Added options with emulate to personnel

equinor · Nov 15, 2024 · ad6f4c0 · ad6f4c0
1 parent 575d890
commit ad6f4c0
Showing 1 changed file with 42 additions and 0 deletions.
diff --git a/src/backend/api/Fusion.Resources.Api/Controllers/Personnel/InternalPersonnelController.cs b/src/backend/api/Fusion.Resources.Api/Controllers/Personnel/InternalPersonnelController.cs
@@ -26,6 +26,48 @@ public InternalPersonnelController()
         {
         }
 
+        [EmulatedUserSupport]
+        [MapToApiVersion("1.0")]
+        [MapToApiVersion("2.0")]
+        [HttpOptions("departments/{departmentString}/resources/personnel")]
+        public async Task<ActionResult<ApiCollection<ApiInternalPersonnelPerson>>> OptionsDepartmentPersonnel([FromRoute] OrgUnitIdentifier departmentString)
+        {
+
+            if (!departmentString.Exists)
+                return FusionApiError.NotFound(departmentString.OriginalIdentifier, "Department does not exist");
+
+            #region Authorization
+
+            var sector = new DepartmentPath(departmentString.FullDepartment).Parent();
+            var authResult = await Request.RequireAuthorizationAsync(r =>
+            {
+                r.AnyOf(or =>
+                {
+                    or.BeTrustedApplication();
+                    or.FullControl();
+
+                    or.FullControlInternal();
+                    or.BeResourceOwnerForDepartment(sector, includeParents: false, includeDescendants: true);
+                    or.HaveOrgUnitScopedRole(DepartmentId.FromFullPath(departmentString.FullDepartment), AccessRoles.ResourceOwner);
+                    // - Fusion.Resources.Department.ReadAll in any department scope upwards in line org.
+                });
+                r.LimitedAccessWhen(x =>
+                {
+                    x.BeResourceOwnerForDepartment(new DepartmentPath(departmentString.FullDepartment).GoToLevel(2), includeParents: false, includeDescendants: true);
+                });
+            });
+
+            #endregion
+
+
+            if (authResult.Success)
+            {
+                Response.Headers["Allow"] = authResult.LimitedAuth ? "GET,LIMITED" : "GET";
+            }
+
+            return NoContent();
+        }
+
         /// <summary>
         /// Get personnel for a department.
         ///