fonctions get, all et delete pour les evaluations ok

36f4e1ac · sebastien dupuy · cf94b8a0 · 36f4e1ac
Commit 36f4e1ac authored 2 years ago by sebastien dupuy
--- a/app/Http/Controllers/Api/EvaluationsController.php
+++ b/app/Http/Controllers/Api/EvaluationsController.php
@@ -19,8 +19,6 @@ class EvaluationsController extends Controller
 {
    public function all()
    {
-        // TODO filter by organization if not admin
-        // TODO Add dangerLevels and measures
        /**
         * @var User $authUser
         */
@@ -43,9 +41,20 @@ public function all()

    public function get(int $id)
    {
-        // TODO filter by organization if not admin
-        // TODO Add dangerLevels and measures
-        return Evaluation::find($id);
+        $user = Auth::user();
+
+        $evaluation = Evaluation::find($id);
+
+        // if user is admin or if user->organization = $id
+        if (($user->role === User::ROLE_ADMIN) || (($user->role > User::ROLE_ADMIN)&&($user->organization_id === $evaluation->organization_id))){
+            return Evaluation::where('id', $id)
+                ->with('dangerLevels')
+                ->with('evaluationMeasures')
+                ->with('organization')
+                ->get();
+        }
+
+        abort (403);
    }

    /**
@@ -63,7 +72,16 @@ public function save(Request $request, $id = null)

    public function delete(int $id = null)
    {
-        // TODO filter by organization if not admin
+        $user = Auth::user();
+
+        $evaluation = Evaluation::find($id);
+
+        if (($user->role === User::ROLE_ADMIN) || (($user->role === User::ROLE_MANAGER)&&($user->organization_id === $evaluation->organization_id))){
+            $evaluation->delete();
+
+            return abort(204);
+        }
+
        abort(403);
    }
 }