com.objectcomputing.checkins.services.permissions.Permission;
+import com.objectcomputing.checkins.services.permissions.RequiredPermission;
 import com.objectcomputing.checkins.exceptions.BadArgException;
 import com.objectcomputing.checkins.exceptions.NotFoundException;
 import com.objectcomputing.checkins.exceptions.PermissionException;
@@ -42,6 +44,7 @@ public CheckinNoteServicesImpl(CheckInRepository checkinRepo, CheckInServices ch
     // todo remove manual validations throughout class in favor of jakarta validations at api level.
 
     @Override
+    @RequiredPermission(Permission.CAN_CREATE_CHECKINS)
     public CheckinNote save(@NotNull CheckinNote checkinNote) {
         validate(checkinNote.getId() != null, "Found unexpected id %s for check in note", checkinNote.getId());
 
@@ -71,6 +74,7 @@ public CheckinNote save(@NotNull CheckinNote checkinNote) {
     }
 
     @Override
+    @RequiredPermission(Permission.CAN_VIEW_CHECKINS)
     public CheckinNote read(@NotNull UUID id) {
         final UUID currentUserId = currentUserServices.getCurrentUser().getId();
         CheckinNote checkInNoteResult = checkinNoteRepository.findById(id).orElse(null);
@@ -90,6 +94,7 @@ public CheckinNote read(@NotNull UUID id) {
     }
 
     @Override
+    @RequiredPermission(Permission.CAN_UPDATE_CHECKINS)
     public CheckinNote update(@NotNull CheckinNote checkinNote) {
         final UUID id = checkinNote.getId();
         validate(id == null || checkinNoteRepository.findById(id).isEmpty(), "Unable to locate checkin note to update with id %s", checkinNote.getId());
@@ -124,6 +129,7 @@ public CheckinNote update(@NotNull CheckinNote checkinNote) {
     }
 
     @Override
+    @RequiredPermission(Permission.CAN_VIEW_CHECKINS)
     public Set<CheckinNote> findByFields(@Nullable UUID checkinId, @Nullable UUID createById) {
         final UUID currentUserId = currentUserServices.getCurrentUser().getId();
         if(!checkinServices.doesUserHaveViewAccess(currentUserId, checkinId, createById)){
@@ -138,4 +144,4 @@ private void validate(boolean isError, String message, Object... args) {
             throw new BadArgException(String.format(message, args));
         }
     }
-}
+}

server/src/main/java/com/objectcomputing/checkins/services/checkindocument/CheckinDocumentController.java

@@ -1,7 +1,5 @@
 package com.objectcomputing.checkins.services.checkindocument;
 
-import com.objectcomputing.checkins.services.permissions.Permission;
-import com.objectcomputing.checkins.services.permissions.RequiredPermission;
 import com.objectcomputing.checkins.services.role.RoleType;
 import io.micronaut.core.annotation.Nullable;
 import io.micronaut.http.HttpResponse;
@@ -38,7 +36,6 @@ class CheckinDocumentController {
      */
 
     @Get("/{?checkinsId}")
-    @RequiredPermission(Permission.CAN_VIEW_CHECKIN_DOCUMENT)
     Set<CheckinDocument> findCheckinDocument(@Nullable UUID checkinsId) {
         return checkinDocumentService.read(checkinsId);
     }
@@ -51,7 +48,6 @@ Set<CheckinDocument> findCheckinDocument(@Nullable UUID checkinsId) {
      */
 
     @Post
-    @RequiredPermission(Permission.CAN_CREATE_CHECKIN_DOCUMENT)
     HttpResponse<CheckinDocument> createCheckinDocument(@Body @Valid CheckinDocumentCreateDTO checkinDocument) {
         CheckinDocument createdCheckinDocument = checkinDocumentService.save(new CheckinDocument(checkinDocument.getCheckinsId(), checkinDocument.getUploadDocId()));
         URI location = UriBuilder.of(PATH).path(createdCheckinDocument.getId().toString()).build();
@@ -65,7 +61,6 @@ HttpResponse<CheckinDocument> createCheckinDocument(@Body @Valid CheckinDocument
      * @return {@link HttpResponse<CheckinDocument>}
      */
     @Put
-    @RequiredPermission(Permission.CAN_UPDATE_CHECKIN_DOCUMENT)
     HttpResponse<?> update(@Body @Valid CheckinDocument checkinDocument) {
         if (checkinDocument == null) {
             return HttpResponse.ok();
@@ -83,9 +78,8 @@ HttpResponse<?> update(@Body @Valid CheckinDocument checkinDocument) {
      * @param checkinsId, id of the checkins record you wish to delete
      */
     @Delete("/{checkinsId}")
-    @RequiredPermission(Permission.CAN_DELETE_CHECKIN_DOCUMENT)
     @Status(HttpStatus.NO_CONTENT)
     void delete(UUID checkinsId) {
         checkinDocumentService.deleteByCheckinId(checkinsId);
     }
-}
+}