Merge pull request #2560 from objectcomputing/bugfix-2552/use-permiss…

…ions-for-kudos Bugfix 2552/use permissions for kudos
objectcomputing · Aug 5, 2024 · 97a6b40 · 97a6b40
2 parents c6d5942 + 8436345
commit 97a6b40
Show file tree

Hide file tree

Showing 5 changed files with 77 additions and 49 deletions.
diff --git a/server/src/main/java/com/objectcomputing/checkins/services/kudos/KudosController.java b/server/src/main/java/com/objectcomputing/checkins/services/kudos/KudosController.java
@@ -1,5 +1,7 @@
 package com.objectcomputing.checkins.services.kudos;
 
+import com.objectcomputing.checkins.services.permissions.Permission;
+import com.objectcomputing.checkins.services.permissions.RequiredPermission;
 import com.objectcomputing.checkins.services.role.RoleType;
 import io.micronaut.core.annotation.Nullable;
 import io.micronaut.http.HttpStatus;
@@ -35,12 +37,13 @@ public KudosController(KudosServices kudosServices) {
 
     @Post
     @Status(HttpStatus.CREATED)
+    @RequiredPermission(Permission.CAN_CREATE_KUDOS)
     public Kudos create(@Body @Valid KudosCreateDTO kudos) {
         return kudosServices.save(kudos);
     }
 
     @Put
-    @Secured(RoleType.Constants.ADMIN_ROLE)
+    @RequiredPermission(Permission.CAN_ADMINISTER_KUDOS)
     public Kudos approve(@Body @Valid Kudos kudos) {
         return kudosServices.approve(kudos);
     }
@@ -62,7 +65,7 @@ public List<KudosResponseDTO> get(@Nullable UUID recipientId, @Nullable UUID sen
 
     @Delete("/{id}")
     @Status(HttpStatus.NO_CONTENT)
-    @Secured(RoleType.Constants.ADMIN_ROLE)
+    @RequiredPermission(Permission.CAN_ADMINISTER_KUDOS)
     public void delete(@NotNull UUID id) {
         kudosServices.delete(id);
     }

diff --git a/server/src/main/java/com/objectcomputing/checkins/services/permissions/Permission.java b/server/src/main/java/com/objectcomputing/checkins/services/permissions/Permission.java
@@ -10,6 +10,8 @@ public enum Permission {
   CAN_VIEW_FEEDBACK_REQUEST("View feedback requests", "Feedback"),
   CAN_CREATE_FEEDBACK_REQUEST("Create feedback requests", "Feedback"),
   CAN_DELETE_FEEDBACK_REQUEST("Delete feedback requests", "Feedback"),
+  CAN_CREATE_KUDOS("Create kudos", "Feedback"),
+  CAN_ADMINISTER_KUDOS("Administer kudos", "Feedback"),
   CAN_VIEW_FEEDBACK_ANSWER("View feedback answers", "Feedback"),
   CAN_DELETE_ORGANIZATION_MEMBERS("Delete organization members", "User Management"),
   CAN_CREATE_ORGANIZATION_MEMBERS("Create organization members", "User Management"),

diff --git a/server/src/main/resources/db/dev/R__Load_testing_data.sql b/server/src/main/resources/db/dev/R__Load_testing_data.sql
@@ -840,6 +840,16 @@ insert into role_permissions
 values
     ('e8a4fff8-e984-4e59-be84-a713c9fa8d23', 'CAN_ADMINISTER_VOLUNTEERING_EVENTS');
 
+insert into role_permissions
+    (roleid, permission)
+values
+    ('e8a4fff8-e984-4e59-be84-a713c9fa8d23', 'CAN_ADMINISTER_KUDOS');
+
+insert into role_permissions
+    (roleid, permission)
+values
+    ('e8a4fff8-e984-4e59-be84-a713c9fa8d23', 'CAN_CREATE_KUDOS');
+
 -- PDL Permissions
 insert into role_permissions
     (roleid, permission)
@@ -916,6 +926,11 @@ insert into role_permissions
 values
     ('d03f5f0b-e29c-4cf4-9ea4-6baa09405c56', 'CAN_VIEW_REVIEW_PERIOD');
 
+insert into role_permissions
+    (roleid, permission)
+values
+    ('d03f5f0b-e29c-4cf4-9ea4-6baa09405c56', 'CAN_CREATE_KUDOS');
+
 -- Member permissions
 insert into role_permissions
     (roleid, permission)
@@ -962,6 +977,11 @@ insert into role_permissions
 values
     ('8bda2ae9-58c1-4843-a0d5-d0952621f9df', 'CAN_VIEW_REVIEW_PERIOD');
 
+insert into role_permissions
+    (roleid, permission)
+values
+    ('8bda2ae9-58c1-4843-a0d5-d0952621f9df', 'CAN_CREATE_KUDOS');
+
 
 -- Feedback Templates
 ---- Quarter 1 Feedback Template

diff --git a/server/src/test/java/com/objectcomputing/checkins/services/fixture/PermissionFixture.java b/server/src/test/java/com/objectcomputing/checkins/services/fixture/PermissionFixture.java
@@ -19,7 +19,8 @@ public interface PermissionFixture extends RolePermissionFixture {
         Permission.CAN_UPDATE_CHECKINS,
         Permission.CAN_ADMINISTER_SETTINGS,
         Permission.CAN_VIEW_SETTINGS,
-        Permission.CAN_VIEW_REVIEW_PERIOD
+        Permission.CAN_VIEW_REVIEW_PERIOD,
+        Permission.CAN_CREATE_KUDOS
     );
 
     // Add PDL Permissions here
@@ -40,7 +41,8 @@ public interface PermissionFixture extends RolePermissionFixture {
         Permission.CAN_UPDATE_CHECKIN_DOCUMENT,
         Permission.CAN_ADMINISTER_SETTINGS,
         Permission.CAN_VIEW_SETTINGS,
-        Permission.CAN_VIEW_REVIEW_PERIOD
+        Permission.CAN_VIEW_REVIEW_PERIOD,
+        Permission.CAN_CREATE_KUDOS
     );
 
     // Add ADMIN Permissions here
@@ -91,7 +93,9 @@ public interface PermissionFixture extends RolePermissionFixture {
         Permission.CAN_ADMINISTER_VOLUNTEERING_ORGANIZATIONS,
         Permission.CAN_ADMINISTER_VOLUNTEERING_RELATIONSHIPS,
         Permission.CAN_ADMINISTER_VOLUNTEERING_EVENTS,
-        Permission.CAN_ADMINISTER_DOCUMENTATION
+        Permission.CAN_ADMINISTER_DOCUMENTATION,
+        Permission.CAN_ADMINISTER_KUDOS,
+        Permission.CAN_CREATE_KUDOS
     );
 
     default void setPermissionsForAdmin(UUID roleID) {